Unable to handle kernel paging request at virtual address 0000ffff00330028 Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000133537000 [0000ffff00330028] pgd=0800000133196003, p4d=0800000133196003, pud=0000000000000000 Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 3054 Comm: syz-executor.5 Not tainted 6.1.0-rc4-syzkaller-31844-g3577a7611842 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : nexthop_flush_dev net/ipv4/nexthop.c:2383 [inline] pc : nh_netdev_event+0xa8/0x47c net/ipv4/nexthop.c:3575 lr : nh_netdev_event+0x78/0x47c net/ipv4/nexthop.c:3572 sp : ffff800012c7bae0 x29: ffff800012c7bae0 x28: 00000000ffffffff x27: ffff800012c7bba8 x26: 0000ffff00330008 x25: 0000000000000001 x24: ffff80000d7ddf00 x23: ffff80000caff548 x22: ffff0000dd4e3a60 x21: ffff0000dd4e3680 x20: 0000000000000006 x19: ffff0000e6738000 x18: 00000000000001a2 x17: ffff8001f1d9e000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000007 x12: ffff80000d7ddf00 x11: ff8080000b6620ec x10: 000000000000000b x9 : ffff0000e62f7800 x8 : 000000000000000b x7 : ffff80000837a91c x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 x2 : ffff800012c7bbb8 x1 : ffff80000d7dded0 x0 : 0000000000000006 Call trace: nh_netdev_event+0xa8/0x47c net/ipv4/nexthop.c:3575 notifier_call_chain kernel/notifier.c:87 [inline] raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455 call_netdevice_notifiers_info net/core/dev.c:1945 [inline] call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] netdev_wait_allrefs_any net/core/dev.c:10237 [inline] netdev_run_todo+0x340/0x6f0 net/core/dev.c:10351 rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:147 tun_detach drivers/net/tun.c:704 [inline] tun_chr_close+0xe8/0xfc drivers/net/tun.c:3459 __fput+0x198/0x3e4 fs/file_table.c:320 ____fput+0x20/0x30 fs/file_table.c:348 task_work_run+0x100/0x148 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x2dc/0xcac kernel/exit.c:820 __arm64_sys_exit_group+0x0/0x18 kernel/exit.c:950 __do_sys_exit_group kernel/exit.c:961 [inline] __se_sys_exit_group kernel/exit.c:959 [inline] __wake_up_parent+0x0/0x40 kernel/exit.c:959 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 Code: f0010bd8 910f82b6 1280001c 913c0318 (f9401348) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: f0010bd8 adrp x24, 0x217b000 4: 910f82b6 add x22, x21, #0x3e0 8: 1280001c mov w28, #0xffffffff // #-1 c: 913c0318 add x24, x24, #0xf00 * 10: f9401348 ldr x8, [x26, #32] <-- trapping instruction