======================================
| [   36.740943][  T347] br10: port 1(veth1.10) entered forwarding state
| [   36.751911][    C0] ------------[ cut here ]------------
| [   36.752293][    C0] UBSAN: invalid-load in ./include/linux/skbuff.h:4267:9
| [   36.752673][    C0] load of value 107 is not a valid value for type '_Bool'
[   36.753409][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   36.754032][    C0] Call Trace:
[   36.754204][    C0]  <IRQ>
[ 36.754359][ C0] dump_stack_lvl (lib/dump_stack.c:107) 
[ 36.754605][ C0] __ubsan_handle_load_invalid_value (lib/ubsan.c:218 lib/ubsan.c:419) 
[ 36.754936][ C0] br_forward_finish.cold (./include/linux/spinlock.h:396 net/bridge/br.c:81) bridge
[ 36.755334][ C0] deliver_clone (net/bridge/br_forward.c:132) bridge
[ 36.755644][ C0] maybe_deliver (net/bridge/br_forward.c:191) bridge
[ 36.755957][ C0] ? check_prev_add (kernel/locking/lockdep.c:3214) 
[ 36.756219][ C0] br_flood (net/bridge/br_forward.c:236) bridge
[ 36.756521][ C0] br_dev_xmit (net/bridge/br_device.c:100) bridge
[   36.756834][    C0]  ? __pfx_br_dev_xmit+0x
DETECTED CRASH, lowering timeout
10/0x10 [bridge]
[ 36.757175][ C0] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5756) 
[ 36.757449][ C0] ? __pfx_skb_network_protocol (net/core/dev.c:3341) 
[ 36.757751][ C0] ? __pfx_qdisc_pkt_len_init (net/core/dev.c:3679) 
[ 36.758042][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 36.758343][ C0] dev_hard_start_xmit (./include/linux/netdevice.h:4991 ./include/linux/netdevice.h:5005 net/core/dev.c:3530 net/core/dev.c:3546) 
[ 36.758634][ C0] __dev_queue_xmit (./include/linux/netdevice.h:3369 net/core/dev.c:4338) 
[ 36.758903][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4274) 
[ 36.759156][ C0] ? eth_header (net/ethernet/eth.c:100) 
[ 36.759397][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4246) 
[ 36.759681][ C0] ? neigh_resolve_output (./include/linux/netdevice.h:3226 net/core/neighbour.c:1558 net/core/neighbour.c:1543) 
[ 36.759975][ C0] ip_finish_output2 (./include/net/neighbour.h:542 net/ipv4/ip_output.c:235) 
[ 36.760244][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.760507][ C0] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 36.760797][ C0] ? __ip_finish_output (./include/linux/skbuff.h:1627 ./include/linux/skbuff.h:4943 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) 
[ 36.761074][ C0] ip_output (./include/linux/netfilter.h:303 net/ipv4/ip_output.c:433) 
[ 36.761298][ C0] ? __pfx_ip_output (net/ipv4/ip_output.c:427) 
[ 36.761553][ C0] ? igmpv3_send_cr (net/ipv4/igmp.c:721) 
[ 36.761816][ C0] ? ip_local_out (net/ipv4/ip_output.c:128) 
[ 36.762064][ C0] igmp_ifc_timer_expire (net/ipv4/igmp.c:815) 
[ 36.762339][ C0] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 36.762643][ C0] call_timer_fn (kernel/time/timer.c:1700) 
[ 36.762888][ C0] ? __pfx_call_timer_fn (kernel/time/timer.c:1677) 
[ 36.763154][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.763400][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4274) 
[ 36.763661][ C0] __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2038) 
[ 36.763927][ C0] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 36.764239][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) 
[ 36.764511][ C0] ? __pfx___run_timers.part.0 (kernel/time/timer.c:2007) 
[ 36.764805][ C0] ? clockevents_program_event (kernel/time/clockevents.c:326) 
[ 36.765108][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.765347][ C0] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 3)) 
[ 36.765584][ C0] run_timer_softirq (kernel/time/timer.c:2012 kernel/time/timer.c:2053) 
[ 36.765840][ C0] __do_softirq (kernel/softirq.c:553) 
