======================================
| [ 2790.822237][    C2] ==================================================================
| [ 2790.822521][ C2] BUG: KASAN: slab-use-after-free in xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
| [ 2790.822780][    C2] Read of size 8 at addr ffff8880061acb50 by task socat/20472
| [ 2790.823024][    C2]
[ 2790.823364][    C2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 2790.823716][    C2] Call Trace:
[ 2790.823841][    C2]  <IRQ>
[ 2790.823924][ C2] dump_stack_lvl (lib/dump_stack.c:123) 
[ 2790.824087][ C2] print_address_description.constprop.0 (mm/kasan/report.c:378) 
[ 2790.824285][ C2] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 2790.824454][ C2] print_report (mm/kasan/report.c:489) 
[ 2790.824613][ C2] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 2790.824772][ C2] kasan_report (mm/kasan/report.c:603) 
[ 2790.824894][ C2] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 2790.825055][ C2] xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 2790.825217][ C2] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3132) 
[ 2790.825421][ C2] ? l4proto_manip_pkt (./include/net/checksum.h:167 net/netfilter/nf_nat_proto.c:216 net/netfilter/nf_nat_proto.c:342) nf_nat
[ 2790.825632][ C2] nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:684) nf_nat
[ 2790.825799][ C2] ? __pfx_nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:664) nf_nat
[ 2790.826005][ C2] ? nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 2790.826242][ C2] ? __pfx_nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 2790.826468][ C2] nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:783 net/netfilter/nf_nat_proto.c:755) nf_nat
[ 2790.826635][ C2] ? __pfx_nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:757) nf_nat
[ 2790.826838][ C2] nf_hook_slow (./include/linux/netfilter.h:154 net/netfilter/core.c:626) 
[ 2790.827002][ C2] nf_hook (./include/linux/netfilter.h:269) 
[ 2790.827123][ C2] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 2790.827284][ C2] ? __pfx_nf_hook (./include/linux/netfilter.h:227) 
[ 2790.827444][ C2] ? __ip_append_data (./include/linux/skbuff.h:3205 ./include/linux/skbuff.h:3213 ./include/linux/skbuff.h:3227 net/ipv4/ip_output.c:1165) 
[ 2790.827602][ C2] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 2790.827763][ C2] ip_output (./include/linux/netfilter.h:301 net/ipv4/ip_output.c:434) 
[ 2790.827883][ C2] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 2790.828048][ C2] ip_push_pending_frames (./include/net/dst.h:450 net/ipv4/ip_output.c:130 net/ipv4/ip_output.c:1505 net/ipv4/ip_output.c:1525) 
[ 2790.828212][ C2] ip_send_unicast_reply (./include/net/route.h:266 net/ipv4/ip_output.c:1675) 
[ 2790.828371][ C2] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 2790.828532][ C2] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 2790.828656][ C2] ? __pfx_ip_send_unicast_reply (net/ipv4/ip_output.c:1605) 
[ 2790.828854][ C2] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 2790.829019][ C2] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) 
[ 2790.829179][ C2] ? tcp_v4_send_ack.constprop.0 (./include/linux/local_lock_internal.h:29 net/ipv4/tcp_ipv4.c:1016) 
[ 2790.829378][ C2] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 2790.829504][ C2] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 2790.829662][ C2] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 2790.829821][ C2] tcp_v4_send_ack.constprop.0 (./include/net/net_namespace.h:380 ./include/net/sock.h:661 net/ipv4/tcp_ipv4.c:1030) 
[ 2790.830044][ C2] ? __pfx_tcp_v4_send_ack.constprop.0 (net/ipv4/tcp_ipv4.c:933) 
[ 2790.830250][ C2] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 2790.830408][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 2790.830567][ C2] ? tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 2790.830727][ C2] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 2790.830893][ C2] ? __pfx_tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2177) 
[ 2790.831051][ C2] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 2790.831213][ C2] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207 (discriminator 8)) 
[ 2790.831375][ C2] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2790.831533][ C2] ip_local_deliver_finish (./include/linux/rcupdate.h:878 net/ipv4/ip_input.c:234) 
[ 2790.831694][ C2] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2790.831854][ C2] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) 
