======================================
| [ 1129.071846][    C0] ==================================================================
| [ 1129.072162][ C0] BUG: KASAN: slab-out-of-bounds in xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
| [ 1129.072455][    C0] Read of size 8 at addr ffff8880055ee358 by task socat/12334
| [ 1129.072718][    C0]
[ 1129.073100][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1129.073491][    C0] Call Trace:
[ 1129.073631][    C0]  <IRQ>
[ 1129.073727][ C0] dump_stack_lvl (lib/dump_stack.c:123) 
[ 1129.073904][ C0] print_address_description.constprop.0 (mm/kasan/report.c:378) 
[ 1129.074140][ C0] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1129.074314][ C0] print_report (mm/kasan/report.c:489) 
[ 1129.074489][ C0] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 1129.074665][ C0] kasan_report (mm/kasan/report.c:603) 
[ 1129.074801][ C0] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1129.074985][ C0] xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1129.075181][ C0] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3132) 
[ 1129.075412][ C0] ? l4proto_manip_pkt (./include/net/checksum.h:167 net/netfilter/nf_nat_proto.c:216 net/netfilter/nf_nat_proto.c:342) nf_nat
[ 1129.075635][ C0] nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:684) nf_nat
[ 1129.075820][ C0] ? __pfx_nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:664) nf_nat
[ 1129.076039][ C0] ? nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1129.076311][ C0] ? __pfx_nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1129.076566][ C0] nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:783 net/netfilter/nf_nat_proto.c:755) nf_nat
[ 1129.076746][ C0] ? __pfx_nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:757) nf_nat
[ 1129.076971][ C0] nf_hook_slow (./include/linux/netfilter.h:154 net/netfilter/core.c:626) 
[ 1129.077147][ C0] nf_hook (./include/linux/netfilter.h:269) 
[ 1129.077279][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1129.077470][ C0] ? __pfx_nf_hook (./include/linux/netfilter.h:227) 
[ 1129.077655][ C0] ? check_irq_usage (kernel/locking/lockdep.c:2671 kernel/locking/lockdep.c:2888) 
[ 1129.077830][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1129.078017][ C0] ip_output (./include/linux/netfilter.h:301 net/ipv4/ip_output.c:434) 
[ 1129.078155][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1129.078325][ C0] vrf_ip_local_out (./include/net/dst.h:450 drivers/net/vrf.c:501) 
[ 1129.078501][ C0] ? __pfx_vrf_ip_local_out (drivers/net/vrf.c:493) 
[ 1129.078684][ C0] ? __pfx_dst_output (./include/net/dst.h:449) 
[ 1129.078877][ C0] vrf_process_v4_outbound (drivers/net/vrf.c:553) 
[ 1129.079056][ C0] ? __pfx_vrf_process_v4_outbound (drivers/net/vrf.c:508) 
[ 1129.079270][ C0] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1129.079448][ C0] vrf_xmit (drivers/net/vrf.c:570 drivers/net/vrf.c:584) 
[ 1129.079580][ C0] dev_hard_start_xmit (./include/linux/netdevice.h:4920 ./include/linux/netdevice.h:4929 net/core/dev.c:3588 net/core/dev.c:3604) 
[ 1129.079760][ C0] sch_direct_xmit (net/sched/sch_generic.c:343) 
[ 1129.079944][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1129.080118][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1129.080289][ C0] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) 
[ 1129.080469][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 1129.080641][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 1129.080817][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1129.081004][ C0] ? __dev_xmit_skb (net/core/dev.c:3862) 
[ 1129.081192][ C0] __dev_xmit_skb (net/core/dev.c:3875) 
[ 1129.081365][ C0] ? lock_sync (kernel/locking/lockdep.c:5873) 
[ 1129.081494][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1129.081667][ C0] ? __pfx___dev_xmit_skb (net/core/dev.c:3800) 
[ 1129.081858][ C0] __dev_queue_xmit (net/core/dev.c:4398) 
[ 1129.082035][ C0] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1129.082221][ C0] ? vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1129.082402][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1129.082572][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1129.082745][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1129.082919][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.083093][ C0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406) 
