======================================
| [ 1843.522550][    C1] ==================================================================
| [ 1843.522858][ C1] BUG: KASAN: slab-out-of-bounds in xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
| [ 1843.523147][    C1] Read of size 8 at addr ffff8880023dace8 by task socat/9412
| [ 1843.523412][    C1]
[ 1843.523766][    C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1843.524160][    C1] Call Trace:
[ 1843.524300][    C1]  <IRQ>
[ 1843.524395][ C1] dump_stack_lvl (lib/dump_stack.c:123) 
[ 1843.524584][ C1] print_address_description.constprop.0 (mm/kasan/report.c:378) 
[ 1843.524807][ C1] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1843.524988][ C1] print_report (mm/kasan/report.c:489) 
[ 1843.525163][ C1] ? kasan_addr_to_slab (./include/linux/mm.h:1282 mm/kasan/../slab.h:206 mm/kasan/common.c:38) 
[ 1843.525340][ C1] kasan_report (mm/kasan/report.c:603) 
[ 1843.525473][ C1] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1843.525660][ C1] xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1843.525833][ C1] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3132) 
[ 1843.526058][ C1] ? l4proto_manip_pkt (./include/net/checksum.h:167 net/netfilter/nf_nat_proto.c:216 net/netfilter/nf_nat_proto.c:342) nf_nat
[ 1843.526290][ C1] nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:684) nf_nat
[ 1843.526469][ C1] ? __pfx_nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:664) nf_nat
[ 1843.526694][ C1] ? nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1843.526951][ C1] ? __pfx_nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1843.527198][ C1] nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:783 net/netfilter/nf_nat_proto.c:755) nf_nat
[ 1843.527386][ C1] ? __pfx_nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:757) nf_nat
[ 1843.527603][ C1] nf_hook_slow (./include/linux/netfilter.h:154 net/netfilter/core.c:626) 
[ 1843.527778][ C1] nf_hook (./include/linux/netfilter.h:269) 
[ 1843.527909][ C1] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1843.528088][ C1] ? __pfx_nf_hook (./include/linux/netfilter.h:227) 
[ 1843.528262][ C1] ? check_irq_usage (kernel/locking/lockdep.c:2671 kernel/locking/lockdep.c:2888) 
[ 1843.528451][ C1] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1843.528625][ C1] ip_output (./include/linux/netfilter.h:301 net/ipv4/ip_output.c:434) 
[ 1843.528761][ C1] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1843.528952][ C1] vrf_ip_local_out (./include/net/dst.h:450 drivers/net/vrf.c:501) 
[ 1843.529135][ C1] ? __pfx_vrf_ip_local_out (drivers/net/vrf.c:493) 
[ 1843.529312][ C1] ? __pfx_dst_output (./include/net/dst.h:449) 
[ 1843.529494][ C1] vrf_process_v4_outbound (drivers/net/vrf.c:553) 
[ 1843.529671][ C1] ? __pfx_vrf_process_v4_outbound (drivers/net/vrf.c:508) 
[ 1843.529899][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1843.530083][ C1] vrf_xmit (drivers/net/vrf.c:570 drivers/net/vrf.c:584) 
[ 1843.530221][ C1] dev_hard_start_xmit (./include/linux/netdevice.h:4920 ./include/linux/netdevice.h:4929 net/core/dev.c:3588 net/core/dev.c:3604) 
[ 1843.530401][ C1] sch_direct_xmit (net/sched/sch_generic.c:343) 
[ 1843.530575][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1843.530752][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1843.530927][ C1] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) 
[ 1843.531105][ C1] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 1843.531298][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 1843.531474][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1843.531649][ C1] ? __dev_xmit_skb (net/core/dev.c:3862) 
[ 1843.531828][ C1] __dev_xmit_skb (net/core/dev.c:3875) 
[ 1843.532006][ C1] ? lock_sync (kernel/locking/lockdep.c:5873) 
[ 1843.532137][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1843.532322][ C1] ? __pfx___dev_xmit_skb (net/core/dev.c:3800) 
[ 1843.532503][ C1] __dev_queue_xmit (net/core/dev.c:4398) 
