======================================
| [ 4655.281829][    C1] ip6_tunnel: tep0 xmit: Local address not yet configured!
| [ 4660.593832][    C2] ip6_tunnel: tep0 xmit: Local address not yet configured!
| [ 4858.481885][    C0] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI
| [ 4858.482503][    C0] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 4858.483247][    C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4858.483530][ C0] RIP: 0010:xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3181) 
[ 4858.483828][ C0] Code: f1 f1 f1 c7 40 04 00 00 f2 f2 c7 40 08 00 00 f3 f3 65 48 8b 05 8a 86 68 03 48 89 84 24 a8 00 00 00 31 c0 48 89 f8 48 c1 e8 03 <80> 3c 10 00 0f 85 cb 08 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b
All code
========
   0:	f1                   	int1
   1:	f1                   	int1
   2:	f1                   	int1
   3:	c7 40 04 00 00 f2 f2 	movl   $0xf2f20000,0x4(%rax)
   a:	c7 40 08 00 00 f3 f3 	movl   $0xf3f30000,0x8(%rax)
  11:	65 48 8b 05 8a 86 68 	mov    %gs:0x368868a(%rip),%rax        # 0x36886a3
  18:	03 
  19:	48 89 84 24 a8 00 00 	mov    %rax,0xa8(%rsp)
  20:	00 
  21:	31 c0                	xor    %eax,%eax
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
  2a:*	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1)		<-- trapping instruction
  2e:	0f 85 cb 08 00 00    	jne    0x8ff
  34:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  3b:	fc ff df 
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b

Code starting with the faulting instruction
===========================================
   0:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1)
   4:	0f 85 cb 08 00 00    	jne    0x8d5
   a:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  11:	fc ff df 
  14:	48                   	rex.W
  15:	8b                   	.byte 0x8b
[ 4858.484628][    C0] RSP: 0018:ffffc90000007480 EFLAGS: 00010202
[ 4858.484920][    C0] RAX: 0000000000000001 RBX: 1ffff92000000e96 RCX: ffff888009a3cf00
[ 4858.485271][    C0] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000008
[ 4858.485606][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 4858.485950][    C0] R10: ffffc90000007680 R11: ffffffff9018d720 R12: 0000000000000006
[ 4858.486291][    C0] R13: ffff888009a3cf00 R14: ffffc90000007680 R15: ffff888008a5b940
[ 4858.486633][    C0] FS:  0000000000000000(0000) GS:ffff8880d3b94000(0000) knlGS:0000000000000000
[ 4858.487025][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4858.487312][    C0] CR2: 00007f6f49414000 CR3: 000000000a2a7006 CR4: 0000000000772ef0
[ 4858.487659][    C0] PKRU: 55555554
[ 4858.487831][    C0] Call Trace:
[ 4858.487998][    C0]  <IRQ>
[ 4858.488112][ C0] ? find_held_lock (kernel/locking/lockdep.c:5353) 
[ 4858.488350][ C0] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3177) 
[ 4858.488628][ C0] ? dst_release (./arch/x86/include/asm/preempt.h:104 ./include/linux/rcuref.h:174 net/core/dst.c:167) 
[ 4858.488853][ C0] ? ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1231) 
[ 4858.489139][ C0] xfrm_lookup_route (net/xfrm/xfrm_policy.c:3351) 
[ 4858.489367][ C0] ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1271) 