[ 1129.083312][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1129.083502][ C0] vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1129.083674][ C0] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1129.083856][ C0] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1129.084030][ C0] ? vrf_output (./include/linux/netfilter.h:301 drivers/net/vrf.c:889) 
[ 1129.084212][ C0] ip_push_pending_frames (./include/net/dst.h:450 ./include/net/dst.h:448 net/ipv4/ip_output.c:130 net/ipv4/ip_output.c:1505 net/ipv4/ip_output.c:1525) 
[ 1129.084389][ C0] ip_send_unicast_reply (./include/net/route.h:266 net/ipv4/ip_output.c:1675) 
[ 1129.084584][ C0] ? mark_lock (kernel/locking/lockdep.c:186 kernel/locking/lockdep.c:4731) 
[ 1129.084758][ C0] ? __pfx_ip_send_unicast_reply (net/ipv4/ip_output.c:1605) 
[ 1129.084981][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1129.085180][ C0] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) 
[ 1129.085363][ C0] ? tcp_v4_send_ack.constprop.0 (./include/linux/local_lock_internal.h:29 net/ipv4/tcp_ipv4.c:1016) 
[ 1129.085584][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1129.085775][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1129.085954][ C0] tcp_v4_send_ack.constprop.0 (./include/net/net_namespace.h:380 ./include/net/sock.h:661 net/ipv4/tcp_ipv4.c:1030) 
[ 1129.086193][ C0] ? __pfx_tcp_v4_send_ack.constprop.0 (net/ipv4/tcp_ipv4.c:933) 
[ 1129.086414][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1129.086607][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.086803][ C0] ? tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1129.086988][ C0] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1129.087165][ C0] ? __pfx_tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2177) 
[ 1129.087343][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1129.087517][ C0] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207 (discriminator 8)) 
[ 1129.087693][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.087876][ C0] ip_local_deliver_finish (./include/linux/rcupdate.h:878 net/ipv4/ip_input.c:234) 
[ 1129.088065][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.088247][ C0] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) 
[ 1129.088426][ C0] __netif_receive_skb_one_core (net/core/dev.c:5670 (discriminator 4)) 
[ 1129.088639][ C0] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5663) 
[ 1129.088866][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.089041][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1129.089228][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.089404][ C0] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6116) 
[ 1129.089581][ C0] __napi_poll.constprop.0 (net/core/dev.c:6779) 
[ 1129.089765][ C0] net_rx_action (net/core/dev.c:6848 net/core/dev.c:6970) 
[ 1129.089943][ C0] ? __pfx_net_rx_action (net/core/dev.c:6932) 
[ 1129.090115][ C0] ? __free_zapped_classes (kernel/locking/lockdep.c:6299) 
[ 1129.090297][ C0] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 1129.090487][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1129.090658][ C0] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1129.090791][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.090964][ C0] handle_softirqs (kernel/softirq.c:554) 
[ 1129.091142][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1129.091319][ C0] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) 
[ 1129.091456][    C0]  </IRQ>
[ 1129.091554][    C0]  <TASK>
[ 1129.091643][ C0] __local_bh_enable_ip (kernel/softirq.c:382) 
[ 1129.091815][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1129.091990][ C0] __dev_queue_xmit (net/core/dev.c:4460) 
[ 1129.092166][ C0] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1129.092345][ C0] ? ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1129.092523][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1129.092712][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1129.092895][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1129.093073][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.093246][ C0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1129.093462][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1129.093637][ C0] ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1129.093824][ C0] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:200) 
[ 1129.094016][ C0] ? __ip_finish_output (./include/linux/skbuff.h:1669 ./include/linux/skbuff.h:5010 net/ipv4/ip_output.c:308 net/ipv4/ip_output.c:296) 
[ 1129.094201][ C0] __ip_queue_xmit (net/ipv4/ip_output.c:536 (discriminator 4)) 
[ 1129.094380][ C0] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) 