[ 36.766091][ C0] irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/softirq.c:644) 
[ 36.766317][ C0] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14)) 
[   36.766613][    C0]  </IRQ>
[   36.766768][    C0]  <TASK>
[ 36.766926][ C0] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:649) 
[ 36.767237][ C0] RIP: 0010:stack_trace_consume_entry (kernel/stacktrace.c:95) 
[ 36.767565][ C0] Code: 8b 03 48 8d 2c e8 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 80 3c 02 00 75 64 48 89 75 00 8b 43 08 39 43 10 0f 92 c0 <48> 83 c4 08 5b 5d c3 cc cc cc cc 83 e8 01 89 43 0c 48 83 c4 08 b8
All code
========
   0:	8b 03                	mov    (%rbx),%eax
   2:	48 8d 2c e8          	lea    (%rax,%rbp,8),%rbp
   6:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   d:	fc ff df 
  10:	48 89 ea             	mov    %rbp,%rdx
  13:	48 c1 ea 03          	shr    $0x3,%rdx
  17:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  1b:	75 64                	jne    0x81
  1d:	48 89 75 00          	mov    %rsi,0x0(%rbp)
  21:	8b 43 08             	mov    0x8(%rbx),%eax
  24:	39 43 10             	cmp    %eax,0x10(%rbx)
  27:	0f 92 c0             	setb   %al
  2a:*	48 83 c4 08          	add    $0x8,%rsp		<-- trapping instruction
  2e:	5b                   	pop    %rbx
  2f:	5d                   	pop    %rbp
  30:	c3                   	ret
  31:	cc                   	int3
  32:	cc                   	int3
  33:	cc                   	int3
  34:	cc                   	int3
  35:	83 e8 01             	sub    $0x1,%eax
  38:	89 43 0c             	mov    %eax,0xc(%rbx)
  3b:	48 83 c4 08          	add    $0x8,%rsp
  3f:	b8                   	.byte 0xb8

Code starting with the faulting instruction
===========================================
   0:	48 83 c4 08          	add    $0x8,%rsp
   4:	5b                   	pop    %rbx
   5:	5d                   	pop    %rbp
   6:	c3                   	ret
   7:	cc                   	int3
   8:	cc                   	int3
   9:	cc                   	int3
   a:	cc                   	int3
   b:	83 e8 01             	sub    $0x1,%eax
   e:	89 43 0c             	mov    %eax,0xc(%rbx)
  11:	48 83 c4 08          	add    $0x8,%rsp
  15:	b8                   	.byte 0xb8
[   36.768562][    C0] RSP: 0018:ffffc9000083f818 EFLAGS: 00000287
[   36.768878][    C0] RAX: 0000000000000001 RBX: ffffc9000083f900 RCX: ffffc90000840001
[   36.769285][    C0] RDX: 1ffff92000107f39 RSI: ffffffffb3665af9 RDI: ffffc9000083f90c
[   36.769690][    C0] RBP: ffffc9000083f9c8 R08: ffffc9000083f878 R09: fffff52000107ef0
[   36.770095][    C0] R10: ffffc9000083f838 R11: ffffc9000083f879 R12: ffffc9000083f900
[   36.770499][    C0] R13: 0000000000000000 R14: ffff888008022640 R15: 0000000000000000
[ 36.770919][ C0] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 36.771171][ C0] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) 
[ 36.771464][ C0] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 36.771785][ C0] arch_stack_walk (arch/x86/kernel/stacktrace.c:27 (discriminator 1)) 
[ 36.772039][ C0] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 36.772290][ C0] stack_trace_save (kernel/stacktrace.c:123) 
[ 36.772537][ C0] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) 
[ 36.772817][ C0] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) 
[ 36.773086][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.773324][ C0] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 3)) 
[ 36.773551][ C0] kasan_save_stack (mm/kasan/common.c:48) 
[ 36.773798][ C0] ? kasan_save_stack (mm/kasan/common.c:48) 
[ 36.774051][ C0] ? __kasan_record_aux_stack (mm/kasan/generic.c:586) 