[ 1843.532683][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1843.532862][ C1] ? vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1843.533048][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1843.533234][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.533427][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1843.533615][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.533805][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406) 
[ 1843.534024][ C1] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1843.534218][ C1] vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1843.534395][ C1] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1843.534580][ C1] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1843.534756][ C1] ? vrf_output (./include/linux/netfilter.h:301 drivers/net/vrf.c:889) 
[ 1843.534935][ C1] ip_push_pending_frames (./include/net/dst.h:450 ./include/net/dst.h:448 net/ipv4/ip_output.c:130 net/ipv4/ip_output.c:1505 net/ipv4/ip_output.c:1525) 
[ 1843.535115][ C1] ip_send_unicast_reply (./include/net/route.h:266 net/ipv4/ip_output.c:1675) 
[ 1843.535300][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.535491][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1843.535627][ C1] ? __pfx_ip_send_unicast_reply (net/ipv4/ip_output.c:1605) 
[ 1843.535854][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1843.536030][ C1] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) 
[ 1843.536217][ C1] ? tcp_v4_send_ack.constprop.0 (./include/linux/local_lock_internal.h:29 net/ipv4/tcp_ipv4.c:1016) 
[ 1843.536442][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1843.536584][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1843.536758][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1843.536948][ C1] tcp_v4_send_ack.constprop.0 (./include/net/net_namespace.h:380 ./include/net/sock.h:661 net/ipv4/tcp_ipv4.c:1030) 
[ 1843.537176][ C1] ? __pfx_tcp_v4_send_ack.constprop.0 (net/ipv4/tcp_ipv4.c:933) 
[ 1843.537416][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1843.537598][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.537796][ C1] ? tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1843.537988][ C1] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1843.538174][ C1] ? __pfx_tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2177) 
[ 1843.538349][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1843.538532][ C1] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207 (discriminator 8)) 
[ 1843.538713][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.539023][ C1] ip_local_deliver_finish (./include/linux/rcupdate.h:878 net/ipv4/ip_input.c:234) 
[ 1843.539333][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.539516][ C1] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) 
[ 1843.539834][ C1] __netif_receive_skb_one_core (net/core/dev.c:5670 (discriminator 4)) 
[ 1843.540069][ C1] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5663) 
[ 1843.540422][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.540605][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1843.540899][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.541191][ C1] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6116) 
[ 1843.541369][ C1] __napi_poll.constprop.0 (net/core/dev.c:6779) 
[ 1843.541556][ C1] net_rx_action (net/core/dev.c:6848 net/core/dev.c:6970) 
[ 1843.541741][ C1] ? note_gp_changes (kernel/rcu/tree.c:1331 (discriminator 31)) 
[ 1843.541923][ C1] ? __pfx_net_rx_action (net/core/dev.c:6932) 
[ 1843.542233][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.542416][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1843.542553][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.542731][ C1] handle_softirqs (kernel/softirq.c:554) 
[ 1843.542915][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1843.543099][ C1] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) 
[ 1843.543238][    C1]  </IRQ>
[ 1843.543341][    C1]  <TASK>
