veth1_macvtap: left promiscuous mode
veth0_macvtap: left promiscuous mode
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
8<--- cut here ---
Unable to handle kernel paging request at virtual address 7273685f
Unable to handle kernel paging request at virtual address 7273685f when write
[7273685f] *pgd=80000080005003, *pmd=00000000
Internal error: Oops: a06 [#1] SMP ARM
Modules linked in:
CPU: 1 UID: 0 PID: 13186 Comm: kworker/u8:3 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT 
Hardware name: ARM-Versatile Express
Workqueue: netns cleanup_net
PC is at __rb_erase_augmented include/linux/rbtree_augmented.h:251 [inline]
PC is at rb_erase+0x2f4/0x394 lib/rbtree.c:443
LR is at 0x0
pc : [<81a4039c>]    lr : [<00000000>]    psr: 60000013
sp : e03adb10  ip : e03adb28  fp : e03adb24
r10: 00000000  r9 : 84be9b00  r8 : 00000004
r7 : 84a9ce00  r6 : 00000001  r5 : 85479948  r4 : 85479900
r3 : 68746576  r2 : 7273685f  r1 : 84a9ce34  r0 : 85479968
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 8472b200  DAC: 00000000
Register r0 information: slab kmalloc-128 start 85479900 pointer offset 104 size 128
Register r1 information: slab kmalloc-128 start 84a9ce00 pointer offset 52 size 128
Register r2 information: non-paged memory
Register r3 information: non-paged memory
Register r4 information: slab kmalloc-128 start 85479900 pointer offset 0 size 128
Register r5 information: slab kmalloc-128 start 85479900 pointer offset 72 size 128
Register r6 information: non-paged memory
Register r7 information: slab kmalloc-128 start 84a9ce00 pointer offset 0 size 128
Register r8 information: non-paged memory
Register r9 information: slab net_namespace start 84be9b00 pointer offset 0 size 3456
Register r10 information: NULL pointer
Register r11 information: 2-page vmalloc region starting at 0xe03ac000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2845
Register r12 information: 2-page vmalloc region starting at 0xe03ac000 allocated at kernel_clone+0xac/0x3e4 kernel/fork.c:2845
Process kworker/u8:3 (pid: 13186, stack limit = 0xe03ac000)
Stack: (0xe03adb10 to 0xe03ae000)
db00:                                     85479900 85479948 e03adb64 e03adb28
db20: 80610ef4 81a400b4 0000000c 60000013 ddde099c 60000013 00000000 8071a595
db40: 84b45004 8482da00 84b45004 00000001 85479900 00000011 e03adba4 e03adb68
db60: 80610f28 80610e30 e03adbac 85502800 85729cc0 82aca2a8 00000000 8071a595
db80: e03adba4 8482da00 00000000 84be9b00 00000029 8500e800 e03adbbc e03adba8
dba0: 80610ff8 80610e30 84b45000 00000000 e03adbcc e03adbc0 8198128c 80610fdc
dbc0: e03adbe4 e03adbd0 8155c95c 81981288 84b47800 00000000 e03adc14 e03adbe8
dbe0: 81804740 8155c940 00000000 81a55a50 84b47800 84b47800 84b47784 00000000
dc00: 00000000 84b47800 e03adc7c e03adc18 818056ac 818046e8 8022ced4 8022be3c
dc20: 84be9b00 84bc5800 00000001 84b47948 e03adc30 e03adc30 815e37ac 00000000
dc40: 00000000 8071a595 81a5c4d4 8071a595 e03adc84 84bc5800 84b47800 84be9b00
dc60: 00000006 8180b828 85729cc0 e03add90 e03adccc e03adc80 8180b8c0 8180501c
dc80: e03adc9c e03adc90 e03adccc e03adc98 e03adccc e03adca0 816e9bd8 8071a595
dca0: 81c00000 829e57a4 829e494c ffffffd1 00000000 8180b828 85729cc0 e03add90