[ 1129.094555][ C0] __tcp_transmit_skb (net/ipv4/tcp_output.c:1466 (discriminator 4)) 
[ 1129.094737][ C0] ? __pfx___tcp_transmit_skb (net/ipv4/tcp_output.c:1287) 
[ 1129.094919][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.095108][ C0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1129.095349][ C0] ? tcp_small_queue_check.isra.0 (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/ipv4/tcp_output.c:2631) 
[ 1129.095573][ C0] tcp_write_xmit (net/ipv4/tcp_output.c:2830) 
[ 1129.095750][ C0] ? tcp_current_mss (./include/net/dst.h:216 net/ipv4/tcp_output.c:1872) 
[ 1129.095923][ C0] ? __pfx_tcp_current_mss (net/ipv4/tcp_output.c:1861) 
[ 1129.096103][ C0] ? __alloc_skb (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 ./include/linux/refcount.h:125 net/core/skbuff.c:702) 
[ 1129.096287][ C0] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2739) 
[ 1129.096462][ C0] ? tcp_set_state (net/ipv4/tcp.c:2870 (discriminator 53)) 
[ 1129.096637][ C0] ? __pfx_tcp_set_state (net/ipv4/tcp.c:2870) 
[ 1129.096811][ C0] __tcp_push_pending_frames (net/ipv4/tcp_output.c:3015) 
[ 1129.096993][ C0] inet_shutdown (net/ipv4/af_inet.c:925) 
[ 1129.097167][ C0] ? sockfd_lookup_light (net/socket.c:557) 
[ 1129.097361][ C0] __sys_shutdown (net/socket.c:2448 net/socket.c:2460) 
[ 1129.097538][ C0] ? __pfx___sys_shutdown (net/socket.c:2454) 
[ 1129.097710][ C0] ? ksys_read (fs/read_write.c:712) 
[ 1129.097883][ C0] ? __pfx_ksys_read (fs/read_write.c:702) 
[ 1129.098064][ C0] __x64_sys_shutdown (net/socket.c:2466) 
[ 1129.098241][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 1129.098424][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1129.098655][    C0] RIP: 0033:0x7f0d8fdd0beb
[ 1129.098836][ C0] Code: 73 01 c3 48 8b 0d 15 92 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 30 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e5 91 1b 00 f7 d8 64 89 01 48
All code
========
   0:	73 01                	jae    0x3
   2:	c3                   	ret
   3:	48 8b 0d 15 92 1b 00 	mov    0x1b9215(%rip),%rcx        # 0x1b921f
   a:	f7 d8                	neg    %eax
   c:	64 89 01             	mov    %eax,%fs:(%rcx)
   f:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  13:	c3                   	ret
  14:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  1b:	00 00 00 
  1e:	90                   	nop
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 30 00 00 00       	mov    $0x30,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b921f
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b91f5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[ 1129.099453][    C0] RSP: 002b:00007ffe2aed62b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000030
[ 1129.099749][    C0] RAX: ffffffffffffffda RBX: 000055cbf438a610 RCX: 00007f0d8fdd0beb
[ 1129.100022][    C0] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000008
[ 1129.100282][    C0] RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000000
[ 1129.100670][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffff
[ 1129.100957][    C0] R13: 0000000000000000 R14: 000055cbca40f10e R15: 0000000000000001
| [ 1129.108387][    C0] Disabling lock debugging due to kernel taint
| [ 1129.108777][    C0] Oops: general protection fault, probably for non-canonical address 0xeb4b474b4b4b4b93: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [ 1129.109224][    C0] KASAN: maybe wild-memory-access in range [0x5a5a5a5a5a5a5c98-0x5a5a5a5a5a5a5c9f]
| [ 1129.109837][    C0] Tainted: [B]=BAD_PAGE
[ 1129.109982][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1129.110484][ C0] RIP: 0010:xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2218) 
[ 1129.110713][ C0] Code: 48 89 44 24 18 0f b7 44 24 06 89 44 24 28 e9 a9 01 00 00 4d 85 ed 0f 84 2f 02 00 00 49 8d bd 3e 02 00 00 48 89 f8 48 c1 e8 03 <0f> b6 14 18 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 8c
All code
========
   0:	48 89 44 24 18       	mov    %rax,0x18(%rsp)
   5:	0f b7 44 24 06       	movzwl 0x6(%rsp),%eax
   a:	89 44 24 28          	mov    %eax,0x28(%rsp)
   e:	e9 a9 01 00 00       	jmp    0x1bc
  13:	4d 85 ed             	test   %r13,%r13
  16:	0f 84 2f 02 00 00    	je     0x24b
  1c:	49 8d bd 3e 02 00 00 	lea    0x23e(%r13),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
  2a:*	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx		<-- trapping instruction
  2e:	48 89 f8             	mov    %rdi,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 01             	add    $0x1,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 08                	jl     0x43