[ 1843.543431][ C1] __local_bh_enable_ip (kernel/softirq.c:382) 
[ 1843.543606][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1843.543787][ C1] __dev_queue_xmit (net/core/dev.c:4460) 
[ 1843.543970][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1843.544154][ C1] ? ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1843.544339][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1843.544753][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.544943][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1843.545120][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.545299][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1843.545519][ C1] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1843.545699][ C1] ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1843.545995][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:200) 
[ 1843.546173][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1669 ./include/linux/skbuff.h:5010 net/ipv4/ip_output.c:308 net/ipv4/ip_output.c:296) 
[ 1843.546469][ C1] __ip_queue_xmit (net/ipv4/ip_output.c:536 (discriminator 4)) 
[ 1843.546647][ C1] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) 
[ 1843.546827][ C1] __tcp_transmit_skb (net/ipv4/tcp_output.c:1466 (discriminator 4)) 
[ 1843.547010][ C1] ? __pfx___tcp_transmit_skb (net/ipv4/tcp_output.c:1287) 
[ 1843.547303][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.547483][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1843.547841][ C1] ? tcp_small_queue_check.isra.0 (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/ipv4/tcp_output.c:2631) 
[ 1843.548068][ C1] tcp_write_xmit (net/ipv4/tcp_output.c:2830) 
[ 1843.548379][ C1] ? tcp_current_mss (./include/net/dst.h:216 net/ipv4/tcp_output.c:1872) 
[ 1843.548559][ C1] ? __pfx_tcp_current_mss (net/ipv4/tcp_output.c:1861) 
[ 1843.548862][ C1] ? __alloc_skb (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 ./include/linux/refcount.h:125 net/core/skbuff.c:702) 
[ 1843.549047][ C1] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2739) 
[ 1843.549225][ C1] ? tcp_set_state (net/ipv4/tcp.c:2870 (discriminator 53)) 
[ 1843.549534][ C1] ? __pfx_tcp_set_state (net/ipv4/tcp.c:2870) 
[ 1843.549713][ C1] __tcp_push_pending_frames (net/ipv4/tcp_output.c:3015) 
[ 1843.549894][ C1] inet_shutdown (net/ipv4/af_inet.c:925) 
[ 1843.550082][ C1] ? sockfd_lookup_light (net/socket.c:557) 
[ 1843.550407][ C1] __sys_shutdown (net/socket.c:2448 net/socket.c:2460) 
[ 1843.550589][ C1] ? __pfx___sys_shutdown (net/socket.c:2454) 
[ 1843.550774][ C1] ? audit_reset_context.part.0.constprop.0 (./include/linux/list.h:373 kernel/auditsc.c:1023) 
[ 1843.551001][ C1] __x64_sys_shutdown (net/socket.c:2466) 
[ 1843.551327][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 1843.551518][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1843.551755][    C1] RIP: 0033:0x7f641d1b2beb
[ 1843.551938][ C1] Code: 73 01 c3 48 8b 0d 15 92 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 30 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e5 91 1b 00 f7 d8 64 89 01 48
All code
========
   0:	73 01                	jae    0x3
   2:	c3                   	ret
   3:	48 8b 0d 15 92 1b 00 	mov    0x1b9215(%rip),%rcx        # 0x1b921f
   a:	f7 d8                	neg    %eax
   c:	64 89 01             	mov    %eax,%fs:(%rcx)
   f:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  13:	c3                   	ret
  14:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  1b:	00 00 00 
  1e:	90                   	nop
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 30 00 00 00       	mov    $0x30,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b921f
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b91f5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[ 1843.552684][    C1] RSP: 002b:00007ffc799ef458 EFLAGS: 00000206 ORIG_RAX: 0000000000000030
[ 1843.552955][    C1] RAX: ffffffffffffffda RBX: 0000563c8ffaa610 RCX: 00007f641d1b2beb
