======================================
| [  947.678771] #PF: supervisor read access in kernel mode
| [  947.678802] #PF: error_code(0x0000) - not-present page
| [  947.678834] PGD 2834067 P4D 2834067 PUD 819e067 PMD 0
| [  947.678870] Oops: 0000 [#1] PREEMPT SMP NOPTI
[  947.678946] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  947.679010] Workqueue: mld mld_ifc_work
[  947.679048] RIP: 0010:xfrm_tmpl_resolve (net/xfrm/xfrm_policy.c:2492 net/xfrm/xfrm_policy.c:2541) 
[ 947.679086] Code: 4c 8b 6c 24 08 41 8b 47 6c 4d 89 f8 48 89 ea 4c 89 f6 4c 89 ef 50 8b 44 24 08 50 4c 8d 4c 24 6c e8 09 ce 00 00 49 89 c0 58 5a <41> f6 80 e8 02 00 00 fd 0f 85 29 03 00 00 4d 85 c0 0f 84 a7 00 00
All code
========
   0:	4c 8b 6c 24 08       	mov    0x8(%rsp),%r13
   5:	41 8b 47 6c          	mov    0x6c(%r15),%eax
   9:	4d 89 f8             	mov    %r15,%r8
   c:	48 89 ea             	mov    %rbp,%rdx
   f:	4c 89 f6             	mov    %r14,%rsi
  12:	4c 89 ef             	mov    %r13,%rdi
  15:	50                   	push   %rax
  16:	8b 44 24 08          	mov    0x8(%rsp),%eax
  1a:	50                   	push   %rax
  1b:	4c 8d 4c 24 6c       	lea    0x6c(%rsp),%r9
  20:	e8 09 ce 00 00       	call   0xce2e
  25:	49 89 c0             	mov    %rax,%r8
  28:	58                   	pop    %rax
  29:	5a                   	pop    %rdx
  2a:*	41 f6 80 e8 02 00 00 	testb  $0xfd,0x2e8(%r8)		<-- trapping instruction
  31:	fd 
  32:	0f 85 29 03 00 00    	jne    0x361
  38:	4d 85 c0             	test   %r8,%r8
  3b:	0f                   	.byte 0xf
  3c:	84                   	.byte 0x84
  3d:	a7                   	cmpsl  %es:(%rdi),%ds:(%rsi)
	...

Code starting with the faulting instruction
===========================================
   0:	41 f6 80 e8 02 00 00 	testb  $0xfd,0x2e8(%r8)
   7:	fd 
   8:	0f 85 29 03 00 00    	jne    0x337
   e:	4d 85 c0             	test   %r8,%r8
  11:	0f                   	.byte 0xf
  12:	84                   	.byte 0x84
  13:	a7                   	cmpsl  %es:(%rdi),%ds:(%rsi)
	...