  3b:	84 d2                	test   %dl,%dl
  3d:	0f                   	.byte 0xf
  3e:	85                   	.byte 0x85
  3f:	8c                   	.byte 0x8c

Code starting with the faulting instruction
===========================================
   0:	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx
   4:	48 89 f8             	mov    %rdi,%rax
   7:	83 e0 07             	and    $0x7,%eax
   a:	83 c0 01             	add    $0x1,%eax
   d:	38 d0                	cmp    %dl,%al
   f:	7c 08                	jl     0x19
  11:	84 d2                	test   %dl,%dl
  13:	0f                   	.byte 0xf
  14:	85                   	.byte 0x85
  15:	8c                   	.byte 0x8c
[ 1129.111482][    C0] RSP: 0018:ffffc90000006a80 EFLAGS: 00010206
[ 1129.111721][    C0] RAX: 0b4b4b4b4b4b4b93 RBX: dffffc0000000000 RCX: ffffffff915174b8
[ 1129.111995][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 5a5a5a5a5a5a5c98
[ 1129.112269][    C0] RBP: ffff8880055ee1a0 R08: 0000000000000000 R09: 0000000000000000
[ 1129.112537][    C0] R10: ffffffff9357388f R11: 205d304320202020 R12: 0000000000000000
[ 1129.112820][    C0] R13: 5a5a5a5a5a5a5a5a R14: ffff8880055ee1a0 R15: ffffc90000006c70
[ 1129.113198][    C0] FS:  00007f0d8fd42740(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
[ 1129.113498][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1129.113729][    C0] CR2: 000055cbf4390b88 CR3: 000000000555a003 CR4: 0000000000772ef0
[ 1129.113989][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1129.114248][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1129.114628][    C0] PKRU: 55555554
[ 1129.114776][    C0] Call Trace:
[ 1129.114928][    C0]  <IRQ>
[ 1129.115018][ C0] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 1129.115160][ C0] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) 
[ 1129.115354][ C0] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 1129.115531][ C0] ? xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2213) 
[ 1129.115705][ C0] ? xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2218) 
[ 1129.115893][ C0] ? __pfx_xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2208) 
[ 1129.116238][ C0] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1129.116416][ C0] xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3147) 
[ 1129.116594][ C0] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3132) 
[ 1129.116928][ C0] ? l4proto_manip_pkt (./include/net/checksum.h:167 net/netfilter/nf_nat_proto.c:216 net/netfilter/nf_nat_proto.c:342) nf_nat
[ 1129.117267][ C0] nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:684) nf_nat
[ 1129.117563][ C0] ? __pfx_nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:664) nf_nat
[ 1129.117900][ C0] ? nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1129.118255][ C0] ? __pfx_nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1129.118620][ C0] nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:783 net/netfilter/nf_nat_proto.c:755) nf_nat
[ 1129.118803][ C0] ? __pfx_nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:757) nf_nat
[ 1129.119029][ C0] nf_hook_slow (./include/linux/netfilter.h:154 net/netfilter/core.c:626) 
[ 1129.119206][ C0] nf_hook (./include/linux/netfilter.h:269) 
[ 1129.119343][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1129.119527][ C0] ? __pfx_nf_hook (./include/linux/netfilter.h:227) 
[ 1129.119697][ C0] ? check_irq_usage (kernel/locking/lockdep.c:2671 kernel/locking/lockdep.c:2888) 
[ 1129.119869][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1129.120265][ C0] ip_output (./include/linux/netfilter.h:301 net/ipv4/ip_output.c:434) 
[ 1129.120398][ C0] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1129.120569][ C0] vrf_ip_local_out (./include/net/dst.h:450 drivers/net/vrf.c:501) 
[ 1129.120867][ C0] ? __pfx_vrf_ip_local_out (drivers/net/vrf.c:493) 
[ 1129.121046][ C0] ? __pfx_dst_output (./include/net/dst.h:449) 
[ 1129.121217][ C0] vrf_process_v4_outbound (drivers/net/vrf.c:553) 
[ 1129.121516][ C0] ? __pfx_vrf_process_v4_outbound (drivers/net/vrf.c:508) 
[ 1129.121734][ C0] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1129.121925][ C0] vrf_xmit (drivers/net/vrf.c:570 drivers/net/vrf.c:584) 
[ 1129.122062][ C0] dev_hard_start_xmit (./include/linux/netdevice.h:4920 ./include/linux/netdevice.h:4929 net/core/dev.c:3588 net/core/dev.c:3604) 
[ 1129.122238][ C0] sch_direct_xmit (net/sched/sch_generic.c:343) 