[ 4858.489593][ C0] ? __pfx_ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1271) 
[ 4858.489824][ C0] ? find_held_lock (kernel/locking/lockdep.c:5353) 
[ 4858.490050][ C0] ? __pfx_ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1271) 
[ 4858.490272][ C0] udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:167 net/ipv6/ip6_udp_tunnel.c:135) 
[ 4858.490501][ C0] ? __pfx_udp_tunnel6_dst_lookup (net/ipv6/ip6_udp_tunnel.c:144) 
[ 4858.490782][ C0] ? __pfx___skb_get_hash_net (net/core/flow_dissector.c:1892) 
[ 4858.491012][ C0] ? sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 arch/x86/kernel/apic/apic.c:1050) 
[ 4858.491291][ C0] ? kernel_text_address (kernel/extable.c:99) 
[ 4858.491516][ C0] geneve6_xmit_skb (drivers/net/geneve.c:958 (discriminator 4)) geneve 
[ 4858.491751][ C0] ? __pfx_geneve6_xmit_skb (drivers/net/geneve.c:934) geneve 
[ 4858.492035][ C0] ? lock_acquire.part.0 (kernel/locking/lockdep.c:473 kernel/locking/lockdep.c:5873) 
[ 4858.492261][ C0] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 4858.492492][ C0] ? geneve_xmit (drivers/net/geneve.c:1045) geneve 
[ 4858.492719][ C0] geneve_xmit (drivers/net/geneve.c:1045) geneve 
[ 4858.492948][ C0] dev_hard_start_xmit (./include/linux/netdevice.h:5219 ./include/linux/netdevice.h:5228 net/core/dev.c:3827 net/core/dev.c:3843) 
[ 4858.493177][ C0] __dev_queue_xmit (net/core/dev.h:370 net/core/dev.c:4714) 
[ 4858.493401][ C0] ? __build_skb_around (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 net/core/skbuff.c:382 net/core/skbuff.c:439) 
[ 4858.493625][ C0] ? __alloc_skb (net/core/skbuff.c:685) 
[ 4858.493850][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4621) 
[ 4858.494072][ C0] ? lock_acquire.part.0 (kernel/locking/lockdep.c:473 kernel/locking/lockdep.c:5873) 
[ 4858.494295][ C0] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 4858.494520][ C0] arp_xmit (./include/linux/rcupdate.h:869 net/ipv4/arp.c:667) 
[ 4858.494696][ C0] arp_solicit (net/ipv4/arp.c:392) 
[ 4858.494921][ C0] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 4858.495143][ C0] ? __pfx_arp_solicit (net/ipv4/arp.c:334) 
[ 4858.495377][ C0] ? neigh_probe (net/core/neighbour.c:1063) 
[ 4858.495598][ C0] ? __lock_release (kernel/locking/lockdep.c:5539) 
[ 4858.495821][ C0] neigh_probe (net/core/neighbour.c:1064) 
[ 4858.495988][ C0] neigh_timer_handler (net/core/neighbour.c:1158) 
[ 4858.496214][ C0] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 4858.496441][ C0] ? __pfx_neigh_timer_handler (net/core/neighbour.c:1072) 
[ 4858.496663][ C0] call_timer_fn (kernel/time/timer.c:1748) 
[ 4858.496890][ C0] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1737) 
[ 4858.497112][ C0] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1737) 
[ 4858.497335][ C0] ? __pfx_call_timer_fn (kernel/time/timer.c:1724) 
[ 4858.497558][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4328) 
[ 4858.497782][ C0] __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372) 
[ 4858.498005][ C0] ? __pfx_neigh_timer_handler (net/core/neighbour.c:1072) 
[ 4858.498232][ C0] ? __pfx___run_timers (kernel/time/timer.c:2343) 
