Oops: general protection fault, probably for non-canonical address 0x89824e60ffffffff: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 2 PID: 25 Comm: kworker/2:0 Not tainted 6.10.0-rc1-syzkaller-00293-gec9eeb89e60d #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: mld mld_ifc_work
RIP: 0010:dst_input include/net/dst.h:460 [inline]
RIP: 0010:dst_input include/net/dst.h:458 [inline]
RIP: 0010:ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]
RIP: 0010:NF_HOOK include/linux/netfilter.h:314 [inline]
RIP: 0010:NF_HOOK include/linux/netfilter.h:308 [inline]
RIP: 0010:ipv6_rcv+0x458/0x680 net/ipv6/ip6_input.c:310
Code: 45 0b f8 4c 89 e6 31 ff 83 e6 01 e8 f2 40 0b f8 e8 bd 45 0b f8 48 81 fd 70 4b 41 89 0f 84 51 ff ff ff e8 ab 45 0b f8 48 89 df <ff> d5 0f 1f 00 89 c5 e9 53 fc ff ff e8 97 45 0b f8 e8 e2 c4 f0 f7
RSP: 0018:ffffc90000540c20 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88801c9beb40 RCX: ffffffff89833a2c
RDX: ffff888016724880 RSI: ffffffff898339c5 RDI: ffff88801c9beb40
RBP: 89824e60ffffffff R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000006 R12: 0000000000000001
R13: ffff88801c9beb98 R14: 0000000000000000 R15: ffff88802be48000
FS:  0000000000000000(0000) GS:ffff88802c200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000f7f87ea0 CR3: 0000000000db2000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5624
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5738
 process_backlog+0x133/0x760 net/core/dev.c:6067
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6721
 napi_poll net/core/dev.c:6790 [inline]
 net_rx_action+0x9b6/0xf10 net/core/dev.c:6906
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 do_softirq kernel/softirq.c:455 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:442
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:382
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:851 [inline]
 __dev_queue_xmit+0x872/0x4130 net/core/dev.c:4420
 dev_queue_xmit include/linux/netdevice.h:3095 [inline]
 neigh_hh_output include/net/neighbour.h:526 [inline]
 neigh_output include/net/neighbour.h:540 [inline]
 ip6_finish_output2+0x10eb/0x1880 net/ipv6/ip6_output.c:137
 __ip6_finish_output net/ipv6/ip6_output.c:211 [inline]
 ip6_finish_output+0x3f9/0x1300 net/ipv6/ip6_output.c:222
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:243
 dst_output include/net/dst.h:450 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 mld_sendpack+0x9ee/0x11d0 net/ipv6/mcast.c:1818
 mld_send_cr net/ipv6/mcast.c:2119 [inline]
 mld_ifc_work+0x756/0xce0 net/ipv6/mcast.c:2650
 process_one_work+0x958/0x1ad0 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dst_input include/net/dst.h:460 [inline]
RIP: 0010:dst_input include/net/dst.h:458 [inline]
RIP: 0010:ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]
RIP: 0010:NF_HOOK include/linux/netfilter.h:314 [inline]
RIP: 0010:NF_HOOK include/linux/netfilter.h:308 [inline]
RIP: 0010:ipv6_rcv+0x458/0x680 net/ipv6/ip6_input.c:310
Code: 45 0b f8 4c 89 e6 31 ff 83 e6 01 e8 f2 40 0b f8 e8 bd 45 0b f8 48 81 fd 70 4b 41 89 0f 84 51 ff ff ff e8 ab 45 0b f8 48 89 df <ff> d5 0f 1f 00 89 c5 e9 53 fc ff ff e8 97 45 0b f8 e8 e2 c4 f0 f7
RSP: 0018:ffffc90000540c20 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88801c9beb40 RCX: ffffffff89833a2c
RDX: ffff888016724880 RSI: ffffffff898339c5 RDI: ffff88801c9beb40
RBP: 89824e60ffffffff R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000006 R12: 0000000000000001
R13: ffff88801c9beb98 R14: 0000000000000000 R15: ffff88802be48000
FS:  0000000000000000(0000) GS:ffff88802c200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000f7f87ea0 CR3: 0000000000db2000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	45 0b f8             	or     %r8d,%r15d
   3:	4c 89 e6             	mov    %r12,%rsi
   6:	31 ff                	xor    %edi,%edi
   8:	83 e6 01             	and    $0x1,%esi
   b:	e8 f2 40 0b f8       	call   0xf80b4102
  10:	e8 bd 45 0b f8       	call   0xf80b45d2
  15:	48 81 fd 70 4b 41 89 	cmp    $0xffffffff89414b70,%rbp
  1c:	0f 84 51 ff ff ff    	je     0xffffff73
  22:	e8 ab 45 0b f8       	call   0xf80b45d2
  27:	48 89 df             	mov    %rbx,%rdi
* 2a:	ff d5                	call   *%rbp <-- trapping instruction
  2c:	0f 1f 00             	nopl   (%rax)
  2f:	89 c5                	mov    %eax,%ebp
  31:	e9 53 fc ff ff       	jmp    0xfffffc89
  36:	e8 97 45 0b f8       	call   0xf80b45d2
  3b:	e8 e2 c4 f0 f7       	call   0xf7f0c522