general protection fault, probably for non-canonical address 0xdffffc0020008065: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000100040328-0x000000010004032f]
CPU: 0 PID: 5055 Comm: kworker/0:3 Not tainted 6.6.0-rc2-next-20230921-syzkaller-06975-g940fcc189c51 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:___neigh_lookup_noref.constprop.0+0x33c/0x820 include/net/neighbour.h:310
Code: 45 85 f6 0f 85 c1 01 00 00 e8 00 ae 92 f8 48 85 db 0f 84 51 02 00 00 e8 f2 ad 92 f8 48 8d bb 08 03 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 4a 03 00 00 4c 3b ab 08 03 00 00 75 99 e8 cc ad
RSP: 0018:ffffc9000401f700 EFLAGS: 00010206
RAX: 0000000020008065 RBX: 0000000100040020 RCX: 0000000000000000
RDX: ffff88807708d940 RSI: ffffffff88f58c4e RDI: 0000000100040328
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880203f7068
R13: ffff888072358000 R14: 0000000000000001 R15: ffff8880203f706c
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc4e0f2178 CR3: 000000007b0ca000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __ipv6_neigh_lookup_noref include/net/ndisc.h:383 [inline]
 ip6_finish_output2+0x368/0x1700 net/ipv6/ip6_output.c:122
 __ip6_finish_output net/ipv6/ip6_output.c:196 [inline]
 ip6_finish_output+0x485/0x1250 net/ipv6/ip6_output.c:207
 NF_HOOK_COND include/linux/netfilter.h:293 [inline]
 ip6_output+0x1e2/0x530 net/ipv6/ip6_output.c:228
 dst_output include/net/dst.h:458 [inline]
 NF_HOOK.constprop.0+0xff/0x570 include/linux/netfilter.h:304
 mld_sendpack+0x713/0xd60 net/ipv6/mcast.c:1818
 mld_send_initial_cr.part.0+0x1a1/0x260 net/ipv6/mcast.c:2237
 mld_send_initial_cr include/linux/refcount.h:201 [inline]
 ipv6_mc_dad_complete+0x255/0x2b0 net/ipv6/mcast.c:2245
 addrconf_dad_completed+0xcd8/0xfe0 net/ipv6/addrconf.c:4271
 addrconf_dad_work+0x807/0x13e0 net/ipv6/addrconf.c:4199
 process_one_work+0x884/0x15c0 kernel/workqueue.c:2630
 process_scheduled_works kernel/workqueue.c:2703 [inline]
 worker_thread+0x8b9/0x1290 kernel/workqueue.c:2784
 kthread+0x33c/0x440 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
 </TASK>
Modules linked in:
----------------
Code disassembly (best guess):
   0:	45 85 f6             	test   %r14d,%r14d
   3:	0f 85 c1 01 00 00    	jne    0x1ca
   9:	e8 00 ae 92 f8       	call   0xf892ae0e
   e:	48 85 db             	test   %rbx,%rbx
  11:	0f 84 51 02 00 00    	je     0x268
  17:	e8 f2 ad 92 f8       	call   0xf892ae0e
  1c:	48 8d bb 08 03 00 00 	lea    0x308(%rbx),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1) <-- trapping instruction
  2e:	0f 85 4a 03 00 00    	jne    0x37e
  34:	4c 3b ab 08 03 00 00 	cmp    0x308(%rbx),%r13
  3b:	75 99                	jne    0xffffffd6
  3d:	e8                   	.byte 0xe8
  3e:	cc                   	int3
  3f:	ad                   	lods   %ds:(%rsi),%eax