[ 1843.553351][    C1] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000008
[ 1843.553631][    C1] RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000000
[ 1843.554041][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffff
[ 1843.554299][    C1] R13: 0000000000000000 R14: 0000563c7f06910e R15: 0000000000000001
| [ 1843.562075][    C1] Disabling lock debugging due to kernel taint
| [ 1843.562464][    C1] Oops: general protection fault, probably for non-canonical address 0xeb4b474b4b4b4b93: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [ 1843.563039][    C1] KASAN: maybe wild-memory-access in range [0x5a5a5a5a5a5a5c98-0x5a5a5a5a5a5a5c9f]
| [ 1843.563784][    C1] Tainted: [B]=BAD_PAGE
[ 1843.563915][    C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 1843.564336][ C1] RIP: 0010:xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2218) 
[ 1843.564565][ C1] Code: 48 89 44 24 18 0f b7 44 24 06 89 44 24 28 e9 a9 01 00 00 4d 85 ed 0f 84 2f 02 00 00 49 8d bd 3e 02 00 00 48 89 f8 48 c1 e8 03 <0f> b6 14 18 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 8c
All code
========
   0:	48 89 44 24 18       	mov    %rax,0x18(%rsp)
   5:	0f b7 44 24 06       	movzwl 0x6(%rsp),%eax
   a:	89 44 24 28          	mov    %eax,0x28(%rsp)
   e:	e9 a9 01 00 00       	jmp    0x1bc
  13:	4d 85 ed             	test   %r13,%r13
  16:	0f 84 2f 02 00 00    	je     0x24b
  1c:	49 8d bd 3e 02 00 00 	lea    0x23e(%r13),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
  2a:*	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx		<-- trapping instruction
  2e:	48 89 f8             	mov    %rdi,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 01             	add    $0x1,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 08                	jl     0x43
  3b:	84 d2                	test   %dl,%dl
  3d:	0f                   	.byte 0xf
  3e:	85                   	.byte 0x85
  3f:	8c                   	.byte 0x8c

Code starting with the faulting instruction
===========================================
   0:	0f b6 14 18          	movzbl (%rax,%rbx,1),%edx
   4:	48 89 f8             	mov    %rdi,%rax
   7:	83 e0 07             	and    $0x7,%eax
   a:	83 c0 01             	add    $0x1,%eax
   d:	38 d0                	cmp    %dl,%al
   f:	7c 08                	jl     0x19
  11:	84 d2                	test   %dl,%dl
  13:	0f                   	.byte 0xf
  14:	85                   	.byte 0x85
  15:	8c                   	.byte 0x8c
[ 1843.565342][    C1] RSP: 0018:ffffc900001e7a80 EFLAGS: 00010206
[ 1843.565572][    C1] RAX: 0b4b4b4b4b4b4b93 RBX: dffffc0000000000 RCX: ffffffff85f174b8
[ 1843.566106][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 5a5a5a5a5a5a5c98
[ 1843.566375][    C1] RBP: ffff8880023dab30 R08: 0000000000000000 R09: 0000000000000000
[ 1843.566633][    C1] R10: ffffffff87f7388f R11: 205d314320202020 R12: 0000000000000000
[ 1843.567025][    C1] R13: 5a5a5a5a5a5a5a5a R14: ffff8880023dab30 R15: ffffc900001e7c70
[ 1843.567542][    C1] FS:  00007f641d124740(0000) GS:ffff88802f480000(0000) knlGS:0000000000000000
[ 1843.567863][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1843.568206][    C1] CR2: 00007f641d2d0250 CR3: 000000000839e004 CR4: 0000000000772ef0
[ 1843.568476][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1843.568742][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1843.569148][    C1] PKRU: 55555554
[ 1843.569290][    C1] Call Trace:
[ 1843.569428][    C1]  <IRQ>
[ 1843.569532][ C1] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 1843.569670][ C1] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) 
[ 1843.569868][ C1] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 1843.570051][ C1] ? xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2213) 
[ 1843.570237][ C1] ? xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2218) 
[ 1843.570535][ C1] ? __pfx_xfrm_sk_policy_lookup (net/xfrm/xfrm_policy.c:2208) 
[ 1843.570751][ C1] ? xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3145) 
