BUG: unable to handle page fault for address: 0000000000006f7c
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 800000001555f067 P4D 800000001555f067 PUD 11d751067 PMD 0 
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 0 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: netns cleanup_net
RIP: 0010:detach_rules net/core/fib_rules.c:1235 [inline]
RIP: 0010:fib_rules_event+0xf7b/0x1430 net/core/fib_rules.c:1267
Code: fb 4c 89 b5 60 ff ff ff 4c 89 bd 48 ff ff ff 0f 84 c0 02 00 00 48 89 5d b8 48 83 c3 10 4c 89 65 c8 4d 85 e4 0f 85 e7 00 00 00 <8b> 03 89 45 d0 48 89 9d 78 ff ff ff 48 89 df e8 51 54 48 f5 44 8b
RSP: 0018:ffff8881033d7870 EFLAGS: 00010246
RAX: ffffffff8d2c6486 RBX: 0000000000006f7c RCX: ffff8881033c0000
RDX: 0000000000000000 RSI: ffff88813fffad10 RDI: 0000000000000000
RBP: ffff8881033d7930 R08: ffffea000000000f R09: ffffffff8d2c542b
R10: 0000000000000003 R11: ffff8881033c0000 R12: 0000000000000000
R13: 00000000ffff8881 R14: 0000000000000000 R15: ffff888128bd6438
FS:  0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000006f7c CR3: 00000000160f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 notifier_call_chain kernel/notifier.c:85 [inline]
 raw_notifier_call_chain+0xe8/0x440 kernel/notifier.c:453
 call_netdevice_notifiers_info+0x1be/0x2b0 net/core/dev.c:2141
 call_netdevice_notifiers_extack net/core/dev.c:2179 [inline]
 call_netdevice_notifiers net/core/dev.c:2193 [inline]
 unregister_netdevice_many_notify+0x1fbf/0x3e30 net/core/dev.c:11809
 unregister_netdevice_many+0x22/0x30 net/core/dev.c:11875
 cleanup_net+0xf02/0x1d20 net/core/net_namespace.c:647
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xae0/0x1c40 kernel/workqueue.c:3317
 worker_thread+0xea7/0x14f0 kernel/workqueue.c:3398
 kthread+0x6b9/0xef0 kernel/kthread.c:464
 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
CR2: 0000000000006f7c
---[ end trace 0000000000000000 ]---
RIP: 0010:detach_rules net/core/fib_rules.c:1235 [inline]
RIP: 0010:fib_rules_event+0xf7b/0x1430 net/core/fib_rules.c:1267
Code: fb 4c 89 b5 60 ff ff ff 4c 89 bd 48 ff ff ff 0f 84 c0 02 00 00 48 89 5d b8 48 83 c3 10 4c 89 65 c8 4d 85 e4 0f 85 e7 00 00 00 <8b> 03 89 45 d0 48 89 9d 78 ff ff ff 48 89 df e8 51 54 48 f5 44 8b
RSP: 0018:ffff8881033d7870 EFLAGS: 00010246
RAX: ffffffff8d2c6486 RBX: 0000000000006f7c RCX: ffff8881033c0000
RDX: 0000000000000000 RSI: ffff88813fffad10 RDI: 0000000000000000
RBP: ffff8881033d7930 R08: ffffea000000000f R09: ffffffff8d2c542b
R10: 0000000000000003 R11: ffff8881033c0000 R12: 0000000000000000
R13: 00000000ffff8881 R14: 0000000000000000 R15: ffff888128bd6438
FS:  0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000006f7c CR3: 00000000160f6000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	fb                   	sti
   1:	4c 89 b5 60 ff ff ff 	mov    %r14,-0xa0(%rbp)
   8:	4c 89 bd 48 ff ff ff 	mov    %r15,-0xb8(%rbp)
   f:	0f 84 c0 02 00 00    	je     0x2d5
  15:	48 89 5d b8          	mov    %rbx,-0x48(%rbp)
  19:	48 83 c3 10          	add    $0x10,%rbx
  1d:	4c 89 65 c8          	mov    %r12,-0x38(%rbp)
  21:	4d 85 e4             	test   %r12,%r12
  24:	0f 85 e7 00 00 00    	jne    0x111
* 2a:	8b 03                	mov    (%rbx),%eax <-- trapping instruction
  2c:	89 45 d0             	mov    %eax,-0x30(%rbp)
  2f:	48 89 9d 78 ff ff ff 	mov    %rbx,-0x88(%rbp)
  36:	48 89 df             	mov    %rbx,%rdi
  39:	e8 51 54 48 f5       	call   0xf548548f
  3e:	44                   	rex.R
  3f:	8b                   	.byte 0x8b