======================================
| WAIT TIMEOUT stdout
| [   31.044165][  T253] tun: Universal TUN/TAP device driver, 1.6
| [   88.429311][    C2] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI
| [   88.429773][    C2] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
[   88.430198][    C2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[ 88.430516][ C2] RIP: 0010:__inet_csk_reqsk_queue_drop (./include/linux/list.h:958 ./include/net/sock.h:744 ./include/net/sock.h:749 net/ipv4/inet_connection_sock.c:1042 net/ipv4/inet_connection_sock.c:1058) 
[ 88.430707][ C2] Code: 00 00 00 00 00 fc ff df 41 57 4c 8d 7e 70 41 56 41 55 41 89 d5 4c 89 fa 41 54 48 c1 ea 03 55 48 89 f5 53 48 89 fb 48 83 ec 08 <80> 3c 02 00 0f 85 6c 05 00 00 45 31 e4 48 83 7d 70 00 0f 84 0f 01
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	00 fc                	add    %bh,%ah
   6:	ff                   	(bad)
   7:	df 41 57             	filds  0x57(%rcx)
   a:	4c 8d 7e 70          	lea    0x70(%rsi),%r15
   e:	41 56                	push   %r14
  10:	41 55                	push   %r13
  12:	41 89 d5             	mov    %edx,%r13d
  15:	4c 89 fa             	mov    %r15,%rdx
  18:	41 54                	push   %r12
  1a:	48 c1 ea 03          	shr    $0x3,%rdx
  1e:	55                   	push   %rbp
  1f:	48 89 f5             	mov    %rsi,%rbp
  22:	53                   	push   %rbx
  23:	48 89 fb             	mov    %rdi,%rbx
  26:	48 83 ec 08          	sub    $0x8,%rsp
  2a:*	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)		<-- trapping instruction
  2e:	0f 85 6c 05 00 00    	jne    0x5a0
  34:	45 31 e4             	xor    %r12d,%r12d
  37:	48 83 7d 70 00       	cmpq   $0x0,0x70(%rbp)
  3c:	0f                   	.byte 0xf
  3d:	84 0f                	test   %cl,(%rdi)
  3f:	01                   	.byte 0x1

Code starting with the faulting instruction
===========================================
   0:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   4:	0f 85 6c 05 00 00    	jne    0x576
   a:	45 31 e4             	xor    %r12d,%r12d
   d:	48 83 7d 70 00       	cmpq   $0x0,0x70(%rbp)
  12:	0f                   	.byte 0xf
  13:	84 0f                	test   %cl,(%rdi)
  15:	01                   	.byte 0x1
[   88.431210][    C2] RSP: 0000:ffffc90000240c28 EFLAGS: 00010296
[   88.431391][    C2] RAX: dffffc0000000000 RBX: ffff888006590d40 RCX: 1ffff11000cad5a7
[   88.431611][    C2] RDX: 000000000000000e RSI: 0000000000000000 RDI: ffff888006590d40
[   88.431834][    C2] RBP: 0000000000000000 R08: ffffffff90d3fe6f R09: fffffbfff262e809
[   88.432047][    C2] R10: ffffffff9317404f R11: 0000000000000001 R12: 0000000000000000
[   88.432256][    C2] R13: 0000000000000001 R14: ffff8880052a4278 R15: 0000000000000070
[   88.432473][    C2] FS:  0000000000000000(0000) GS:ffff888036100000(0000) knlGS:0000000000000000
[   88.432726][    C2] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.432905][    C2] CR2: 00007ff6e5c3f868 CR3: 000000000788a002 CR4: 0000000000772ef0
[   88.433115][    C2] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   88.433328][    C2] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   88.433542][    C2] PKRU: 55555554
[   88.433648][    C2] Call Trace:
[   88.433754][    C2]  <IRQ>
[ 88.433833][ C2] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 88.433951][ C2] ? exc_general_protection (arch/x86/kernel/traps.c:751 arch/x86/kernel/traps.c:693) 
[ 88.434098][ C2] ? asm_exc_general_protection (./arch/x86/include/asm/idtentry.h:617) 
[ 88.434241][ C2] ? reuseport_migrate_sock (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 net/core/sock_reuseport.c:674) 
[ 88.434383][ C2] ? __inet_csk_reqsk_queue_drop (./include/linux/list.h:958 ./include/net/sock.h:744 ./include/net/sock.h:749 net/ipv4/inet_connection_sock.c:1042 net/ipv4/inet_connection_sock.c:1058) 
[ 88.434559][ C2] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827) 