[ 1129.122403][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1129.122580][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1129.122867][ C0] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) 
[ 1129.123034][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 1129.123201][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 1129.123374][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1129.123545][ C0] ? __dev_xmit_skb (net/core/dev.c:3862) 
[ 1129.123830][ C0] __dev_xmit_skb (net/core/dev.c:3875) 
[ 1129.123997][ C0] ? lock_sync (kernel/locking/lockdep.c:5873) 
[ 1129.124124][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1129.124290][ C0] ? __pfx___dev_xmit_skb (net/core/dev.c:3800) 
[ 1129.124459][ C0] __dev_queue_xmit (net/core/dev.c:4398) 
[ 1129.124629][ C0] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1129.124915][ C0] ? vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1129.125080][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1129.125261][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1129.125434][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1129.125726][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.125907][ C0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406) 
[ 1129.126125][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1129.126303][ C0] vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1129.126469][ C0] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1129.126643][ C0] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1129.126937][ C0] ? vrf_output (./include/linux/netfilter.h:301 drivers/net/vrf.c:889) 
[ 1129.127104][ C0] ip_push_pending_frames (./include/net/dst.h:450 ./include/net/dst.h:448 net/ipv4/ip_output.c:130 net/ipv4/ip_output.c:1505 net/ipv4/ip_output.c:1525) 
[ 1129.127280][ C0] ip_send_unicast_reply (./include/net/route.h:266 net/ipv4/ip_output.c:1675) 
[ 1129.127458][ C0] ? mark_lock (kernel/locking/lockdep.c:186 kernel/locking/lockdep.c:4731) 
[ 1129.127623][ C0] ? __pfx_ip_send_unicast_reply (net/ipv4/ip_output.c:1605) 
[ 1129.128061][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1129.128248][ C0] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) 
[ 1129.128419][ C0] ? tcp_v4_send_ack.constprop.0 (./include/linux/local_lock_internal.h:29 net/ipv4/tcp_ipv4.c:1016) 
[ 1129.128635][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1129.128812][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1129.129095][ C0] tcp_v4_send_ack.constprop.0 (./include/net/net_namespace.h:380 ./include/net/sock.h:661 net/ipv4/tcp_ipv4.c:1030) 
[ 1129.129314][ C0] ? __pfx_tcp_v4_send_ack.constprop.0 (net/ipv4/tcp_ipv4.c:933) 
[ 1129.129538][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1129.129718][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.129889][ C0] ? tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1129.130176][ C0] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1129.130373][ C0] ? __pfx_tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2177) 
[ 1129.130565][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1129.130747][ C0] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207 (discriminator 8)) 
[ 1129.130933][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.131112][ C0] ip_local_deliver_finish (./include/linux/rcupdate.h:878 net/ipv4/ip_input.c:234) 
[ 1129.131408][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.131586][ C0] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) 
[ 1129.131770][ C0] __netif_receive_skb_one_core (net/core/dev.c:5670 (discriminator 4)) 
[ 1129.131998][ C0] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5663) 
[ 1129.132369][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.132550][ C0] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1129.132849][ C0] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1129.133037][ C0] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6116) 
[ 1129.133225][ C0] __napi_poll.constprop.0 (net/core/dev.c:6779) 
[ 1129.133521][ C0] net_rx_action (net/core/dev.c:6848 net/core/dev.c:6970) 
[ 1129.133702][ C0] ? __pfx_net_rx_action (net/core/dev.c:6932) 
[ 1129.133897][ C0] ? __free_zapped_classes (kernel/locking/lockdep.c:6299) 
[ 1129.134084][ C0] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 1129.134382][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1129.134568][ C0] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1129.134822][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.135006][ C0] handle_softirqs (kernel/softirq.c:554) 
[ 1129.135316][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1129.135498][ C0] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) 