[  947.679182] RSP: 0018:ffff96178010f810 EFLAGS: 00010246
[  947.679218] RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffff8a7a04c51794
[  947.679263] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8a7a01389700
[  947.679307] RBP: ffff8a7a04c51768 R08: 0000000000000000 R09: ffff96178010f86c
[  947.679352] R10: ffff8a7a02ab9580 R11: 0000000000000002 R12: ffff8a7a02ab9598
[  947.679396] R13: ffff8a7a04c51794 R14: ffff8a7a04c51790 R15: ffff8a7a02ab9400
[  947.679443] FS:  0000000000000000(0000) GS:ffff8a7a3ed00000(0000) knlGS:0000000000000000
[  947.679490] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  947.679529] CR2: 00000000000002e8 CR3: 000000000862e003 CR4: 0000000000770ef0
[  947.679575] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  947.679618] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  947.679663] PKRU: 55555554
[  947.679681] Call Trace:
[  947.679703]  <TASK>
[  947.679721] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) 
[  947.679753] ? page_fault_oops (arch/x86/mm/fault.c:713) 
[  947.679787] ? __kmalloc_node_track_caller (mm/slub.c:3828 mm/slub.c:3965 mm/slub.c:3986) 
[  947.679824] ? netlink_has_listeners (net/netlink/af_netlink.c:1396) 
[  947.679859] ? exc_page_fault (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:72 arch/x86/mm/fault.c:1513 arch/x86/mm/fault.c:1563) 
[  947.679890] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) 
[  947.679923] ? xfrm_tmpl_resolve (net/xfrm/xfrm_policy.c:2492 net/xfrm/xfrm_policy.c:2541) 
[  947.679955] ? pcpu_block_update_hint_alloc (mm/percpu.c:876) 
[  947.679999] xfrm_resolve_and_create_bundle (net/xfrm/xfrm_policy.c:2836) 
[  947.680031] ? update_sd_lb_stats.constprop.0 (kernel/sched/fair.c:9921 kernel/sched/fair.c:10577) 
[  947.680068] ? xfrm_policy_inexact_lookup_rcu (./include/linux/rhashtable.h:133 ./include/linux/rhashtable.h:159 ./include/linux/rhashtable.h:604 ./include/linux/rhashtable.h:646 net/xfrm/xfrm_policy.c:2088) 
[  947.680103] ? xfrm_policy_lookup_bytype.constprop.0 (net/xfrm/xfrm_policy.c:2235) 
[  947.680144] ? rt_set_nexthop.constprop.0 (net/ipv4/route.c:1594) 
[  947.680179] xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3073 net/xfrm/xfrm_policy.c:3202) 
[  947.680214] xfrm_lookup_route (net/xfrm/xfrm_policy.c:3314) 
[  947.680241] __ip_queue_xmit (net/ipv4/ip_output.c:498) 
[  947.680277] l2tp_xmit_skb (net/l2tp/l2tp_core.c:1007 net/l2tp/l2tp_core.c:1093 net/l2tp/l2tp_core.c:1109) l2tp_core
[  947.680322] l2tp_eth_dev_xmit (net/l2tp/l2tp_eth.c:75) l2tp_eth
[  947.680357] dev_hard_start_xmit (./include/linux/netdevice.h:4878 ./include/linux/netdevice.h:4892 net/core/dev.c:3564 net/core/dev.c:3580) 
[  947.680387] sch_direct_xmit (net/sched/sch_generic.c:343) 
[  947.680421] __dev_queue_xmit (net/core/dev.c:3793 net/core/dev.c:4339) 
[  947.680449] ? xfrm_policy_lookup_bytype.constprop.0 (net/xfrm/xfrm_policy.c:2235) 
[  947.680490] ip6_finish_output2 (./include/net/neighbour.h:526 ./include/net/neighbour.h:540 net/ipv6/ip6_output.c:137) 
[  947.680520] ? ip6_mc_hdr.constprop.0 (./include/linux/skbuff.h:2964 ./include/linux/ipv6.h:108 net/ipv6/mcast.c:1713) 
[  947.680556] ? kmem_cache_alloc (mm/slub.c:3828 mm/slub.c:3852) 
[  947.680585] ip6_finish_output (net/ipv6/ip6_output.c:211 net/ipv6/ip6_output.c:222) 
[  947.680616] mld_sendpack (net/ipv6/mcast.c:1822) 
[  947.680647] mld_ifc_work (net/ipv6/mcast.c:2652) 
[  947.680674] process_one_work (kernel/workqueue.c:3254) 
[  947.680706] worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416) 
[  947.680735] ? __pfx_worker_thread (kernel/workqueue.c:3362) 
[  947.680766] kthread (kernel/kthread.c:388) 
[  947.680795] ? __pfx_kthread (kernel/kthread.c:341) 
[  947.680820] ret_from_fork (arch/x86/kernel/process.c:147) 
[  947.680853] ? __pfx_kthread (kernel/kthread.c:341) 


Finger prints:
xfrm_tmpl_resolve:xfrm_resolve_and_create_bundle:xfrm_lookup_with_ifid:xfrm_lookup_route