[ 88.434701][ C2] reqsk_timer_handler (./include/net/request_sock.h:148 net/ipv4/inet_connection_sock.c:1194) 
[ 88.434851][ C2] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5790) 
[ 88.434995][ C2] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 88.435141][ C2] ? __pfx_reqsk_timer_handler (net/ipv4/inet_connection_sock.c:1085) 
[ 88.435282][ C2] ? call_timer_fn (kernel/time/timer.c:1791) 
[ 88.435423][ C2] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 88.435565][ C2] ? __pfx_reqsk_timer_handler (net/ipv4/inet_connection_sock.c:1085) 
[ 88.435706][ C2] call_timer_fn (kernel/time/timer.c:1794) 
[ 88.435846][ C2] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1784) 
[ 88.435993][ C2] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1784) 
[ 88.436137][ C2] ? __pfx_call_timer_fn (kernel/time/timer.c:1771) 
[ 88.436283][ C2] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 88.436430][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 88.436577][ C2] __run_timers (kernel/time/timer.c:1846 kernel/time/timer.c:2419) 
[ 88.436718][ C2] ? __pfx_reqsk_timer_handler (net/ipv4/inet_connection_sock.c:1085) 
[ 88.436858][ C2] ? __pfx___run_timers (kernel/time/timer.c:2390) 
[ 88.437008][ C2] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 88.437160][ C2] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 88.437304][ C2] ? lock_acquire (kernel/locking/lockdep.c:5798) 
[ 88.437453][ C2] ? run_timer_softirq (kernel/time/timer.c:2430 kernel/time/timer.c:2423 kernel/time/timer.c:2439 kernel/time/timer.c:2447) 
[ 88.437597][ C2] run_timer_softirq (kernel/time/timer.c:2431 kernel/time/timer.c:2423 kernel/time/timer.c:2439 kernel/time/timer.c:2447) 
[ 88.437739][ C2] handle_softirqs (kernel/softirq.c:554) 
[ 88.437893][ C2] irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637 kernel/softirq.c:649) 
[ 88.437999][ C2] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1037 arch/x86/kernel/apic/apic.c:1037) 
[   88.438141][    C2]  </IRQ>
[   88.438216][    C2]  <TASK>
[ 88.438287][ C2] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) 
[ 88.438465][ C2] RIP: 0010:unwind_next_frame (arch/x86/kernel/unwind_orc.c:403 arch/x86/kernel/unwind_orc.c:585) 
[ 88.438651][ C2] Code: ed ff ff 4c 8b 04 24 e9 1f fb ff ff 48 8b 44 24 68 ba 08 00 00 00 4c 89 ef 4c 8d 78 f8 48 89 44 24 28 4c 89 fe e8 6c f5 ff ff <4d> 8d 45 40 84 c0 0f 84 f5 fa ff ff 4c 89 ff e8 08 e8 ff ff 48 89
All code
========
   0:	ed                   	in     (%dx),%eax
   1:	ff                   	(bad)
   2:	ff 4c 8b 04          	decl   0x4(%rbx,%rcx,4)
   6:	24 e9                	and    $0xe9,%al
   8:	1f                   	(bad)
   9:	fb                   	sti
   a:	ff                   	(bad)
   b:	ff 48 8b             	decl   -0x75(%rax)
   e:	44 24 68             	rex.R and $0x68,%al
  11:	ba 08 00 00 00       	mov    $0x8,%edx
  16:	4c 89 ef             	mov    %r13,%rdi
  19:	4c 8d 78 f8          	lea    -0x8(%rax),%r15
  1d:	48 89 44 24 28       	mov    %rax,0x28(%rsp)
  22:	4c 89 fe             	mov    %r15,%rsi
  25:	e8 6c f5 ff ff       	call   0xfffffffffffff596
  2a:*	4d 8d 45 40          	lea    0x40(%r13),%r8		<-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	0f 84 f5 fa ff ff    	je     0xfffffffffffffb2b
  36:	4c 89 ff             	mov    %r15,%rdi
  39:	e8 08 e8 ff ff       	call   0xffffffffffffe846
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	4d 8d 45 40          	lea    0x40(%r13),%r8
   4:	84 c0                	test   %al,%al
   6:	0f 84 f5 fa ff ff    	je     0xfffffffffffffb01
   c:	4c 89 ff             	mov    %r15,%rdi
   f:	e8 08 e8 ff ff       	call   0xffffffffffffe81c
  14:	48                   	rex.W
  15:	89                   	.byte 0x89
[   88.439142][    C2] RSP: 0000:ffffc90000d2f848 EFLAGS: 00000292
[   88.439321][    C2] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffc90000d30000