[ 4858.498457][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 4858.498678][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 4858.498900][ C0] ? lock_acquire (./include/trace/events/lock.h:24 kernel/locking/lockdep.c:5834) 
[ 4858.499125][ C0] ? run_timer_base (kernel/time/timer.c:2384 kernel/time/timer.c:2376 kernel/time/timer.c:2393) 
[ 4858.499348][ C0] run_timer_base (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2393) 
[ 4858.499570][ C0] run_timer_softirq (kernel/time/timer.c:2404) 
[ 4858.499797][ C0] handle_softirqs (kernel/softirq.c:580) 
[ 4858.500022][ C0] __irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680) 
[ 4858.500242][ C0] irq_exit_rcu (kernel/softirq.c:698) 
[ 4858.500410][ C0] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 arch/x86/kernel/apic/apic.c:1050) 
[ 4858.500632][    C0]  </IRQ>
[ 4858.500749][    C0]  <TASK>
[ 4858.500861][ C0] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) 
[ 4858.501138][ C0] RIP: 0010:_raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) 
[ 4858.501429][ C0] Code: 74 24 10 e8 a1 96 54 fd 48 89 ef e8 59 e9 54 fd 81 e3 00 02 00 00 75 29 9c 58 f6 c4 02 75 35 48 85 db 74 01 fb bf 01 00 00 00 <e8> 4a a5 48 fd 65 8b 05 a3 ea 1d 03 85 c0 74 0e 5b 5d e9 c8 34 00
All code
========
   0:	74 24                	je     0x26
   2:	10 e8                	adc    %ch,%al
   4:	a1 96 54 fd 48 89 ef 	movabs 0x59e8ef8948fd5496,%eax
   b:	e8 59 
   d:	e9 54 fd 81 e3       	jmp    0xffffffffe381fd66
  12:	00 02                	add    %al,(%rdx)
  14:	00 00                	add    %al,(%rax)
  16:	75 29                	jne    0x41
  18:	9c                   	pushf
  19:	58                   	pop    %rax
  1a:	f6 c4 02             	test   $0x2,%ah
  1d:	75 35                	jne    0x54
  1f:	48 85 db             	test   %rbx,%rbx
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
  2a:*	e8 4a a5 48 fd       	call   0xfffffffffd48a579		<-- trapping instruction
  2f:	65 8b 05 a3 ea 1d 03 	mov    %gs:0x31deaa3(%rip),%eax        # 0x31dead9
  36:	85 c0                	test   %eax,%eax
  38:	74 0e                	je     0x48
  3a:	5b                   	pop    %rbx
  3b:	5d                   	pop    %rbp
  3c:	e9                   	.byte 0xe9
  3d:	c8                   	.byte 0xc8
  3e:	34 00                	xor    $0x0,%al

Code starting with the faulting instruction
===========================================
   0:	e8 4a a5 48 fd       	call   0xfffffffffd48a54f
   5:	65 8b 05 a3 ea 1d 03 	mov    %gs:0x31deaa3(%rip),%eax        # 0x31deaaf
   c:	85 c0                	test   %eax,%eax
   e:	74 0e                	je     0x1e
  10:	5b                   	pop    %rbx
  11:	5d                   	pop    %rbp
  12:	e9                   	.byte 0xe9
  13:	c8                   	.byte 0xc8
  14:	34 00                	xor    $0x0,%al
[ 4858.502223][    C0] RSP: 0018:ffffc9000514f8a8 EFLAGS: 00000206
[ 4858.502504][    C0] RAX: 0000000000000002 RBX: 0000000000000200 RCX: 0000000000000040
[ 4858.502838][    C0] RDX: 0000000000000000 RSI: ffffffff8f7283fb RDI: 0000000000000001
[ 4858.503176][    C0] RBP: ffffffff92bb9fa8 R08: 0000000000000001 R09: 0000000000000001
[ 4858.503511][    C0] R10: ffffffff90c827d7 R11: ffffffff92bb9fc0 R12: 0000000000000001
[ 4858.503847][    C0] R13: ffff8880093fc6a0 R14: dffffc0000000000 R15: 1ffff92000a29f1c