[ 1843.571065][ C1] xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3147) 
[ 1843.571248][ C1] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3132) 
[ 1843.571470][ C1] ? l4proto_manip_pkt (./include/net/checksum.h:167 net/netfilter/nf_nat_proto.c:216 net/netfilter/nf_nat_proto.c:342) nf_nat
[ 1843.571696][ C1] nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:684) nf_nat
[ 1843.572004][ C1] ? __pfx_nf_xfrm_me_harder (net/netfilter/nf_nat_proto.c:664) nf_nat
[ 1843.572249][ C1] ? nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1843.572626][ C1] ? __pfx_nft_do_chain_ipv4 (net/netfilter/nft_chain_filter.c:17) nf_tables
[ 1843.572994][ C1] nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:783 net/netfilter/nf_nat_proto.c:755) nf_nat
[ 1843.573303][ C1] ? __pfx_nf_nat_ipv4_out (net/netfilter/nf_nat_proto.c:757) nf_nat
[ 1843.573539][ C1] nf_hook_slow (./include/linux/netfilter.h:154 net/netfilter/core.c:626) 
[ 1843.573713][ C1] nf_hook (./include/linux/netfilter.h:269) 
[ 1843.573855][ C1] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1843.574191][ C1] ? __pfx_nf_hook (./include/linux/netfilter.h:227) 
[ 1843.574369][ C1] ? check_irq_usage (kernel/locking/lockdep.c:2671 kernel/locking/lockdep.c:2888) 
[ 1843.574571][ C1] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1843.574755][ C1] ip_output (./include/linux/netfilter.h:301 net/ipv4/ip_output.c:434) 
[ 1843.574891][ C1] ? __pfx_ip_finish_output (net/ipv4/ip_output.c:318) 
[ 1843.575084][ C1] vrf_ip_local_out (./include/net/dst.h:450 drivers/net/vrf.c:501) 
[ 1843.575279][ C1] ? __pfx_vrf_ip_local_out (drivers/net/vrf.c:493) 
[ 1843.575597][ C1] ? __pfx_dst_output (./include/net/dst.h:449) 
[ 1843.575770][ C1] vrf_process_v4_outbound (drivers/net/vrf.c:553) 
[ 1843.575945][ C1] ? __pfx_vrf_process_v4_outbound (drivers/net/vrf.c:508) 
[ 1843.576161][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1843.576346][ C1] vrf_xmit (drivers/net/vrf.c:570 drivers/net/vrf.c:584) 
[ 1843.576479][ C1] dev_hard_start_xmit (./include/linux/netdevice.h:4920 ./include/linux/netdevice.h:4929 net/core/dev.c:3588 net/core/dev.c:3604) 
[ 1843.576655][ C1] sch_direct_xmit (net/sched/sch_generic.c:343) 
[ 1843.576829][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1843.577002][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1843.577296][ C1] ? __pfx_sch_direct_xmit (net/sched/sch_generic.c:318) 
[ 1843.577472][ C1] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 1843.577647][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 1843.577818][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1843.577990][ C1] ? __dev_xmit_skb (net/core/dev.c:3862) 
[ 1843.578271][ C1] __dev_xmit_skb (net/core/dev.c:3875) 
[ 1843.578458][ C1] ? lock_sync (kernel/locking/lockdep.c:5873) 
[ 1843.578585][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1843.578756][ C1] ? __pfx___dev_xmit_skb (net/core/dev.c:3800) 
[ 1843.579050][ C1] __dev_queue_xmit (net/core/dev.c:4398) 
[ 1843.579232][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1843.579407][ C1] ? vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1843.579582][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1843.579754][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.579923][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1843.580092][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.580260][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406) 
[ 1843.580477][ C1] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1843.580657][ C1] vrf_finish_output (./include/net/neighbour.h:540 drivers/net/vrf.c:870) 
[ 1843.580949][ C1] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1843.581129][ C1] ? __pfx_vrf_finish_output (drivers/net/vrf.c:843) 
[ 1843.581314][ C1] ? vrf_output (./include/linux/netfilter.h:301 drivers/net/vrf.c:889) 
[ 1843.581617][ C1] ip_push_pending_frames (./include/net/dst.h:450 ./include/net/dst.h:448 net/ipv4/ip_output.c:130 net/ipv4/ip_output.c:1505 net/ipv4/ip_output.c:1525) 