[ 2790.832015][ C2] __netif_receive_skb_one_core (net/core/dev.c:5670 (discriminator 4)) 
[ 2790.832220][ C2] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5663) 
[ 2790.832417][ C2] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2790.832576][ C2] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 2790.832735][ C2] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2790.832894][ C2] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6116) 
[ 2790.833055][ C2] __napi_poll.constprop.0 (net/core/dev.c:6779) 
[ 2790.833214][ C2] net_rx_action (net/core/dev.c:6848 net/core/dev.c:6970) 
[ 2790.833377][ C2] ? __pfx_net_rx_action (net/core/dev.c:6932) 
[ 2790.833543][ C2] ? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491) 
[ 2790.833702][ C2] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 2790.833863][ C2] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 2790.833982][ C2] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406) 
[ 2790.834185][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 2790.834347][ C2] handle_softirqs (kernel/softirq.c:554) 
[ 2790.834508][ C2] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 2790.834666][ C2] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) 
[ 2790.834787][    C2]  </IRQ>
[ 2790.834874][    C2]  <TASK>
[ 2790.834954][ C2] __local_bh_enable_ip (kernel/softirq.c:382) 
[ 2790.835113][ C2] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 2790.835270][ C2] __dev_queue_xmit (net/core/dev.c:4460) 
[ 2790.835433][ C2] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 2790.835592][ C2] ? ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 2790.835750][ C2] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 2790.835908][ C2] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 2790.836070][ C2] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 2790.836230][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 2790.836391][ C2] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 2790.836586][ C2] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 2790.836746][ C2] ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 2790.836912][ C2] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:200) 
[ 2790.837070][ C2] ? __ip_finish_output (./include/linux/skbuff.h:1669 ./include/linux/skbuff.h:5010 net/ipv4/ip_output.c:308 net/ipv4/ip_output.c:296) 
[ 2790.837227][ C2] __ip_queue_xmit (net/ipv4/ip_output.c:536 (discriminator 4)) 
[ 2790.837389][ C2] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) 
[ 2790.837557][ C2] __tcp_transmit_skb (net/ipv4/tcp_output.c:1466 (discriminator 4)) 
[ 2790.837717][ C2] ? __pfx___tcp_transmit_skb (net/ipv4/tcp_output.c:1287) 
[ 2790.837873][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 2790.838032][ C2] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 2790.838230][ C2] ? tcp_small_queue_check.isra.0 (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/ipv4/tcp_output.c:2631) 
[ 2790.838428][ C2] tcp_write_xmit (net/ipv4/tcp_output.c:2830) 
[ 2790.838593][ C2] ? tcp_current_mss (./include/net/dst.h:216 net/ipv4/tcp_output.c:1872) 
[ 2790.838757][ C2] ? __pfx_tcp_current_mss (net/ipv4/tcp_output.c:1861) 
[ 2790.838915][ C2] ? __alloc_skb (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 ./include/linux/refcount.h:125 net/core/skbuff.c:702) 
[ 2790.839076][ C2] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2739) 
[ 2790.839232][ C2] ? tcp_set_state (net/ipv4/tcp.c:2870 (discriminator 53)) 
[ 2790.839389][ C2] ? __pfx_tcp_set_state (net/ipv4/tcp.c:2870) 
[ 2790.839554][ C2] __tcp_push_pending_frames (net/ipv4/tcp_output.c:3015) 
[ 2790.839711][ C2] inet_shutdown (net/ipv4/af_inet.c:925) 
[ 2790.839868][ C2] ? sockfd_lookup_light (net/socket.c:557) 
[ 2790.840040][ C2] __sys_shutdown (net/socket.c:2448 net/socket.c:2460) 
[ 2790.840198][ C2] ? __pfx___sys_shutdown (net/socket.c:2454) 
[ 2790.840357][ C2] ? audit_reset_context.part.0.constprop.0 (./include/linux/list.h:373 kernel/auditsc.c:1023) 
[ 2790.840559][ C2] __x64_sys_shutdown (net/socket.c:2466) 
[ 2790.840716][ C2] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 2790.840874][ C2] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 2790.841073][    C2] RIP: 0033:0x7fbecd837beb
[ 2790.841235][ C2] Code: 73 01 c3 48 8b 0d 15 92 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 30 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e5 91 1b 00 f7 d8 64 89 01 48