dcc0: e03add04 e03adcd0 802926d4 8180b834 83a81800 00000006 e03add04 e03add90
dce0: 00000006 84be9b00 00000000 855b92c0 85729cc0 00000000 e03add1c e03add08
dd00: 8029290c 80292680 00000000 802da2e4 e03add44 e03add20 8154bfb4 802928f8
dd20: 8043a2e8 8071a595 e03add44 000000c0 84bc5800 00000001 e03adddc e03add48
dd40: 8155754c 8154bf6c 00000000 00000000 00000000 00000000 00000000 80505568
dd60: 82c1f94c 82c20734 829d255c 00000000 00000000 00000000 83a81800 e03ade08
dd80: 81557c50 00000000 e03add88 e03add88 84bc5800 00000000 e03adddc e03adda8
dda0: 81557c50 808c8a4c 00000000 8071a595 e03adddc 84be9afc 84be9bf8 e03ade70
ddc0: 82c1f980 e03ade90 829d1f04 e03ade70 e03ade54 e03adde0 81558928 8155700c
dde0: e03addfc e03addf0 81a5c3e0 e03ade90 84be9b00 8241ec70 81a4eeb4 81a5c3c0
de00: 84be9afc 61c88647 847fd10c 849fc90c 8122b314 00000000 00000000 00000000
de20: 00000000 8071a595 e03ade54 829d25c4 e03ade90 829d25c4 e03ade90 829d1f04
de40: 829d1f04 84bea880 e03ade74 e03ade58 8153a0e0 81558630 829d25c4 82c1f940
de60: 829d1ec0 e03ade90 e03aded4 e03ade78 8153c540 8153a088 81a5c4d4 8029ce24
de80: 82c1f940 829d1ec0 808c9c70 8153a0e4 84be9b20 84be9b20 00000100 00000122
dea0: 00000000 8071a595 81c01f84 84473980 829d1ed8 8301bc00 8300e600 83a81800
dec0: 8301bc15 8300f070 e03adf2c e03aded8 802873bc 8153c29c 81c01a40 83a81800
dee0: e03adf14 e03adef0 829d1edc 829d1ed8 829d1edc 829d1ed8 e03adf2c 00000000
df00: 80282cf8 84473980 8300e620 8300e600 82804d40 844739ac 83a81800 61c88647
df20: e03adf6c e03adf30 80288004 80287214 81a5c4d4 8029ce24 e03adf6c e03adf48
df40: 8028eb98 00000001 83a81800 854de080 dfe99e60 80287e08 84473980 00000000
df60: e03adfac e03adf70 8028f07c 80287e14 80274ea8 81a5c45c 83a81800 8071a595
df80: e03adfac 85541240 8028ef50 00000000 00000000 00000000 00000000 00000000
dfa0: 00000000 e03adfb0 80200114 8028ef5c 00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
Call trace: 
[<81a400a8>] (rb_erase) from [<80610ef4>] (erase_entry fs/proc/proc_sysctl.c:189 [inline])
[<81a400a8>] (rb_erase) from [<80610ef4>] (erase_header fs/proc/proc_sysctl.c:225 [inline])
[<81a400a8>] (rb_erase) from [<80610ef4>] (start_unregistering fs/proc/proc_sysctl.c:322 [inline])
[<81a400a8>] (rb_erase) from [<80610ef4>] (drop_sysctl_table+0xd0/0x1ac fs/proc/proc_sysctl.c:1514)
 r5:85479948 r4:85479900
[<80610e24>] (drop_sysctl_table) from [<80610f28>] (drop_sysctl_table+0x104/0x1ac fs/proc/proc_sysctl.c:1521)
 r8:00000011 r7:85479900 r6:00000001 r5:84b45004 r4:8482da00
[<80610e24>] (drop_sysctl_table) from [<80610ff8>] (unregister_sysctl_table fs/proc/proc_sysctl.c:1539 [inline])
[<80610e24>] (drop_sysctl_table) from [<80610ff8>] (unregister_sysctl_table+0x28/0x38 fs/proc/proc_sysctl.c:1531)
 r8:8500e800 r7:00000029 r6:84be9b00 r5:00000000 r4:8482da00
[<80610fd0>] (unregister_sysctl_table) from [<8198128c>] (unregister_net_sysctl_table+0x10/0x14 net/sysctl_net.c:177)
 r5:00000000 r4:84b45000
[<8198127c>] (unregister_net_sysctl_table) from [<8155c95c>] (neigh_sysctl_unregister+0x28/0x34 net/core/neighbour.c:3814)
[<8155c934>] (neigh_sysctl_unregister) from [<81804740>] (addrconf_sysctl_unregister+0x64/0x6c net/ipv6/addrconf.c:7308)
 r5:00000000 r4:84b47800
