======================================
| [   36.062152][  T359] br10: port 1(veth1.10) entered forwarding state
| [   36.067837][    C1] ------------[ cut here ]------------
| [   36.068210][    C1] UBSAN: invalid-load in ./include/linux/skbuff.h:4267:9
| [   36.068591][    C1] load of value 107 is not a valid value for type '_Bool'
[   36.069334][    C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   36.070000][    C1] Call Trace:
[   36.070183][    C1]  <IRQ>
DETECTED CRASH, lowering timeout

[ 36.070336][ C1] dump_stack_lvl (lib/dump_stack.c:107) 
[ 36.070581][ C1] __ubsan_handle_load_invalid_value (lib/ubsan.c:218 lib/ubsan.c:419) 
[ 36.070912][ C1] br_forward_finish.cold (./include/linux/spinlock.h:396 net/bridge/br.c:81) bridge
[ 36.071273][ C1] deliver_clone (net/bridge/br_forward.c:132) bridge
[ 36.071584][ C1] maybe_deliver (net/bridge/br_forward.c:191) bridge
[ 36.071899][ C1] ? check_prev_add (kernel/locking/lockdep.c:3214) 
[ 36.072159][ C1] br_flood (net/bridge/br_forward.c:236) bridge
[ 36.072458][ C1] br_dev_xmit (net/bridge/br_device.c:100) bridge
[ 36.072770][ C1] ? __pfx_br_dev_xmit (net/bridge/br_device.c:29) bridge
[ 36.073108][ C1] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5756) 
[ 36.073380][ C1] ? __pfx_skb_network_protocol (net/core/dev.c:3341) 
[ 36.073684][ C1] ? __pfx_qdisc_pkt_len_init (net/core/dev.c:3679) 
[ 36.073972][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 36.074271][ C1] dev_hard_start_xmit (./include/linux/netdevice.h:4991 ./include/linux/netdevice.h:5005 net/core/dev.c:3530 net/core/dev.c:3546) 
[ 36.074547][ C1] __dev_queue_xmit (./include/linux/netdevice.h:3369 net/core/dev.c:4338) 
[ 36.074811][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4274) 
[ 36.075062][ C1] ? eth_header (net/ethernet/eth.c:100) 
[ 36.075303][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4246) 
[ 36.075582][ C1] ? neigh_resolve_output (./include/linux/netdevice.h:3226 net/core/neighbour.c:1558 net/core/neighbour.c:1543) 
[ 36.075877][ C1] ip_finish_output2 (./include/net/neighbour.h:542 net/ipv4/ip_output.c:235) 
[ 36.076145][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.076384][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 36.076672][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1627 ./include/linux/skbuff.h:4943 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) 
[ 36.076948][ C1] ip_output (./include/linux/netfilter.h:303 net/ipv4/ip_output.c:433) 
[ 36.077174][ C1] ? __pfx_ip_output (net/ipv4/ip_output.c:427) 
[ 36.077431][ C1] ? igmpv3_send_cr (net/ipv4/igmp.c:721) 
[ 36.077693][ C1] ? ip_local_out (net/ipv4/ip_output.c:128) 
[ 36.077938][ C1] igmp_ifc_timer_expire (net/ipv4/igmp.c:815) 
[ 36.078213][ C1] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 36.078514][ C1] call_timer_fn (kernel/time/timer.c:1700) 
[ 36.078759][ C1] ? __pfx_call_timer_fn (kernel/time/timer.c:1677) 
[ 36.079026][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.079269][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4274) 
[ 36.079534][ C1] __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2038) 
[ 36.079799][ C1] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 36.080109][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) 
[ 36.080379][ C1] ? __pfx___run_timers.part.0 (kernel/time/timer.c:2007) 
[ 36.080671][ C1] ? clockevents_program_event (kernel/time/clockevents.c:326) 
[ 36.080974][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.081211][ C1] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 3)) 
[ 36.081449][ C1] run_timer_softirq (kernel/time/timer.c:2012 kernel/time/timer.c:2053) 
[ 36.081704][ C1] __do_softirq (kernel/softirq.c:553) 
[ 36.081955][ C1] irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/softirq.c:644) 