All code
========
   0:	73 01                	jae    0x3
   2:	c3                   	ret
   3:	48 8b 0d 15 92 1b 00 	mov    0x1b9215(%rip),%rcx        # 0x1b921f
   a:	f7 d8                	neg    %eax
   c:	64 89 01             	mov    %eax,%fs:(%rcx)
   f:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  13:	c3                   	ret
  14:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  1b:	00 00 00 
  1e:	90                   	nop
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 30 00 00 00       	mov    $0x30,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b921f
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b91f5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[ 2790.841800][    C2] RSP: 002b:00007ffc5d1681a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000030
[ 2790.842038][    C2] RAX: ffffffffffffffda RBX: 0000560df33ff610 RCX: 00007fbecd837beb
[ 2790.842276][    C2] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000008
[ 2790.842514][    C2] RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000000
[ 2790.842752][    C2] R10: 0000000000000000 R11: 0000000000000202 R12: ffffffffffffffff
[ 2790.843096][    C2] R13: 0000000000000000 R14: 0000560ddd41a10e R15: 0000000000000001
| [ 2790.860130][    C2] Disabling lock debugging due to kernel taint
| [ 2792.783750][    C0] Oops: general protection fault, probably for non-canonical address 0xfbd5a5d5a0000047: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [ 2792.784220][    C0] KASAN: maybe wild-memory-access in range [0xdead4ead00000238-0xdead4ead0000023f]
| [ 2792.784840][    C0] Tainted: [B]=BAD_PAGE
[ 2792.784974][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 2792.785365][ C0] RIP: 0010:xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2218) 
[ 2792.785594][ C0] Code: 48 89 44 24 18 0f b7 44 24 06 89 44 24 28 e9 a9 01 00 00 4d 85 ed 0f 84 2f 02 00 00 49 8d bd 3e 02 00 00 48 89 f8 48 c1 e8 03 <0f> b6 14 18 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 8c
All code
========
   0:	48 89 44 24 18       	mov    %rax,0x18(%rsp)
   5:	0f b7 44 24 06       	movzwl 0x6(%rsp),%eax
   a:	89 44 24 28          	mov    %eax,0x28(%rsp)
   e:	e9 a9 01 00 00       	jmp    0x1bc
  13:	4d 85 ed             	test   %r13,%r13
  16:	0f 84 2f 02 00 00    	je     0x24b
  1c:	49 8d bd 3e 02 00 00 	lea    0x23e(%r13),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
  2a:*	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx		<-- trapping instruction
  2e:	48 89 f8             	mov    %rdi,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 01             	add    $0x1,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 08                	jl     0x43
  3b:	84 d2                	test   %dl,%dl
  3d:	0f                   	.byte 0xf
  3e:	85                   	.byte 0x85
  3f:	8c                   	.byte 0x8c

Code starting with the faulting instruction
===========================================
   0:	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx
   4:	48 89 f8             	mov    %rdi,%rax
   7:	83 e0 07             	and    $0x7,%eax
   a:	83 c0 01             	add    $0x1,%eax
   d:	38 d0                	cmp    %dl,%al
   f:	7c 08                	jl     0x19
  11:	84 d2                	test   %dl,%dl
  13:	0f                   	.byte 0xf
  14:	85                   	.byte 0x85
  15:	8c                   	.byte 0x8c
[ 2792.786196][    C0] RSP: 0018:ffffc90000006a80 EFLAGS: 00010a07
[ 2792.786420][    C0] RAX: 1bd5a9d5a0000047 RBX: dffffc0000000000 RCX: ffffffffb7b17087
[ 2792.786686][    C0] RDX: ffffffffb7b17087 RSI: 0000000000000008 RDI: dead4ead0000023e
[ 2792.786944][    C0] RBP: ffff8880061ade50 R08: 0000000000000000 R09: 0000000000000000
[ 2792.787197][    C0] R10: ffffffffb9b7388f R11: dffffc0000000000 R12: 0000000000000000
[ 2792.787450][    C0] R13: dead4ead00000000 R14: ffff8880061ade50 R15: ffffc90000006c70
[ 2792.787717][    C0] FS:  00007fbecd7a9740(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
[ 2792.788013][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2792.788230][    C0] CR2: 0000560df3405b88 CR3: 0000000009482001 CR4: 0000000000772ef0
[ 2792.788485][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2792.788748][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2792.789011][    C0] PKRU: 55555554
[ 2792.789139][    C0] Call Trace:
[ 2792.789269][    C0]  <IRQ>