[<818046dc>] (addrconf_sysctl_unregister) from [<818056ac>] (addrconf_ifdown+0x69c/0x764 net/ipv6/addrconf.c:4010)
 r8:84b47800 r7:00000000 r6:00000000 r5:84b47784 r4:84b47800
[<81805010>] (addrconf_ifdown) from [<8180b8c0>] (addrconf_notify+0x98/0x770 net/ipv6/addrconf.c:3780)
 r10:e03add90 r9:85729cc0 r8:8180b828 r7:00000006 r6:84be9b00 r5:84b47800
 r4:84bc5800
[<8180b828>] (addrconf_notify) from [<802926d4>] (notifier_call_chain+0x60/0x1b4 kernel/notifier.c:85)
 r10:e03add90 r9:85729cc0 r8:8180b828 r7:00000000 r6:ffffffd1 r5:829e494c
 r4:829e57a4
[<80292674>] (notifier_call_chain) from [<8029290c>] (raw_notifier_call_chain+0x20/0x28 kernel/notifier.c:453)
 r10:00000000 r9:85729cc0 r8:855b92c0 r7:00000000 r6:84be9b00 r5:00000006
 r4:e03add90
[<802928ec>] (raw_notifier_call_chain) from [<8154bfb4>] (call_netdevice_notifiers_info+0x54/0xa0 net/core/dev.c:2176)
[<8154bf60>] (call_netdevice_notifiers_info) from [<8155754c>] (call_netdevice_notifiers_extack net/core/dev.c:2214 [inline])
[<8154bf60>] (call_netdevice_notifiers_info) from [<8155754c>] (call_netdevice_notifiers net/core/dev.c:2228 [inline])
[<8154bf60>] (call_netdevice_notifiers_info) from [<8155754c>] (unregister_netdevice_many_notify+0x54c/0xbc4 net/core/dev.c:11972)
 r6:00000001 r5:84bc5800 r4:000000c0
[<81557000>] (unregister_netdevice_many_notify) from [<81558928>] (unregister_netdevice_many net/core/dev.c:12036 [inline])
[<81557000>] (unregister_netdevice_many_notify) from [<81558928>] (default_device_exit_batch+0x304/0x384 net/core/dev.c:12530)
 r10:e03ade70 r9:829d1f04 r8:e03ade90 r7:82c1f980 r6:e03ade70 r5:84be9bf8
 r4:84be9afc
[<81558624>] (default_device_exit_batch) from [<8153a0e0>] (ops_exit_list+0x64/0x68 net/core/net_namespace.c:177)
 r10:84bea880 r9:829d1f04 r8:829d1f04 r7:e03ade90 r6:829d25c4 r5:e03ade90
 r4:829d25c4
[<8153a07c>] (ops_exit_list) from [<8153c540>] (cleanup_net+0x2b0/0x49c net/core/net_namespace.c:654)
 r7:e03ade90 r6:829d1ec0 r5:82c1f940 r4:829d25c4
[<8153c290>] (cleanup_net) from [<802873bc>] (process_one_work+0x1b4/0x4f4 kernel/workqueue.c:3238)
 r10:8300f070 r9:8301bc15 r8:83a81800 r7:8300e600 r6:8301bc00 r5:829d1ed8
 r4:84473980
[<80287208>] (process_one_work) from [<80288004>] (process_scheduled_works kernel/workqueue.c:3319 [inline])
[<80287208>] (process_one_work) from [<80288004>] (worker_thread+0x1fc/0x3d8 kernel/workqueue.c:3400)
 r10:61c88647 r9:83a81800 r8:844739ac r7:82804d40 r6:8300e600 r5:8300e620
 r4:84473980
[<80287e08>] (worker_thread) from [<8028f07c>] (kthread+0x12c/0x280 kernel/kthread.c:464)
 r10:00000000 r9:84473980 r8:80287e08 r7:dfe99e60 r6:854de080 r5:83a81800
 r4:00000001
[<8028ef50>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:137)
Exception stack(0xe03adfb0 to 0xe03adff8)
dfa0:                                     00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
 r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8028ef50
 r4:85541240
Code: 089da830 e58e3000 e89da830 e5903000 (e5823000) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	089da830 	ldmeq	sp, {r4, r5, fp, sp, pc}
   4:	e58e3000 	str	r3, [lr]
   8:	e89da830 	ldm	sp, {r4, r5, fp, sp, pc}
   c:	e5903000 	ldr	r3, [r0]
* 10:	e5823000 	str	r3, [r2] <-- trapping instruction