[ 1129.135753][    C0]  </IRQ>
[ 1129.135852][    C0]  <TASK>
[ 1129.136065][ C0] __local_bh_enable_ip (kernel/softirq.c:382) 
[ 1129.136256][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1129.136561][ C0] __dev_queue_xmit (net/core/dev.c:4460) 
[ 1129.136743][ C0] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1129.136923][ C0] ? ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1129.137107][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1129.137404][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1129.137585][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1129.137772][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.137944][ C0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1129.138291][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1129.138474][ C0] ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1129.138661][ C0] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:200) 
[ 1129.138960][ C0] ? __ip_finish_output (./include/linux/skbuff.h:1669 ./include/linux/skbuff.h:5010 net/ipv4/ip_output.c:308 net/ipv4/ip_output.c:296) 
[ 1129.139136][ C0] __ip_queue_xmit (net/ipv4/ip_output.c:536 (discriminator 4)) 
[ 1129.139445][ C0] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) 
[ 1129.139634][ C0] __tcp_transmit_skb (net/ipv4/tcp_output.c:1466 (discriminator 4)) 
[ 1129.139829][ C0] ? __pfx___tcp_transmit_skb (net/ipv4/tcp_output.c:1287) 
[ 1129.140009][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1129.140199][ C0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1129.140430][ C0] ? tcp_small_queue_check.isra.0 (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/ipv4/tcp_output.c:2631) 
[ 1129.140665][ C0] tcp_write_xmit (net/ipv4/tcp_output.c:2830) 
[ 1129.140967][ C0] ? tcp_current_mss (./include/net/dst.h:216 net/ipv4/tcp_output.c:1872) 
[ 1129.141152][ C0] ? __pfx_tcp_current_mss (net/ipv4/tcp_output.c:1861) 
[ 1129.141345][ C0] ? __alloc_skb (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 ./include/linux/refcount.h:125 net/core/skbuff.c:702) 
[ 1129.141653][ C0] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2739) 
[ 1129.141839][ C0] ? tcp_set_state (net/ipv4/tcp.c:2870 (discriminator 53)) 
[ 1129.142039][ C0] ? __pfx_tcp_set_state (net/ipv4/tcp.c:2870) 
[ 1129.142388][ C0] __tcp_push_pending_frames (net/ipv4/tcp_output.c:3015) 
[ 1129.142574][ C0] inet_shutdown (net/ipv4/af_inet.c:925) 
[ 1129.142775][ C0] ? sockfd_lookup_light (net/socket.c:557) 
[ 1129.143090][ C0] __sys_shutdown (net/socket.c:2448 net/socket.c:2460) 
[ 1129.143287][ C0] ? __pfx___sys_shutdown (net/socket.c:2454) 
[ 1129.143480][ C0] ? ksys_read (fs/read_write.c:712) 
[ 1129.143789][ C0] ? __pfx_ksys_read (fs/read_write.c:702) 
[ 1129.143975][ C0] __x64_sys_shutdown (net/socket.c:2466) 
[ 1129.144279][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 1129.144470][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1129.144704][    C0] RIP: 0033:0x7f0d8fdd0beb
[ 1129.144900][ C0] Code: 73 01 c3 48 8b 0d 15 92 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 30 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e5 91 1b 00 f7 d8 64 89 01 48
All code
========
   0:	73 01                	jae    0x3
   2:	c3                   	ret
   3:	48 8b 0d 15 92 1b 00 	mov    0x1b9215(%rip),%rcx        # 0x1b921f
   a:	f7 d8                	neg    %eax
   c:	64 89 01             	mov    %eax,%fs:(%rcx)
   f:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  13:	c3                   	ret
  14:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  1b:	00 00 00 
  1e:	90                   	nop
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 30 00 00 00       	mov    $0x30,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b921f
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b91f5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[ 1129.145685][    C0] RSP: 002b:00007ffe2aed62b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000030
[ 1129.145977][    C0] RAX: ffffffffffffffda RBX: 000055cbf438a610 RCX: 00007f0d8fdd0beb
[ 1129.146383][    C0] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000008
[ 1129.146666][    C0] RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000000
[ 1129.146941][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffff


Finger prints:
xfrm_sk_policy_lookup:xfrm_lookup_with_ifid:nf_xfrm_me_harder:nf_nat_ipv4_out:nf_hook_slow
print_report:kasan_report:xfrm_lookup_with_ifid:nf_xfrm_me_harder:nf_nat_ipv4_out