[ 2792.789364][ C0] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 2792.789499][ C0] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) 
[ 2792.789677][ C0] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 2792.789996][ C0] ? xfrm_sk_policy_lookup (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 net/xfrm/xfrm_policy.c:2211) 
[ 2792.790169][ C0] ? xfrm_sk_policy_lookup (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 net/xfrm/xfrm_policy.c:2211) 
[ 2792.790336][ C0] ? xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2218) 
[ 2792.790618][ C0] ? __pfx_xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2208) 
[ 2792.790838][ C0] xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3147) 
[ 2792.791006][ C0] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3132) 
[ 2792.791220][ C0] ? l4proto_manip_pkt (./include/net/checksum.h:167 net/netfilter/nf_nat_proto.c:216 net/netfilter/nf_nat_proto.c:342) nf_nat
[ 2792.791559][ C0] nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:684) nf_nat
[ 2792.791740][ C0] ? __pfx_nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:664) nf_nat
[ 2792.792076][ C0] ? nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 2792.792326][ C0] ? __pfx_nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 2792.792560][ C0] nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:783 net/netfilter/nf_nat_proto.c:755) nf_nat
[ 2792.792737][ C0] ? __pfx_nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:757) nf_nat
[ 2792.793068][ C0] nf_hook_slow (./include/linux/netfilter.h:154 net/netfilter/core.c:626) 
[ 2792.793242][ C0] nf_hook (./include/linux/netfilter.h:269) 
[ 2792.793367][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 2792.793536][ C0] ? __pfx_nf_hook (./include/linux/netfilter.h:227) 
[ 2792.793710][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 2792.793892][ C0] ? nf_nat_ipv4_local_fn (net/netfilter/nf_nat_proto.c:801) nf_nat
[ 2792.794225][ C0] ip_output (./include/linux/netfilter.h:301 net/ipv4/ip_output.c:434) 
[ 2792.794347][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 2792.794514][ C0] vrf_ip_local_out (./include/net/dst.h:450 drivers/net/vrf.c:501) 
[ 2792.794700][ C0] ? __pfx_vrf_ip_local_out (drivers/net/vrf.c:493) 
[ 2792.794875][ C0] ? hpet_cpuhp_online (arch/x86/kernel/hpet.c:638 arch/x86/kernel/hpet.c:659 arch/x86/kernel/hpet.c:688) 
[ 2792.795161][ C0] ? __pfx_dst_output (./include/net/dst.h:449) 
[ 2792.795324][ C0] vrf_process_v4_outbound (drivers/net/vrf.c:553) 
[ 2792.795495][ C0] ? __pfx_vrf_process_v4_outbound (drivers/net/vrf.c:508) 
[ 2792.795823][ C0] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:27 (discriminator 1)) 
[ 2792.796111][ C0] vrf_xmit (drivers/net/vrf.c:570 drivers/net/vrf.c:584) 
[ 2792.796242][ C0] dev_hard_start_xmit (./include/linux/netdevice.h:4920 ./include/linux/netdevice.h:4929 net/core/dev.c:3588 net/core/dev.c:3604) 
[ 2792.796411][ C0] sch_direct_xmit (net/sched/sch_generic.c:343) 
[ 2792.796582][ C0] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) 
[ 2792.796756][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 2792.797038][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 2792.797209][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 2792.797506][ C0] ? __dev_xmit_skb (net/core/dev.c:3862) 
[ 2792.797685][ C0] __dev_xmit_skb (net/core/dev.c:3875) 
[ 2792.797975][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 2792.798150][ C0] ? __pfx___dev_xmit_skb (net/core/dev.c:3800) 
[ 2792.798320][ C0] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4357) 
[ 2792.798489][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 2792.798770][ C0] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:901 net/core/dev.c:4357) 
[ 2792.799070][ C0] __dev_queue_xmit (net/core/dev.c:4398) 
[ 2792.799238][ C0] ? __pfx___alloc_skb (net/core/skbuff.c:651) 
[ 2792.799423][ C0] ? __pfx_nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 2792.799781][ C0] ? __pfx_nf_confirm (net/netfilter/nf_conntrack_proto.c:137) nf_conntrack
[ 2792.800028][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 2792.800199][ C0] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 2792.800488][ C0] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 2792.800819][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 2792.800989][ C0] ? vrf_finish_output (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 drivers/net/vrf.c:862) 