[ 1843.581802][ C1] ip_send_unicast_reply (./include/net/route.h:266 net/ipv4/ip_output.c:1675) 
[ 1843.581979][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.582276][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1843.582411][ C1] ? __pfx_ip_send_unicast_reply (net/ipv4/ip_output.c:1605) 
[ 1843.582755][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 1843.582935][ C1] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) 
[ 1843.583111][ C1] ? tcp_v4_send_ack.constprop.0 (./include/linux/local_lock_internal.h:29 net/ipv4/tcp_ipv4.c:1016) 
[ 1843.583454][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1843.583597][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1843.583789][ C1] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 1843.583978][ C1] tcp_v4_send_ack.constprop.0 (./include/net/net_namespace.h:380 ./include/net/sock.h:661 net/ipv4/tcp_ipv4.c:1030) 
[ 1843.584333][ C1] ? __pfx_tcp_v4_send_ack.constprop.0 (net/ipv4/tcp_ipv4.c:933) 
[ 1843.584555][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1843.584726][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.584910][ C1] ? tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1843.585202][ C1] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:1086 net/ipv4/tcp_ipv4.c:2427) 
[ 1843.585503][ C1] ? __pfx_tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2177) 
[ 1843.585679][ C1] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 1843.585859][ C1] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207 (discriminator 8)) 
[ 1843.586034][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.586225][ C1] ip_local_deliver_finish (./include/linux/rcupdate.h:878 net/ipv4/ip_input.c:234) 
[ 1843.586540][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.586722][ C1] ? __pfx_ip_rcv (net/ipv4/ip_input.c:562) 
[ 1843.586899][ C1] __netif_receive_skb_one_core (net/core/dev.c:5670 (discriminator 4)) 
[ 1843.587131][ C1] ? __pfx___netif_receive_skb_one_core (net/core/dev.c:5663) 
[ 1843.587344][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.587522][ C1] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 1843.587820][ C1] ? process_backlog (./include/linux/local_lock_internal.h:38 net/core/dev.c:6113) 
[ 1843.588006][ C1] process_backlog (./include/linux/rcupdate.h:878 net/core/dev.c:6116) 
[ 1843.588195][ C1] __napi_poll.constprop.0 (net/core/dev.c:6779) 
[ 1843.588375][ C1] net_rx_action (net/core/dev.c:6848 net/core/dev.c:6970) 
[ 1843.588685][ C1] ? note_gp_changes (kernel/rcu/tree.c:1331 (discriminator 31)) 
[ 1843.588894][ C1] ? __pfx_net_rx_action (net/core/dev.c:6932) 
[ 1843.589075][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.589249][ C1] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 1843.589501][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.589682][ C1] handle_softirqs (kernel/softirq.c:554) 
[ 1843.589866][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1843.590046][ C1] do_softirq (kernel/softirq.c:455 kernel/softirq.c:442) 
[ 1843.590183][    C1]  </IRQ>
[ 1843.590402][    C1]  <TASK>
[ 1843.590491][ C1] __local_bh_enable_ip (kernel/softirq.c:382) 
[ 1843.590659][ C1] ? __dev_queue_xmit (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:917 net/core/dev.c:4459) 
[ 1843.590833][ C1] __dev_queue_xmit (net/core/dev.c:4460) 
[ 1843.591132][ C1] ? __lock_release (kernel/locking/lockdep.c:5501) 
[ 1843.591304][ C1] ? ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1843.591484][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 1843.591692][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 1843.591873][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4341) 
[ 1843.592060][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.592362][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1843.592586][ C1] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:757 ./include/net/neighbour.h:496) 
