======================================
| [ 4109.685105][T15504] eth1: renamed from tmp
| [ 4130.048958][T15626] eth1: renamed from tmp
| [ 4139.667524][T15669] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000021: 0000 [#1] SMP KASAN
| [ 4139.668009][T15669] KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]
[ 4139.668640][T15669] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[4139.668878][T15669] RIP: 0010:ip6_rt_pcpu_alloc (./include/net/net_namespace.h:409 ./include/linux/netdevice.h:2718 net/ipv6/route.c:1418) 
[ 4139.669080][T15669] Code: ff 45 0f b7 ef 49 89 c6 e8 6c 32 39 00 49 8d 86 08 01 00 00 48 89 c2 48 89 44 24 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 b8 03 00 00 4d 8b be 08 01 00 00 44 89 e9 ba ff
All code
========
   0:	ff 45 0f             	incl   0xf(%rbp)
   3:	b7 ef                	mov    $0xef,%bh
   5:	49 89 c6             	mov    %rax,%r14
   8:	e8 6c 32 39 00       	call   0x393279
   d:	49 8d 86 08 01 00 00 	lea    0x108(%r14),%rax
  14:	48 89 c2             	mov    %rax,%rdx
  17:	48 89 44 24 08       	mov    %rax,0x8(%rsp)
  1c:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  23:	fc ff df 
  26:	48 c1 ea 03          	shr    $0x3,%rdx
  2a:*	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)		<-- trapping instruction
  2e:	0f 85 b8 03 00 00    	jne    0x3ec
  34:	4d 8b be 08 01 00 00 	mov    0x108(%r14),%r15
  3b:	44 89 e9             	mov    %r13d,%ecx
  3e:	ba                   	.byte 0xba
  3f:	ff                   	.byte 0xff

Code starting with the faulting instruction
===========================================
   0:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   4:	0f 85 b8 03 00 00    	jne    0x3c2
   a:	4d 8b be 08 01 00 00 	mov    0x108(%r14),%r15
  11:	44 89 e9             	mov    %r13d,%ecx
  14:	ba                   	.byte 0xba
  15:	ff                   	.byte 0xff
[ 4139.669756][T15669] RSP: 0018:ffffc900074769b8 EFLAGS: 00010206
[ 4139.670005][T15669] RAX: dffffc0000000000 RBX: ffff88801315a000 RCX: 0000000000000001
[ 4139.670294][T15669] RDX: 0000000000000021 RSI: ffffffffa8058ae0 RDI: ffff888008ff1000
[ 4139.670581][T15669] RBP: ffff88801315a02c R08: 0000000000000000 R09: 0000000000000001
[ 4139.670866][T15669] R10: 0000000000000000 R11: ffffffffa8f83a80 R12: ffffc90007476ab8
[ 4139.671168][T15669] R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000000008
[ 4139.671456][T15669] FS:  00007f9f8f1fc740(0000) GS:ffff8880c2d2c000(0000) knlGS:0000000000000000
[ 4139.671801][T15669] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4139.672047][T15669] CR2: 0000559459db2dec CR3: 000000000ba13005 CR4: 0000000000772ef0
[ 4139.672347][T15669] PKRU: 55555554
[ 4139.672492][T15669] Call Trace:
[ 4139.672635][T15669]  <TASK>
[4139.672735][T15669] ? ip6_rt_cache_alloc.constprop.0 (net/ipv6/route.c:1407) 
[4139.672975][T15669] ? rt6_check_expired (net/ipv6/route.c:1835) 
[4139.673166][T15669] ip6_pol_route (net/ipv6/route.c:1467 net/ipv6/route.c:2305) 
[4139.673364][T15669] ? ip6_pol_route_lookup (net/ipv6/route.c:2254) 
[4139.673556][T15669] ? l3mdev_fib_rule_match (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 net/l3mdev/l3mdev.c:266) 
[4139.673751][T15669] ? __lock_release (kernel/locking/lockdep.c:5536) 
[4139.673945][T15669] __fib6_rule_action (net/ipv6/fib6_rules.c:239) 
[4139.674132][T15669] ? ip6_pol_route_input (net/ipv6/route.c:2650) 
[4139.674319][T15669] ? l3mdev_fib_rule_match (net/l3mdev/l3mdev.c:269) 
[4139.674507][T15669] fib_rules_lookup (net/core/fib_rules.c:339) 
[4139.674702][T15669] ? fib_nl_dumprule (net/core/fib_rules.c:315) 
[4139.674891][T15669] ? l3mdev_update_flow (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 net/l3mdev/l3mdev.c:301) 
[4139.675080][T15669] ? ip6_pol_route_input (net/ipv6/route.c:2650) 
[4139.675274][T15669] fib6_rule_lookup (net/ipv6/fib6_rules.c:115) 
[4139.675461][T15669] ? fib6_lookup (net/ipv6/fib6_rules.c:99) 