[ 2792.801159][ C0] vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 2792.801329][ C0] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 2792.801626][ C0] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 2792.801800][ C0] ? vrf_output (./include/linux/netfilter.h:301 drivers/net/vrf.c:889) 
[ 2792.801966][ C0] ip_push_pending_frames (./include/net/dst.h:450 ./include/net/dst.h:448 net/ipv4/ip_output.c:130 net/ipv4/ip_output.c:1505 net/ipv4/ip_output.c:1525) 
[ 2792.802140][ C0] ip_send_unicast_reply (./include/net/route.h:266 net/ipv4/ip_output.c:1675) 
[ 2792.802309][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 2792.802476][ C0] ? __pfx_ip_send_unicast_reply (net/ipv4/ip_output.c:1605) 
[ 2792.802686][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 2792.802855][ C0] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 2792.803025][ C0] ? lock_timer_base (kernel/time/timer.c:1051) 
[ 2792.803194][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 2792.803472][ C0] ? lock_timer_base (kernel/time/timer.c:1051) 
[ 2792.803643][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 2792.803821][ C0] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 2792.804103][ C0] tcp_v4_send_ack.constprop.0 (./include/net/net_namespace.h:380 ./include/net/sock.h:661 net/ipv4/tcp_ipv4.c:1030) 
[ 2792.804315][ C0] ? __pfx_tcp_v4_send_ack.constprop.0 (net/ipv4/tcp_ipv4.c:933) 
[ 2792.804532][ C0] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 2792.804830][ C0] ? tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 2792.804999][ C0] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 2792.805182][ C0] ? __pfx_tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2177) 
[ 2792.805471][ C0] ? nf_hook.constprop.0 (./include/linux/netfilter.h:223) 
[ 2792.805870][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 2792.806181][ C0] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207 (discriminator 8)) 
[ 2792.806491][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2792.806676][ C0] ip_local_deliver_finish (./include/linux/rcupdate.h:878 net/ipv4/ip_input.c:234) 
[ 2792.806864][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2792.807164][ C0] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) 
[ 2792.807357][ C0] __netif_receive_skb_one_core (net/core/dev.c:5670 (discriminator 4)) 
[ 2792.807584][ C0] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5663) 
[ 2792.807818][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2792.808118][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 2792.808298][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 2792.808482][ C0] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6116) 
[ 2792.808662][ C0] __napi_poll.constprop.0 (net/core/dev.c:6779) 
[ 2792.809084][ C0] net_rx_action (net/core/dev.c:6848 net/core/dev.c:6970) 
[ 2792.809270][ C0] ? __pfx_net_rx_action (net/core/dev.c:6932) 
[ 2792.809454][ C0] ? try_to_wake_up (./include/linux/find.h:207 ./include/linux/cpumask.h:154 kernel/sched/core.c:3528 kernel/sched/core.c:4255) 
[ 2792.809636][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 2792.809943][ C0] ? __pfx_try_to_wake_up (kernel/sched/core.c:4119) 
[ 2792.810127][ C0] ? swake_up_one (./include/linux/list.h:373 kernel/sched/swait.c:25 kernel/sched/swait.c:52) 
[ 2792.810420][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 2792.810602][ C0] ? swake_up_one (./include/linux/list.h:373 kernel/sched/swait.c:25 kernel/sched/swait.c:52) 
[ 2792.810893][ C0] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 2792.811080][ C0] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 2792.811312][ C0] handle_softirqs (kernel/softirq.c:554) 
[ 2792.811622][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 2792.811808][ C0] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) 
[ 2792.811946][    C0]  </IRQ>
[ 2792.812038][    C0]  <TASK>
[ 2792.812134][ C0] __local_bh_enable_ip (kernel/softirq.c:382) 
[ 2792.812433][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 2792.812620][ C0] __dev_queue_xmit (net/core/dev.c:4460) 
[ 2792.812918][ C0] ? __kernel_text_address (kernel/extable.c:79) 
[ 2792.813105][ C0] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:369 arch/x86/kernel/unwind_orc.c:364) 
[ 2792.813293][ C0] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 2792.813520][ C0] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26) 
