veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000016: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000000b0-0x00000000000000b7]
CPU: 1 UID: 0 PID: 3563 Comm: kworker/u8:8 Not tainted 6.14.0-syzkaller-03576-g1e1ba8d23dae #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: netns cleanup_net
RIP: 0010:__fib6_drop_pcpu_from.part.0+0x199/0x510 net/ipv6/ip6_fib.c:980
Code: 48 c1 ea 03 42 80 3c 32 00 0f 85 5e 03 00 00 4c 8b 28 4d 85 ed 74 2e e8 45 c6 ae f7 49 8d bd 90 00 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 30 00 0f 85 24 03 00 00 49 8b 85 90 00 00 00 4c 39 e0 0f
RSP: 0018:ffffc9000c386fa0 EFLAGS: 00010212
RAX: 0000000000000016 RBX: 0000000000000001 RCX: 1ffffffff1b56b99
RDX: ffff888032548000 RSI: ffffffff8a0c3b3b RDI: 00000000000000b0
RBP: ffff88807b16f4b8 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88807b16f400
R13: 0000000000000020 R14: dffffc0000000000 R15: ffffed100f62dea2
FS:  0000000000000000(0000) GS:ffff888124f5a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffeba04e6b8 CR3: 000000000df82000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1023 [inline]
 fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1024 [inline]
 fib6_purge_rt+0x80a/0x9e0 net/ipv6/ip6_fib.c:1035
 fib6_del_route net/ipv6/ip6_fib.c:1995 [inline]
 fib6_del+0xa5e/0x1770 net/ipv6/ip6_fib.c:2040
 fib6_clean_node+0x424/0x5b0 net/ipv6/ip6_fib.c:2202
 fib6_walk_continue+0x452/0x8d0 net/ipv6/ip6_fib.c:2124
 fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2172
 fib6_clean_tree+0xd4/0x110 net/ipv6/ip6_fib.c:2252
 __fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2268
 rt6_sync_down_dev net/ipv6/route.c:4916 [inline]
 rt6_disable_ip+0x2ec/0x990 net/ipv6/route.c:4921
 addrconf_ifdown.isra.0+0x11d/0x1a90 net/ipv6/addrconf.c:3849
 addrconf_notify+0x220/0x19e0 net/ipv6/addrconf.c:3772
 notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2206
 call_netdevice_notifiers_extack net/core/dev.c:2244 [inline]
 call_netdevice_notifiers net/core/dev.c:2258 [inline]
 dev_close_many+0x319/0x630 net/core/dev.c:1748
 unregister_netdevice_many_notify+0x493/0x1fa0 net/core/dev.c:11858
 unregister_netdevice_many net/core/dev.c:11950 [inline]
 default_device_exit_batch+0x855/0xaf0 net/core/dev.c:12433
 ops_exit_list+0x12b/0x180 net/core/net_namespace.c:177
 cleanup_net+0x5c1/0xb30 net/core/net_namespace.c:652
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c1/0xef0 kernel/workqueue.c:3400
 kthread+0x3a7/0x760 kernel/kthread.c:464
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__fib6_drop_pcpu_from.part.0+0x199/0x510 net/ipv6/ip6_fib.c:980
Code: 48 c1 ea 03 42 80 3c 32 00 0f 85 5e 03 00 00 4c 8b 28 4d 85 ed 74 2e e8 45 c6 ae f7 49 8d bd 90 00 00 00 48 89 f8 48 c1 e8 03 <42> 80 3c 30 00 0f 85 24 03 00 00 49 8b 85 90 00 00 00 4c 39 e0 0f
RSP: 0018:ffffc9000c386fa0 EFLAGS: 00010212
RAX: 0000000000000016 RBX: 0000000000000001 RCX: 1ffffffff1b56b99
RDX: ffff888032548000 RSI: ffffffff8a0c3b3b RDI: 00000000000000b0
RBP: ffff88807b16f4b8 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88807b16f400
R13: 0000000000000020 R14: dffffc0000000000 R15: ffffed100f62dea2
FS:  0000000000000000(0000) GS:ffff888124f5a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffeba04e6b8 CR3: 000000000df82000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	48 c1 ea 03          	shr    $0x3,%rdx
   4:	42 80 3c 32 00       	cmpb   $0x0,(%rdx,%r14,1)
   9:	0f 85 5e 03 00 00    	jne    0x36d
   f:	4c 8b 28             	mov    (%rax),%r13
  12:	4d 85 ed             	test   %r13,%r13
  15:	74 2e                	je     0x45
  17:	e8 45 c6 ae f7       	call   0xf7aec661
  1c:	49 8d bd 90 00 00 00 	lea    0x90(%r13),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1) <-- trapping instruction
  2f:	0f 85 24 03 00 00    	jne    0x359
  35:	49 8b 85 90 00 00 00 	mov    0x90(%r13),%rax
  3c:	4c 39 e0             	cmp    %r12,%rax
  3f:	0f                   	.byte 0xf