Oops: general protection fault, probably for non-canonical address 0xe000080fe291ad57: 0000 [#1] SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000607f148d6ab8-0x0000607f148d6abf]
CPU: 3 UID: 0 PID: 15667 Comm: kworker/3:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: mld mld_ifc_work
RIP: 0010:bond_header_create+0xd8/0x390 drivers/net/bonding/bond_main.c:1524
Code: 0f 85 08 01 00 00 e8 d7 1a 74 fb 48 85 ed 0f 84 a9 00 00 00 e8 c9 1a 74 fb 48 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 8a 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0000:ffffc90003d5f720 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 00000000000086dd RCX: ffffffff86941363
RDX: 00000c0fe291ad57 RSI: ffffffff86941257 RDI: ffff888029e20000
RBP: 0000607f148d6ab8 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: ffff8880131d99c0 R14: 0000000000000000 R15: 0000000000000060
FS:  0000000000000000(0000) GS:ffff888097446000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000f72cc08e CR3: 000000005eea7000 CR4: 0000000000352ef0
DR0: 000000006000003f DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 dev_hard_header include/linux/netdevice.h:3440 [inline]
 neigh_connected_output+0x34d/0x5d0 net/core/neighbour.c:1644
 neigh_output include/net/neighbour.h:556 [inline]
 ip6_finish_output2+0xb0f/0x1ce0 net/ipv6/ip6_output.c:136
 __ip6_finish_output+0x357/0xdf0 net/ipv6/ip6_output.c:208
 ip6_finish_output net/ipv6/ip6_output.c:219 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip6_output+0x2aa/0xa60 net/ipv6/ip6_output.c:246
 dst_output include/net/dst.h:470 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK.constprop.0+0x115/0x5a0 include/linux/netfilter.h:312
 mld_sendpack+0x8f7/0xec0 net/ipv6/mcast.c:1855
 mld_send_cr net/ipv6/mcast.c:2154 [inline]
 mld_ifc_work+0x75a/0xc10 net/ipv6/mcast.c:2693
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bond_header_create+0xd8/0x390 drivers/net/bonding/bond_main.c:1524
Code: 0f 85 08 01 00 00 e8 d7 1a 74 fb 48 85 ed 0f 84 a9 00 00 00 e8 c9 1a 74 fb 48 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 8a 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b
RSP: 0000:ffffc90003d5f720 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 00000000000086dd RCX: ffffffff86941363
RDX: 00000c0fe291ad57 RSI: ffffffff86941257 RDI: ffff888029e20000
RBP: 0000607f148d6ab8 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: ffff8880131d99c0 R14: 0000000000000000 R15: 0000000000000060
FS:  0000000000000000(0000) GS:ffff888097446000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000057f0f4ec CR3: 000000000e598000 CR4: 0000000000352ef0
DR0: 000000006000003f DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	0f 85 08 01 00 00    	jne    0x10e
   6:	e8 d7 1a 74 fb       	call   0xfb741ae2
   b:	48 85 ed             	test   %rbp,%rbp
   e:	0f 84 a9 00 00 00    	je     0xbd
  14:	e8 c9 1a 74 fb       	call   0xfb741ae2
  19:	48 89 ea             	mov    %rbp,%rdx
  1c:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  23:	fc ff df
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 8a 02 00 00    	jne    0x2be
  34:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3b:	fc ff df
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b