[ 4858.504188][ C0] debug_object_active_state (lib/debugobjects.c:1056) 
[ 4858.504421][ C0] ? __pfx_debug_object_active_state (lib/debugobjects.c:1035) 
[ 4858.504702][ C0] ? find_held_lock (kernel/locking/lockdep.c:5353) 
[ 4858.504929][ C0] ? __pfx_free_object_rcu (mm/kmemleak.c:519) 
[ 4858.505158][ C0] __call_rcu_common.constprop.0 (kernel/rcu/tree.c:3079) 
[ 4858.505448][ C0] kmem_cache_free (./include/linux/kmemleak.h:50 mm/slub.c:2306 mm/slub.c:4643 mm/slub.c:4745) 
[ 4858.505674][ C0] ? __put_anon_vma (mm/rmap.c:2767) 
[ 4858.505902][ C0] __put_anon_vma (mm/rmap.c:2767) 
[ 4858.506128][ C0] unlink_anon_vmas (./include/linux/rmap.h:117 mm/rmap.c:444) 
[ 4858.506352][ C0] free_pgtables (mm/memory.c:403) 
[ 4858.506576][ C0] ? __pfx_free_pgtables (mm/memory.c:358) 
[ 4858.506799][ C0] ? lock_acquire (./include/trace/events/lock.h:24 kernel/locking/lockdep.c:5834) 
[ 4858.507020][ C0] ? exit_mmap (./include/linux/seqlock.h:431 ./include/linux/mmap_lock.h:87 ./include/linux/mmap_lock.h:357 mm/mmap.c:1292) 
[ 4858.507246][ C0] ? down_write (./arch/x86/include/asm/preempt.h:104 kernel/locking/rwsem.c:1307 kernel/locking/rwsem.c:1313 kernel/locking/rwsem.c:1578) 
[ 4858.507470][ C0] ? __pfx_down_write (kernel/locking/rwsem.c:1575) 
[ 4858.507695][ C0] exit_mmap (mm/mmap.c:1297) 
[ 4858.507868][ C0] ? __pfx_exit_mmap (mm/mmap.c:1259) 
[ 4858.508092][ C0] ? __mutex_unlock_slowpath (./arch/x86/include/asm/atomic64_64.h:101 ./include/linux/atomic/atomic-arch-fallback.h:4329 ./include/linux/atomic/atomic-long.h:1506 ./include/linux/atomic/atomic-instrumented.h:4481 kernel/locking/mutex.c:926) 
[ 4858.508321][ C0] mmput (kernel/fork.c:1189 kernel/fork.c:1123 kernel/fork.c:1144) 
[ 4858.508495][ C0] exit_mm (kernel/exit.c:582) 
[ 4858.508668][ C0] do_exit (kernel/exit.c:955) 
[ 4858.508838][ C0] ? __pfx_do_exit (kernel/exit.c:897) 
[ 4858.509060][ C0] ? do_group_exit (./include/linux/spinlock.h:402 kernel/exit.c:1102) 
[ 4858.509281][ C0] ? __lock_release (kernel/locking/lockdep.c:5539) 
[ 4858.509512][ C0] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 4858.509739][ C0] do_group_exit (kernel/exit.c:1086) 
[ 4858.509962][ C0] __x64_sys_exit_group (kernel/exit.c:1114) 
[ 4858.510184][ C0] x64_sys_call (arch/x86/entry/syscall_64.c:37) 
[ 4858.510411][ C0] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) 
[ 4858.510636][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 4858.510909][    C0] RIP: 0033:0x7f6f4958cadd
[ 4858.511136][ C0] Code: Unable to access opcode bytes at 0x7f6f4958cab3.

Code starting with the faulting instruction
===========================================
[ 4858.511428][    C0] RSP: 002b:00007fffe6fdd008 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 4858.511766][    C0] RAX: ffffffffffffffda RBX: 00007f6f496a89c0 RCX: 00007f6f4958cadd
[ 4858.512100][    C0] RDX: 00000000000000e7 RSI: fffffffffffffe98 RDI: 0000000000000000
[ 4858.512433][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000060
[ 4858.512769][    C0] R10: 00007fffe6fdce30 R11: 0000000000000246 R12: 00007f6f496a89c0


Finger prints:
xfrm_lookup_with_ifid:xfrm_lookup_route:ip6_dst_lookup_flow:udp_tunnel6_dst_lookup:geneve6_xmit_skb