[ 1843.592764][ C1] ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:236) 
[ 1843.592942][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:200) 
[ 1843.593127][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1669 ./include/linux/skbuff.h:5010 net/ipv4/ip_output.c:308 net/ipv4/ip_output.c:296) 
[ 1843.593314][ C1] __ip_queue_xmit (net/ipv4/ip_output.c:536 (discriminator 4)) 
[ 1843.593610][ C1] ? __skb_clone (./arch/x86/include/asm/atomic.h:53 (discriminator 4) ./include/linux/atomic/atomic-arch-fallback.h:992 (discriminator 4) ./include/linux/atomic/atomic-instrumented.h:436 (discriminator 4) net/core/skbuff.c:1605 (discriminator 4)) 
[ 1843.593790][ C1] __tcp_transmit_skb (net/ipv4/tcp_output.c:1466 (discriminator 4)) 
[ 1843.593987][ C1] ? __pfx___tcp_transmit_skb (net/ipv4/tcp_output.c:1287) 
[ 1843.594156][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 1843.594330][ C1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) 
[ 1843.594551][ C1] ? tcp_small_queue_check.isra.0 (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 ./include/linux/refcount.h:136 net/ipv4/tcp_output.c:2631) 
[ 1843.594896][ C1] tcp_write_xmit (net/ipv4/tcp_output.c:2830) 
[ 1843.595081][ C1] ? tcp_current_mss (./include/net/dst.h:216 net/ipv4/tcp_output.c:1872) 
[ 1843.595262][ C1] ? __pfx_tcp_current_mss (net/ipv4/tcp_output.c:1861) 
[ 1843.595424][ C1] ? __alloc_skb (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 ./include/linux/refcount.h:125 net/core/skbuff.c:702) 
[ 1843.595601][ C1] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2739) 
[ 1843.595769][ C1] ? tcp_set_state (net/ipv4/tcp.c:2870 (discriminator 53)) 
[ 1843.595938][ C1] ? __pfx_tcp_set_state (net/ipv4/tcp.c:2870) 
[ 1843.596119][ C1] __tcp_push_pending_frames (net/ipv4/tcp_output.c:3015) 
[ 1843.596316][ C1] inet_shutdown (net/ipv4/af_inet.c:925) 
[ 1843.596610][ C1] ? sockfd_lookup_light (net/socket.c:557) 
[ 1843.596902][ C1] __sys_shutdown (net/socket.c:2448 net/socket.c:2460) 
[ 1843.597093][ C1] ? __pfx___sys_shutdown (net/socket.c:2454) 
[ 1843.597277][ C1] ? audit_reset_context.part.0.constprop.0 (./include/linux/list.h:373 kernel/auditsc.c:1023) 
[ 1843.597502][ C1] __x64_sys_shutdown (net/socket.c:2466) 
[ 1843.597798][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 1843.597981][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1843.598198][    C1] RIP: 0033:0x7f641d1b2beb
[ 1843.598490][ C1] Code: 73 01 c3 48 8b 0d 15 92 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 30 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e5 91 1b 00 f7 d8 64 89 01 48
All code
========
   0:	73 01                	jae    0x3
   2:	c3                   	ret
   3:	48 8b 0d 15 92 1b 00 	mov    0x1b9215(%rip),%rcx        # 0x1b921f
   a:	f7 d8                	neg    %eax
   c:	64 89 01             	mov    %eax,%fs:(%rcx)
   f:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  13:	c3                   	ret
  14:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  1b:	00 00 00 
  1e:	90                   	nop
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 30 00 00 00       	mov    $0x30,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b921f
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d e5 91 1b 00 	mov    0x1b91e5(%rip),%rcx        # 0x1b91f5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[ 1843.599138][    C1] RSP: 002b:00007ffc799ef458 EFLAGS: 00000206 ORIG_RAX: 0000000000000030
[ 1843.599519][    C1] RAX: ffffffffffffffda RBX: 0000563c8ffaa610 RCX: 00007f641d1b2beb
[ 1843.599780][    C1] RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000000000008
[ 1843.600055][    C1] RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000000
[ 1843.600433][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffff


Finger prints:
xfrm_sk_policy_lookup:xfrm_lookup_with_ifid:nf_xfrm_me_harder:nf_nat_ipv4_out:nf_hook_slow
print_report:kasan_report:xfrm_lookup_with_ifid:nf_xfrm_me_harder:nf_nat_ipv4_out