The kernel linux's lookup_address function in x86 returns NULL when debugging a specific case of Page Fault

Question

I have implemented a simple hook function inside the arch/x86/mm/fault.c, using a kernel (general-purpose) v6.1. This function is like this:

void is_read_only(unsigned long addr)
{
    unsigned int level;
    pte_t *pte = lookup_address(addr, &level);
    if(pte == NULL)
        printk(KERN_WARNING "--------> Page not present");
    else if pte_write(*pte)
        printk(KERN_WARNING "--------> Page is writable");
    else
        printk(KERN_WARNING "--------> Page is readonly");
}

I call this function inside __bad_area_nosemaphore immediatly below the show_signal_msg call. I give the virtual address as argument to the is_read_only.

A very known case of Page Fault (PF) / Segmentation Fault example for linux I've used is this:

#include <stdio.h>

char *str = "Hello, world!";

int main()
{
    printf("%s", str);
    str[0] = 'h';
    return 0;
}

This example returns the error code 7, the line below is produced on syslog:

segfault at 562642b30004 ip 0000562642b2f16d sp 00007fffb58ac2a0 error 7 in a.out[562642b2f000+1000] likely on CPU 0 (core 0, socket 0)

By consulting the Intel Manual, it turns out that the error code 7 means that:

• Bit 0 is on, indicating that when the PF occurred the page was present.
• Bit 1 is on, indicating that when the PF occurred the processor was in user mode.
• Bit 2 is on, indicating that when the PF occurred it was in writing operation.

If error 7 means that the page was present, why lookup_address is returning NULL? Wasn't it supposed to return the Page Table Entry correctly?