bridge_slave_0: left allmulticast mode
bridge_slave_0: left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
CPU: 2 UID: 0 PID: 12078 Comm: kworker/u32:14 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: netns cleanup_net
RIP: 0010:__fib6_drop_pcpu_from.part.0+0x173/0x480 net/ipv6/ip6_fib.c:1004
Code: 85 d7 02 00 00 4d 8b 3f 4d 85 ff 74 37 e8 95 9a ca f7 49 8d bf 90 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 96 02 00 00 49 8b 87 90 00 00 00 4c 39 e8 0f 84
RSP: 0018:ffffc90006a1f028 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: 1ffffffff1c3a326
RDX: 0000000000000012 RSI: ffffffff8a3df48b RDI: 0000000000000091
RBP: fffffbfff1c3a416 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000002 R11: 0000000000000000 R12: ffff8880558420c8
R13: ffff888055842000 R14: ffffffffffffffff R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880d6579000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ac9e4f0d1 CR3: 00000001237fb000 CR4: 0000000000352ef0
DR0: 000a000000000000 DR1: ffffffffff7fff00 DR2: 4000000000010022
DR3: fffffffffffffff6 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1037 [inline]
 fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1038 [inline]
 fib6_purge_rt+0x84d/0xb60 net/ipv6/ip6_fib.c:1049
 fib6_del_route net/ipv6/ip6_fib.c:2050 [inline]
 fib6_del+0xa64/0x1790 net/ipv6/ip6_fib.c:2095
 fib6_clean_node+0x424/0x5d0 net/ipv6/ip6_fib.c:2257
 fib6_walk_continue+0x451/0x8d0 net/ipv6/ip6_fib.c:2179
 fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2227
 fib6_clean_tree+0xdc/0x120 net/ipv6/ip6_fib.c:2307
 __fib6_clean_all+0x107/0x2d0 net/ipv6/ip6_fib.c:2323
 rt6_sync_down_dev net/ipv6/route.c:5018 [inline]
 rt6_disable_ip+0x2a6/0x980 net/ipv6/route.c:5023
 addrconf_ifdown.isra.0+0x11d/0x1b70 net/ipv6/addrconf.c:3865
 addrconf_notify+0x4a3/0x1ba0 net/ipv6/addrconf.c:3788
 notifier_call_chain+0x99/0x400 kernel/notifier.c:85
 call_netdevice_notifiers_info+0xbe/0x110 net/core/dev.c:2249
 call_netdevice_notifiers_extack net/core/dev.c:2287 [inline]
 call_netdevice_notifiers net/core/dev.c:2301 [inline]
 netif_close_many+0x319/0x630 net/core/dev.c:1805
 unregister_netdevice_many_notify+0x840/0x24f0 net/core/dev.c:12388
 ops_exit_rtnl_list net/core/net_namespace.c:187 [inline]
 ops_undo_list+0x8ff/0xab0 net/core/net_namespace.c:248
 cleanup_net+0x499/0x920 net/core/net_namespace.c:702
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
 process_scheduled_works kernel/workqueue.c:3385 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__fib6_drop_pcpu_from.part.0+0x173/0x480 net/ipv6/ip6_fib.c:1004
Code: 85 d7 02 00 00 4d 8b 3f 4d 85 ff 74 37 e8 95 9a ca f7 49 8d bf 90 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 96 02 00 00 49 8b 87 90 00 00 00 4c 39 e8 0f 84
RSP: 0018:ffffc90006a1f028 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: 1ffffffff1c3a326
RDX: 0000000000000012 RSI: ffffffff8a3df48b RDI: 0000000000000091
RBP: fffffbfff1c3a416 R08: 0000000000000005 R09: 0000000000000007
R10: 0000000000000002 R11: 0000000000000000 R12: ffff8880558420c8
R13: ffff888055842000 R14: ffffffffffffffff R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880d6579000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ac9e4f0d1 CR3: 00000001237fb000 CR4: 0000000000352ef0
DR0: 000a000000000000 DR1: ffffffffff7fff00 DR2: 4000000000010022
DR3: fffffffffffffff6 DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	4d 8b 3f             	mov    (%r15),%r15
   5:	4d 85 ff             	test   %r15,%r15
   8:	74 37                	je     0x41
   a:	e8 95 9a ca f7       	call   0xf7ca9aa4
   f:	49 8d bf 90 00 00 00 	lea    0x90(%r15),%rdi
  16:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1d:	fc ff df
  20:	48 89 fa             	mov    %rdi,%rdx
  23:	48 c1 ea 03          	shr    $0x3,%rdx
* 27:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2b:	0f 85 96 02 00 00    	jne    0x2c7
  31:	49 8b 87 90 00 00 00 	mov    0x90(%r15),%rax
  38:	4c 39 e8             	cmp    %r13,%rax
  3b:	0f                   	.byte 0xf
  3c:	84                   	.byte 0x84