[ 36.082180][ C1] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14)) 
[   36.082474][    C1]  </IRQ>
[   36.082630][    C1]  <TASK>
[ 36.082785][ C1] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:649) 
[ 36.083098][ C1] RIP: 0010:__orc_find (arch/x86/kernel/unwind_orc.c:80 arch/x86/kernel/unwind_orc.c:102) 
[ 36.083356][ C1] Code: 8d 6b 04 49 89 df 4c 39 e5 77 4e 4c 89 e2 48 29 ea 48 89 d6 48 c1 ea 3f 48 c1 fe 02 48 01 f2 48 d1 fa 48 8d 5c 95 00 48 89 da <48> c1 ea 03 0f b6 34 0a 48 89 da 83 e2 07 83 c2 03 40 38 f2 7c 05
All code
========
   0:	8d 6b 04             	lea    0x4(%rbx),%ebp
   3:	49 89 df             	mov    %rbx,%r15
   6:	4c 39 e5             	cmp    %r12,%rbp
   9:	77 4e                	ja     0x59
   b:	4c 89 e2             	mov    %r12,%rdx
   e:	48 29 ea             	sub    %rbp,%rdx
  11:	48 89 d6             	mov    %rdx,%rsi
  14:	48 c1 ea 3f          	shr    $0x3f,%rdx
  18:	48 c1 fe 02          	sar    $0x2,%rsi
  1c:	48 01 f2             	add    %rsi,%rdx
  1f:	48 d1 fa             	sar    %rdx
  22:	48 8d 5c 95 00       	lea    0x0(%rbp,%rdx,4),%rbx
  27:	48 89 da             	mov    %rbx,%rdx
  2a:*	48 c1 ea 03          	shr    $0x3,%rdx		<-- trapping instruction
  2e:	0f b6 34 0a          	movzbl (%rdx,%rcx,1),%esi
  32:	48 89 da             	mov    %rbx,%rdx
  35:	83 e2 07             	and    $0x7,%edx
  38:	83 c2 03             	add    $0x3,%edx
  3b:	40 38 f2             	cmp    %sil,%dl
  3e:	7c 05                	jl     0x45

Code starting with the faulting instruction
===========================================
   0:	48 c1 ea 03          	shr    $0x3,%rdx
   4:	0f b6 34 0a          	movzbl (%rdx,%rcx,1),%esi
   8:	48 89 da             	mov    %rbx,%rdx
   b:	83 e2 07             	and    $0x7,%edx
   e:	83 c2 03             	add    $0x3,%edx
  11:	40 38 f2             	cmp    %sil,%dl
  14:	7c 05                	jl     0x1b
[   36.084334][    C1] RSP: 0018:ffffc9000075f5a8 EFLAGS: 00000246
[   36.084649][    C1] RAX: ffffffff90e6a9ce RBX: ffffffff90b6355c RCX: dffffc0000000000
[   36.085053][    C1] RDX: ffffffff90b6355c RSI: 0000000000000000 RDI: ffffffff90b63554
[   36.085457][    C1] RBP: ffffffff90b6355c R08: ffffc9000075f728 R09: 1ffff920000ebec6
[   36.085865][    C1] R10: ffffc9000075f6e8 R11: ffffc9000075f729 R12: ffffffff90b6355c
[   36.086269][    C1] R13: ffffffff8c794dcb R14: ffffffff90b63554 R15: ffffffff90b63558
[ 36.086674][ C1] ? exit_mm (kernel/exit.c:569) 
[ 36.086914][ C1] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) 
[ 36.087172][ C1] unwind_next_frame (arch/x86/kernel/unwind_orc.c:495) 
[ 36.087437][ C1] ? exit_mm (kernel/exit.c:570) 
[ 36.087667][ C1] ? __pfx_unwind_next_frame (arch/x86/kernel/unwind_orc.c:469) 
[ 36.087956][ C1] ? exit_mm (kernel/exit.c:570) 
[ 36.088176][ C1] ? kernel_text_address (kernel/extable.c:99) 
[ 36.088442][ C1] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 36.088763][ C1] arch_stack_walk (arch/x86/kernel/stacktrace.c:24) 
[ 36.089019][ C1] ? exit_mm (kernel/exit.c:570) 
[ 36.089247][ C1] stack_trace_save (kernel/stacktrace.c:123) 
[ 36.089497][ C1] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) 
[ 36.089780][ C1] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) 
[ 36.090054][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.090288][ C1] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 3)) 
[ 36.090517][ C1] kasan_save_stack (mm/kasan/common.c:48) 
[ 36.090762][ C1] ? kasan_save_stack (mm/kasan/common.c:48) 
[ 36.091013][ C1] ? __kasan_record_aux_stack (mm/kasan/generic.c:586) 
[ 36.091301][ C1] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:67 ./arch/x86/include/asm/irqflags.h:103 kernel/rcu/tree.c:2716) 
[ 36.091613][ C1] ? kmem_cache_free_bulk.part.0 (./include/linux/kmemleak.h:48 mm/slub.c:2087 mm/slub.c:2150 mm/slub.c:4312 mm/slub.c:4526) 