[4139.675649][T15669] ? ip6_pol_route_input (net/ipv6/route.c:2650) 
[4139.675838][T15669] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:751) 
[4139.676032][T15669] ? lock_acquire (./include/trace/events/lock.h:24 kernel/locking/lockdep.c:5831) 
[4139.676220][T15669] ? ip6_route_output_flags (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 net/ipv6/route.c:2695) 
[4139.676411][T15669] ip6_route_output_flags (net/ipv6/route.c:2684 net/ipv6/route.c:2696) 
[4139.676597][T15669] ? update_sg_lb_stats.constprop.0 (kernel/sched/fair.c:10138 kernel/sched/fair.c:10165 kernel/sched/fair.c:10326) 
[4139.676838][T15669] ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1159) 
[4139.677077][T15669] ip6_dst_lookup_flow (net/ipv6/ip6_output.c:1263) 
[4139.677265][T15669] ? ip6_dst_lookup_tail.constprop.0 (net/ipv6/ip6_output.c:1258) 
[4139.677499][T15669] ? update_sd_lb_stats.constprop.0 (kernel/sched/fair.c:10956) 
[4139.677735][T15669] vrf_process_v6_outbound (drivers/net/vrf.c:436) 
[4139.677925][T15669] ? vrf_ip6_local_out (drivers/net/vrf.c:413) 
[4139.678120][T15669] ? __lock_acquire (kernel/locking/lockdep.c:5237) 
[4139.678312][T15669] vrf_xmit (drivers/net/vrf.c:556 drivers/net/vrf.c:568) 
[4139.678455][T15669] dev_hard_start_xmit (./include/linux/netdevice.h:5222 ./include/linux/netdevice.h:5231 net/core/dev.c:3839 net/core/dev.c:3855) 
[4139.678644][T15669] __dev_queue_xmit (net/core/dev.h:378 net/core/dev.c:4726) 
[4139.678834][T15669] ? __lock_acquire (kernel/locking/lockdep.c:5237) 
[4139.679021][T15669] ? netdev_core_pick_tx (net/core/dev.c:4633) 
[4139.679211][T15669] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:836 ./include/net/neighbour.h:501) 
[4139.679397][T15669] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4472) 
[4139.679586][T15669] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:836 ./include/net/neighbour.h:501) 
[4139.679774][T15669] ? ip6_finish_output2 (./include/linux/rcupdate.h:331 (discriminator 142) ./include/linux/rcupdate.h:841 (discriminator 142) net/ipv6/ip6_output.c:126 (discriminator 142)) 
[4139.679965][T15669] ip6_finish_output2 (./include/net/neighbour.h:545 net/ipv6/ip6_output.c:141) 
[4139.680151][T15669] ? ip6_mtu (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 ./include/net/ip6_route.h:343 net/ipv6/route.c:3268) 
[4139.680294][T15669] ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226) 
[4139.680481][T15669] ip6_output (./include/linux/netfilter.h:307 net/ipv6/ip6_output.c:248) 
[4139.680625][T15669] ? ip6_finish_output (net/ipv6/ip6_output.c:234) 
[4139.680812][T15669] ? find_held_lock (kernel/locking/lockdep.c:5350) 
[4139.681001][T15669] ? ip6_mtu (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:871 ./include/net/ip6_route.h:343 net/ipv6/route.c:3268) 
[4139.681147][T15669] ? __lock_release (kernel/locking/lockdep.c:5536) 
[4139.681339][T15669] ip6_xmit (./include/net/dst.h:461 ./include/linux/netfilter.h:318 ./include/linux/netfilter.h:312 net/ipv6/ip6_output.c:367) 
[4139.681485][T15669] ? ip6_append_data (net/ipv6/ip6_output.c:270) 
[4139.681673][T15669] ? __lock_acquire (kernel/locking/lockdep.c:5237) 
[4139.681862][T15669] inet6_csk_xmit (net/ipv6/inet6_connection_sock.c:120 (discriminator 11)) 
[4139.682052][T15669] ? __lock_release (kernel/locking/lockdep.c:5536) 
[4139.682238][T15669] ? inet6_csk_route_socket (net/ipv6/inet6_connection_sock.c:100) 
[4139.682426][T15669] ? __kernel_text_address (kernel/extable.c:79) 
[4139.682613][T15669] ? __copy_skb_header (./include/net/dst.h:290 net/core/skbuff.c:1495) 
[4139.682803][T15669] __tcp_transmit_skb (net/ipv4/tcp_output.c:1479) 
[4139.682994][T15669] ? __lock_acquire (kernel/locking/lockdep.c:5237) 
[4139.683179][T15669] ? __tcp_select_window (net/ipv4/tcp_output.c:1300) 
[4139.683373][T15669] ? ktime_get (./include/linux/seqlock.h:74 kernel/time/timekeeping.c:818) 