[ 2792.813824][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 2792.814015][ C0] ? trace_lock_release (./include/trace/events/lock.h:69 (discriminator 52)) 
[ 2792.814197][ C0] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 2792.814426][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 2792.814723][ C0] ? ip_finish_output2 (./include/linux/rcupdate.h:337 ./include/linux/rcupdate.h:849 net/ipv4/ip_output.c:229) 
[ 2792.814908][ C0] ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 2792.815092][ C0] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5838) 
[ 2792.815278][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 2792.815596][ C0] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:200) 
[ 2792.815785][ C0] ? rcu_read_lock_held (kernel/rcu/update.c:105 kernel/rcu/update.c:349) 
[ 2792.815967][ C0] ? __ip_finish_output (./include/linux/skbuff.h:1669 ./include/linux/skbuff.h:5010 net/ipv4/ip_output.c:308 net/ipv4/ip_output.c:296) 
[ 2792.816153][ C0] __ip_queue_xmit (net/ipv4/ip_output.c:536 (discriminator 4)) 
[ 2792.816331][ C0] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) 
[ 2792.816513][ C0] __tcp_transmit_skb (net/ipv4/tcp_output.c:1466 (discriminator 4)) 
[ 2792.816701][ C0] ? __pfx___tcp_transmit_skb (net/ipv4/tcp_output.c:1287) 
[ 2792.817002][ C0] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 2792.817344][ C0] ? tcp_small_queue_check.isra.0 (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/ipv4/tcp_output.c:2631) 
[ 2792.817575][ C0] tcp_write_xmit (net/ipv4/tcp_output.c:2830) 
[ 2792.817756][ C0] ? tcp_current_mss (./include/net/dst.h:216 net/ipv4/tcp_output.c:1872) 
[ 2792.817930][ C0] ? __pfx_tcp_current_mss (net/ipv4/tcp_output.c:1861) 
[ 2792.818338][ C0] ? __alloc_skb (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 ./include/linux/refcount.h:125 net/core/skbuff.c:702) 
[ 2792.818529][ C0] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2739) 
[ 2792.818709][ C0] ? tcp_set_state (net/ipv4/tcp.c:2870 (discriminator 53)) 
[ 2792.819022][ C0] ? __pfx_tcp_set_state (net/ipv4/tcp.c:2870) 
[ 2792.819210][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 2792.819392][ C0] ? lock_sock_nested (./include/net/sock.h:1723 net/core/sock.c:3623) 
[ 2792.819712][ C0] __tcp_push_pending_frames (net/ipv4/tcp_output.c:3015) 
[ 2792.819902][ C0] inet_shutdown (net/ipv4/af_inet.c:925) 
[ 2792.820092][ C0] ? sockfd_lookup_light (net/socket.c:557) 
[ 2792.820390][ C0] __sys_shutdown (net/socket.c:2448 net/socket.c:2460) 
[ 2792.820575][ C0] ? __pfx___sys_shutdown (net/socket.c:2454) 
[ 2792.820878][ C0] ? audit_reset_context.part.0.constprop.0 (./include/linux/list.h:373 kernel/auditsc.c:1023) 
[ 2792.821106][ C0] __x64_sys_shutdown (net/socket.c:2466) 
[ 2792.821290][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 2792.821466][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 2792.821689][    C0] RIP: 0033:0x7fbecd837beb
[ 2792.821870][ C0] Code: 73 01 c3 48 8b 0d 15 92 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 30 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e5 91 1b 00 f7 d8 64 89 01 48
All code
========
   0:	73 01                	jae    0x3
   2:	c3                   	ret
   3:	48 8b 0d 15 92 1b 00 	mov    0x1b9215(%rip),%rcx        # 0x1b921f
   a:	f7 d8                	neg    %eax
   c:	64 89 01             	mov    %eax,%fs:(%rcx)
   f:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  13:	c3                   	ret
  14:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  1b:	00 00 00 
  1e:	90                   	nop
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 30 00 00 00       	mov    $0x30,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b921f
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b91f5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[ 2792.822779][    C0] RSP: 002b:00007ffc5d1681a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000030
[ 2792.823173][    C0] RAX: ffffffffffffffda RBX: 0000560df33ff610 RCX: 00007fbecd837beb
[ 2792.823449][    C0] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000008
[ 2792.823847][    C0] RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000000
[ 2792.824122][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: ffffffffffffffff


Finger prints:
xfrm_sk_policy_lookup:xfrm_lookup_with_ifid:nf_xfrm_me_harder:nf_nat_ipv4_out:nf_hook_slow
print_report:kasan_report:xfrm_lookup_with_ifid:nf_xfrm_me_harder:nf_nat_ipv4_out