Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 0 UID: 0 PID: 10805 Comm: kworker/u32:46 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: netns cleanup_net
RIP: 0010:read_pnet include/net/net_namespace.h:409 [inline]
RIP: 0010:sock_net include/net/sock.h:680 [inline]
RIP: 0010:netlink_broadcast_filtered+0x91/0xf10 net/netlink/af_netlink.c:1497
Code: 89 c7 00 f1 f1 f1 f1 c7 40 04 f1 f1 00 00 c7 40 10 f3 f3 f3 f3 e8 8f a0 25 f8 e8 fa da e6 01 49 8d 7f 30 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 30 0d 00 00 4c 8b 3c 24 8b 74 24 48 b9 0a 00
RSP: 0018:ffffc90003a7f600 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8880391b4f00 RCX: 0000000000000018
RDX: ffff88804118c880 RSI: ffffffff899676d1 RDI: 0000000000000030
RBP: 0000000000000018 R08: 0000000000000cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000000 R14: 1ffff9200074fecf R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880d6765000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562289fc2f60 CR3: 000000003a580000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nlmsg_multicast_filtered include/net/netlink.h:1151 [inline]
 nlmsg_multicast include/net/netlink.h:1170 [inline]
 nlmsg_notify+0x9e/0x220 net/netlink/af_netlink.c:2577
 inet_netconf_notify_devconf+0xe6/0x1f0 net/ipv4/devinet.c:2222
 __devinet_sysctl_unregister net/ipv4/devinet.c:2705 [inline]
 devinet_sysctl_unregister net/ipv4/devinet.c:2729 [inline]
 inetdev_destroy net/ipv4/devinet.c:334 [inline]
 inetdev_event+0xed5/0x18a0 net/ipv4/devinet.c:1656
 notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2230
 call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]
 call_netdevice_notifiers net/core/dev.c:2282 [inline]
 unregister_netdevice_many_notify+0xf9a/0x26f0 net/core/dev.c:12076
 ops_exit_rtnl_list net/core/net_namespace.c:188 [inline]
 ops_undo_list+0x8fc/0xab0 net/core/net_namespace.c:249
 cleanup_net+0x408/0x890 net/core/net_namespace.c:686
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:read_pnet include/net/net_namespace.h:409 [inline]
RIP: 0010:sock_net include/net/sock.h:680 [inline]
RIP: 0010:netlink_broadcast_filtered+0x91/0xf10 net/netlink/af_netlink.c:1497
Code: 89 c7 00 f1 f1 f1 f1 c7 40 04 f1 f1 00 00 c7 40 10 f3 f3 f3 f3 e8 8f a0 25 f8 e8 fa da e6 01 49 8d 7f 30 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 30 0d 00 00 4c 8b 3c 24 8b 74 24 48 b9 0a 00
RSP: 0018:ffffc90003a7f600 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8880391b4f00 RCX: 0000000000000018
RDX: ffff88804118c880 RSI: ffffffff899676d1 RDI: 0000000000000030
RBP: 0000000000000018 R08: 0000000000000cc0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: 0000000000000000 R14: 1ffff9200074fecf R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880d6965000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000002000 CR3: 0000000046a62000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	89 c7                	mov    %eax,%edi
   2:	00 f1                	add    %dh,%cl
   4:	f1                   	int1
   5:	f1                   	int1
   6:	f1                   	int1
   7:	c7 40 04 f1 f1 00 00 	movl   $0xf1f1,0x4(%rax)
   e:	c7 40 10 f3 f3 f3 f3 	movl   $0xf3f3f3f3,0x10(%rax)
  15:	e8 8f a0 25 f8       	call   0xf825a0a9
  1a:	e8 fa da e6 01       	call   0x1e6db19
  1f:	49 8d 7f 30          	lea    0x30(%r15),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	0f 85 30 0d 00 00    	jne    0xd65
  35:	4c 8b 3c 24          	mov    (%rsp),%r15
  39:	8b 74 24 48          	mov    0x48(%rsp),%esi
  3d:	b9                   	.byte 0xb9
  3e:	0a 00                	or     (%rax),%al