[ 36.091920][ C1] ? mt_destroy_walk (lib/maple_tree.c:178 lib/maple_tree.c:5264) 
[ 36.092177][ C1] ? __mt_destroy (lib/maple_tree.c:217 lib/maple_tree.c:6795) 
[ 36.092416][ C1] ? exit_mmap (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/linux/mmap_lock.h:41 ./include/linux/mmap_lock.h:131 mm/mmap.c:3314) 
[ 36.092649][ C1] ? __mmput (kernel/fork.c:1410 (discriminator 2) kernel/fork.c:1345 (discriminator 2)) 
[ 36.092868][ C1] ? exit_mm (kernel/exit.c:570) 
[ 36.093102][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.093340][ C1] ? __lock_release (kernel/locking/lockdep.c:353 kernel/locking/lockdep.c:5436) 
[ 36.093597][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) 
[ 36.093867][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 36.094167][ C1] ? __virt_addr_valid (./include/linux/rcupdate.h:308 ./include/linux/rcupdate.h:863 ./include/linux/mmzone.h:2026 arch/x86/mm/physaddr.c:65) 
[ 36.094437][ C1] ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:94 ./include/linux/rcupdate.h:865 ./include/linux/mmzone.h:2026 arch/x86/mm/physaddr.c:65) 
[ 36.094704][ C1] ? __pfx_free_object_rcu (mm/kmemleak.c:508) 
[ 36.094980][ C1] ? kasan_addr_to_slab (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/page-flags.h:481 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 36.095244][ C1] __kasan_record_aux_stack (mm/kasan/generic.c:586) 
[ 36.095524][ C1] ? __pfx_free_object_rcu (mm/kmemleak.c:508) 
[ 36.095797][ C1] __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:67 ./arch/x86/include/asm/irqflags.h:103 kernel/rcu/tree.c:2716) 
[ 36.096111][ C1] kmem_cache_free_bulk.part.0 (./include/linux/kmemleak.h:48 mm/slub.c:2087 mm/slub.c:2150 mm/slub.c:4312 mm/slub.c:4526) 
[ 36.096409][ C1] ? mt_destroy_walk (lib/maple_tree.c:178 lib/maple_tree.c:5264) 
[ 36.096682][ C1] mt_destroy_walk (lib/maple_tree.c:178 lib/maple_tree.c:5264) 
[ 36.096940][ C1] ? __pfx_mt_destroy_walk (lib/maple_tree.c:5244) 
[ 36.097226][ C1] __mt_destroy (lib/maple_tree.c:217 lib/maple_tree.c:6795) 
[ 36.097462][ C1] exit_mmap (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/linux/mmap_lock.h:41 ./include/linux/mmap_lock.h:131 mm/mmap.c:3314) 
[ 36.097688][ C1] ? __pfx_exit_mmap (mm/mmap.c:3253) 
[ 36.097947][ C1] ? __pfx_exit_aio (fs/aio.c:888) 
[ 36.098192][ C1] ? __mutex_unlock_slowpath (./arch/x86/include/asm/atomic64_64.h:109 ./include/linux/atomic/atomic-arch-fallback.h:4308 ./include/linux/atomic/atomic-long.h:1499 ./include/linux/atomic/atomic-instrumented.h:4446 kernel/locking/mutex.c:929) 
[ 36.098508][ C1] __mmput (kernel/fork.c:1410 (discriminator 2) kernel/fork.c:1345 (discriminator 2)) 
[ 36.098720][ C1] exit_mm (kernel/exit.c:570) 
[ 36.098937][ C1] do_exit (kernel/exit.c:861) 
[ 36.099153][ C1] ? __pfx_do_exit (kernel/exit.c:812) 
[ 36.099406][ C1] do_group_exit (kernel/exit.c:1001) 
[ 36.099656][ C1] __x64_sys_exit_group (kernel/exit.c:1029) 
[ 36.099917][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 36.100158][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[   36.100463][    C1] RIP: 0033:0x7f3dc67fda8d
[ 36.100696][ C1] Code: Unable to access opcode bytes at 0x7f3dc67fda63.

Code starting with the faulting instruction
===========================================
[   36.101052][    C1] RSP: 002b:00007ffe27807708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   36.101482][    C1] RAX: ffffffffffffffda RBX: 00007f3dc68da9c0 RCX: 00007f3dc67fda8d
[   36.101886][    C1] RDX: 00000000000000e7 RSI: fffffffffffffe90 RDI: 0000000000000000
[   36.102299][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000058
[   36.102704][    C1] R10: 00007ffe27807530 R11: 0000000000000246 R12: 00007f3dc68da9c0


Finger prints:
dump_stack_lvl:__ubsan_handle_load_invalid_value:deliver_clone:maybe_deliver