[ 36.774336][ C0] ? __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:67 ./arch/x86/include/asm/irqflags.h:103 kernel/rcu/tree.c:2716) 
[ 36.774650][ C0] ? kmem_cache_free (./include/linux/kmemleak.h:48 mm/slub.c:2087 mm/slub.c:4299 mm/slub.c:4363) 
[ 36.774907][ C0] ? __vm_area_free (kernel/fork.c:508) 
[ 36.775153][ C0] ? exit_mmap (mm/mmap.c:3305) 
[ 36.775384][ C0] ? __mmput (kernel/fork.c:1410 (discriminator 2) kernel/fork.c:1345 (discriminator 2)) 
[ 36.775603][ C0] ? exit_mm (kernel/exit.c:570) 
[ 36.775823][ C0] ? do_exit (kernel/exit.c:861) 
[ 36.776042][ C0] ? do_group_exit (kernel/exit.c:1001) 
[ 36.776287][ C0] ? __x64_sys_exit_group (kernel/exit.c:1029) 
[ 36.776556][ C0] ? do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 36.776813][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 36.777051][ C0] ? __lock_release (kernel/locking/lockdep.c:353 kernel/locking/lockdep.c:5436) 
[ 36.777307][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) 
[ 36.777577][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 36.777877][ C0] ? __virt_addr_valid (./include/linux/rcupdate.h:308 ./include/linux/rcupdate.h:863 ./include/linux/mmzone.h:2026 arch/x86/mm/physaddr.c:65) 
[ 36.778148][ C0] ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:94 ./include/linux/rcupdate.h:865 ./include/linux/mmzone.h:2026 arch/x86/mm/physaddr.c:65) 
[ 36.778415][ C0] ? __pfx_free_object_rcu (mm/kmemleak.c:508) 
[ 36.778698][ C0] ? kasan_addr_to_slab (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/page-flags.h:481 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 36.778961][ C0] __kasan_record_aux_stack (mm/kasan/generic.c:586) 
[ 36.779247][ C0] ? __pfx_free_object_rcu (mm/kmemleak.c:508) 
[ 36.779534][ C0] __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:67 ./arch/x86/include/asm/irqflags.h:103 kernel/rcu/tree.c:2716) 
[ 36.779848][ C0] kmem_cache_free (./include/linux/kmemleak.h:48 mm/slub.c:2087 mm/slub.c:4299 mm/slub.c:4363) 
[ 36.780095][ C0] ? __vm_area_free (kernel/fork.c:508) 
[ 36.780347][ C0] __vm_area_free (kernel/fork.c:508) 
[ 36.780584][ C0] exit_mmap (mm/mmap.c:3305) 
[ 36.780811][ C0] ? __pfx_exit_mmap (mm/mmap.c:3253) 
[ 36.781071][ C0] ? __pfx_exit_aio (fs/aio.c:888) 
[ 36.781317][ C0] ? __mutex_unlock_slowpath (./arch/x86/include/asm/atomic64_64.h:109 ./include/linux/atomic/atomic-arch-fallback.h:4308 ./include/linux/atomic/atomic-long.h:1499 ./include/linux/atomic/atomic-instrumented.h:4446 kernel/locking/mutex.c:929) 
[ 36.781641][ C0] __mmput (kernel/fork.c:1410 (discriminator 2) kernel/fork.c:1345 (discriminator 2)) 
[ 36.781854][ C0] exit_mm (kernel/exit.c:570) 
[ 36.782071][ C0] do_exit (kernel/exit.c:861) 
[ 36.782288][ C0] ? __pfx_do_exit (kernel/exit.c:812) 
[ 36.782539][ C0] do_group_exit (kernel/exit.c:1001) 
[ 36.782781][ C0] __x64_sys_exit_group (kernel/exit.c:1029) 
[ 36.783042][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 36.783283][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[   36.783586][    C0] RIP: 0033:0x7f988359da8d
[ 36.783819][ C0] Code: Unable to access opcode bytes at 0x7f988359da63.

Code starting with the faulting instruction
===========================================
[   36.784175][    C0] RSP: 002b:00007ffea8226c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   36.784603][    C0] RAX: ffffffffffffffda RBX: 00007f988367a9c0 RCX: 00007f988359da8d
[   36.785007][    C0] RDX: 00000000000000e7 RSI: fffffffffffffe90 RDI: 0000000000000000
[   36.785412][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000058
[   36.785816][    C0] R10: 00007ffea8226ac0 R11: 0000000000000246 R12: 00007f988367a9c0


Finger prints:
dump_stack_lvl:__ubsan_handle_load_invalid_value:deliver_clone:maybe_deliver