[4139.683564][T15669] tcp_write_xmit (net/ipv4/tcp_output.c:2833) 
[4139.683754][T15669] ? __build_skb_around (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 net/core/skbuff.c:382 net/core/skbuff.c:439) 
[4139.683942][T15669] ? __alloc_skb (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 ./include/linux/refcount.h:134 net/core/skbuff.c:693) 
[4139.684126][T15669] ? tcp_retrans_try_collapse (net/ipv4/tcp_output.c:2742) 
[4139.684361][T15669] ? skb_do_copy_data_nocache (./include/net/sock.h:2250) 
[4139.684547][T15669] ? trace_tcp_ao_handshake_failure (./include/net/sock.h:2249) 
[4139.684778][T15669] ? skb_page_frag_refill (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/page_ref.h:67 net/core/sock.c:3121) 
[4139.684968][T15669] __tcp_push_pending_frames (net/ipv4/tcp_output.c:3016) 
[4139.685157][T15669] tcp_sendmsg_locked (net/ipv4/tcp.c:1356) 
[4139.685349][T15669] ? tcp_sendmsg_fastopen (net/ipv4/tcp.c:1059) 
[4139.685537][T15669] ? find_held_lock (kernel/locking/lockdep.c:5350) 
[4139.685727][T15669] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:412) 
[4139.685917][T15669] tcp_sendmsg (net/ipv4/tcp.c:1394) 
[4139.686061][T15669] sock_write_iter (net/socket.c:714 net/socket.c:729 net/socket.c:1179) 
[4139.686249][T15669] ? ____sys_recvmsg (net/socket.c:1163) 
[4139.686442][T15669] ? __lock_acquire (kernel/locking/lockdep.c:5237) 
[4139.686634][T15669] vfs_write (fs/read_write.c:594 fs/read_write.c:686) 
[4139.686779][T15669] ? kernel_write (fs/read_write.c:667) 
[4139.686965][T15669] ? trace_rseq_update (./include/trace/events/rseq.h:11 (discriminator 21)) 
[4139.687152][T15669] ? rseq_update_cpu_node_id (kernel/rseq.c:189 (discriminator 10)) 
[4139.687345][T15669] ? __rseq_handle_notify_resume (kernel/rseq.c:442) 
[4139.687579][T15669] ksys_write (fs/read_write.c:738) 
[4139.687720][T15669] ? __ia32_sys_read (fs/read_write.c:728) 
[4139.687911][T15669] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) 
[4139.688097][T15669] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 4139.688328][T15669] RIP: 0033:0x7f9f8f2fd337
[ 4139.688526][T15669] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
All code
========
   0:	0f 00                	(bad)
   2:	f7 d8                	neg    %eax
   4:	64 89 02             	mov    %eax,%fs:(%rdx)
   7:	48 c7 c0 ff ff ff ff 	mov    $0xffffffffffffffff,%rax
   e:	eb b7                	jmp    0xffffffffffffffc7
  10:	0f 1f 00             	nopl   (%rax)
  13:	f3 0f 1e fa          	endbr64
  17:	64 8b 04 25 18 00 00 	mov    %fs:0x18,%eax
  1e:	00 
  1f:	85 c0                	test   %eax,%eax
  21:	75 10                	jne    0x33
  23:	b8 01 00 00 00       	mov    $0x1,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 51                	ja     0x83
  32:	c3                   	ret
  33:	48 83 ec 28          	sub    $0x28,%rsp
  37:	48 89 54 24 18       	mov    %rdx,0x18(%rsp)
  3c:	48                   	rex.W
  3d:	89                   	.byte 0x89
  3e:	74 24                	je     0x64

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 51                	ja     0x59
   8:	c3                   	ret
   9:	48 83 ec 28          	sub    $0x28,%rsp
   d:	48 89 54 24 18       	mov    %rdx,0x18(%rsp)
  12:	48                   	rex.W
  13:	89                   	.byte 0x89
  14:	74 24                	je     0x3a
[ 4139.689194][T15669] RSP: 002b:00007fff26a63ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 4139.689482][T15669] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 00007f9f8f2fd337
[ 4139.689765][T15669] RDX: 000000000000000c RSI: 0000000000406752 RDI: 0000000000000005
[ 4139.690045][T15669] RBP: 0000000000000005 R08: 000000000000000c R09: 0000000000000000
[ 4139.690330][T15669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005


Finger prints:
ip6_rt_pcpu_alloc:ip6_pol_route:__fib6_rule_action:fib_rules_lookup:fib6_rule_lookup