Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f]
CPU: 0 UID: 0 PID: 57 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: netns cleanup_net
RIP: 0010:kernfs_root+0x123/0x230 fs/kernfs/kernfs-internal.h:79
Code: ff 89 c6 e8 3f f9 5f ff 85 ed 74 7f e8 86 f4 5f ff eb 05 e8 7f f4 5f ff 4d 85 ff 4d 0f 45 f7 49 83 c6 78 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 ce 07 c6 ff 4d 8b 36 e8 46 ac bd
RSP: 0018:ffffc9000123f328 EFLAGS: 00010206
RAX: 000000000000000f RBX: ffffffff82645aac RCX: ffff88801a358000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1ed46b7 R12: dffffc0000000000
R13: 0000000800000000 R14: 0000000000000079 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888126340000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558f2e5600c0 CR3: 00000000312b0000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 kernfs_root_is_locked fs/kernfs/kernfs-internal.h:109 [inline]
 kernfs_rcu_name fs/kernfs/kernfs-internal.h:119 [inline]
 kernfs_name_compare fs/kernfs/dir.c:343 [inline]
 kernfs_find_ns+0x200/0x490 fs/kernfs/dir.c:879
 kernfs_remove_by_name_ns+0x4b/0x130 fs/kernfs/dir.c:1719
 kernfs_remove_by_name include/linux/kernfs.h:633 [inline]
 remove_files fs/sysfs/group.c:28 [inline]
 sysfs_remove_group+0xfc/0x2e0 fs/sysfs/group.c:328
 sysfs_remove_groups+0x54/0xb0 fs/sysfs/group.c:352
 device_remove_groups drivers/base/core.c:2843 [inline]
 device_remove_attrs+0x229/0x280 drivers/base/core.c:2979
 device_del+0x523/0x900 drivers/base/core.c:3877
 rfkill_unregister+0xc3/0x230 net/rfkill/core.c:1143
 wiphy_unregister+0x25e/0xb30 net/wireless/core.c:1175
 ieee80211_unregister_hw+0x1e2/0x2c0 net/mac80211/main.c:1713
 mac80211_hwsim_del_radio+0x28a/0x490 drivers/net/wireless/virtual/mac80211_hwsim.c:5916
 hwsim_exit_net+0xf02/0xfc0 drivers/net/wireless/virtual/mac80211_hwsim.c:6807
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x49f/0x940 net/core/net_namespace.c:252
 cleanup_net+0x56e/0x800 net/core/net_namespace.c:704
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xb02/0x1830 kernel/workqueue.c:3358
 worker_thread+0xa50/0xfc0 kernel/workqueue.c:3439
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:kernfs_root+0x123/0x230 fs/kernfs/kernfs-internal.h:79
Code: ff 89 c6 e8 3f f9 5f ff 85 ed 74 7f e8 86 f4 5f ff eb 05 e8 7f f4 5f ff 4d 85 ff 4d 0f 45 f7 49 83 c6 78 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 f7 e8 ce 07 c6 ff 4d 8b 36 e8 46 ac bd
RSP: 0018:ffffc9000123f328 EFLAGS: 00010206
RAX: 000000000000000f RBX: ffffffff82645aac RCX: ffff88801a358000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1ed46b7 R12: dffffc0000000000
R13: 0000000800000000 R14: 0000000000000079 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888126340000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558f2e5600c0 CR3: 00000000312b0000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	ff 89 c6 e8 3f f9    	decl   -0x6c0173a(%rcx)
   6:	5f                   	pop    %rdi
   7:	ff 85 ed 74 7f e8    	incl   -0x17808b13(%rbp)
   d:	86 f4                	xchg   %dh,%ah
   f:	5f                   	pop    %rdi
  10:	ff                   	ljmp   (bad)
  11:	eb 05                	jmp    0x18
  13:	e8 7f f4 5f ff       	call   0xff5ff497
  18:	4d 85 ff             	test   %r15,%r15
  1b:	4d 0f 45 f7          	cmovne %r15,%r14
  1f:	49 83 c6 78          	add    $0x78,%r14
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 f7             	mov    %r14,%rdi
  34:	e8 ce 07 c6 ff       	call   0xffc60807
  39:	4d 8b 36             	mov    (%r14),%r14
  3c:	e8                   	.byte 0xe8
  3d:	46 ac                	rex.RX lods %ds:(%rsi),%al
  3f:	bd                   	.byte 0xbd