[   88.439536][    C2] RDX: ffffc90000d2fb01 RSI: 0000000000000001 RDI: ffffc90000d2f948
[   88.439745][    C2] RBP: ffffc90000d2f9a0 R08: ffffc90000d2f988 R09: 1ffff920001a5f12
[   88.439953][    C2] R10: ffffc90000d2f948 R11: ffffc90000d2f989 R12: 1ffff920001a5f12
[   88.440162][    C2] R13: ffffc90000d2f948 R14: ffffffff93601bd0 R15: ffffc90000d2fba0
[ 88.440375][ C2] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:403 arch/x86/kernel/unwind_orc.c:585) 
[ 88.440519][ C2] ? qlist_free_all (mm/kasan/quarantine.c:174) 
[ 88.440666][ C2] ? __pfx_unwind_next_frame (arch/x86/kernel/unwind_orc.c:469) 
[ 88.440806][ C2] ? qlist_free_all (mm/kasan/quarantine.c:174) 
[ 88.440947][ C2] ? kernel_text_address (kernel/extable.c:99) 
[ 88.441089][ C2] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 88.441269][ C2] arch_stack_walk (arch/x86/kernel/stacktrace.c:24) 
[ 88.441413][ C2] ? qlist_free_all (mm/kasan/quarantine.c:174) 
[ 88.441555][ C2] stack_trace_save (kernel/stacktrace.c:123) 
[ 88.441699][ C2] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) 
[ 88.441842][ C2] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 88.441984][ C2] set_track_prepare (mm/slub.c:946) 
[ 88.442126][ C2] ? __pfx___lock_release (kernel/locking/lockdep.c:5477) 
[ 88.442267][ C2] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 88.442410][ C2] ? mark_lock (kernel/locking/lockdep.c:4703 (discriminator 3)) 
[ 88.442517][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4321) 
[ 88.442657][ C2] free_to_partial_list (mm/slub.c:4325) 
[ 88.442798][ C2] ? qlist_free_all (mm/kasan/quarantine.c:163 mm/kasan/quarantine.c:179) 
[ 88.442944][ C2] qlist_free_all (mm/kasan/quarantine.c:174) 
[ 88.443086][ C2] kasan_quarantine_reduce (./include/linux/srcu.h:320 mm/kasan/quarantine.c:287) 
[ 88.443227][ C2] __kasan_slab_alloc (mm/kasan/common.c:329) 
[ 88.443369][ C2] kmem_cache_alloc_noprof (./include/linux/kasan.h:247 mm/slub.c:4086 mm/slub.c:4135 mm/slub.c:4142) 
[ 88.443511][ C2] __anon_vma_prepare (mm/rmap.c:143 mm/rmap.c:196) 
[ 88.443655][ C2] __vmf_anon_prepare (mm/memory.c:3309) 
[ 88.443797][ C2] do_pte_missing (mm/internal.h:326 mm/memory.c:5302 mm/memory.c:5418 mm/memory.c:3965) 
[ 88.443937][ C2] ? __lock_release (kernel/locking/lockdep.c:5547) 
[ 88.444085][ C2] __handle_mm_fault (mm/memory.c:5894) 
[ 88.444229][ C2] ? __pfx___handle_mm_fault (mm/memory.c:5803) 
[ 88.444369][ C2] ? lock_vma_under_rcu (./include/linux/mm.h:704 mm/memory.c:6228) 
[ 88.444512][ C2] ? __pfx_lock_vma_under_rcu (mm/memory.c:6218) 
[ 88.444652][ C2] handle_mm_fault (mm/memory.c:6074) 
[ 88.444791][ C2] ? __pfx_handle_mm_fault (mm/memory.c:6029) 
[ 88.444934][ C2] do_user_addr_fault (arch/x86/mm/fault.c:1338) 
[ 88.445077][ C2] exc_page_fault (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539) 
[ 88.445224][ C2] asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) 
[   88.445365][    C2] RIP: 0033:0x7ff6e5c8d9aa
[ 88.445514][ C2] Code: 0f 61 c0 66 0f 70 c0 00 48 83 fa 10 0f 82 7e 00 00 00 48 83 fa 20 77 12 0f 11 44 17 f0 0f 11 07 c3 0f 11 47 e0 0f 11 47 f0 c3 <0f> 11 07 0f 11 47 10 48 01 d7 48 83 fa 40 76 e7 0f 11 40 20 0f 11
All code
========
   0:	0f 61 c0             	punpcklwd %mm0,%mm0
   3:	66 0f 70 c0 00       	pshufd $0x0,%xmm0,%xmm0
   8:	48 83 fa 10          	cmp    $0x10,%rdx
   c:	0f 82 7e 00 00 00    	jb     0x90
  12:	48 83 fa 20          	cmp    $0x20,%rdx
  16:	77 12                	ja     0x2a
  18:	0f 11 44 17 f0       	movups %xmm0,-0x10(%rdi,%rdx,1)
  1d:	0f 11 07             	movups %xmm0,(%rdi)
  20:	c3                   	ret
  21:	0f 11 47 e0          	movups %xmm0,-0x20(%rdi)
  25:	0f 11 47 f0          	movups %xmm0,-0x10(%rdi)
  29:	c3                   	ret
  2a:*	0f 11 07             	movups %xmm0,(%rdi)		<-- trapping instruction
  2d:	0f 11 47 10          	movups %xmm0,0x10(%rdi)
  31:	48 01 d7             	add    %rdx,%rdi
  34:	48 83 fa 40          	cmp    $0x40,%rdx
  38:	76 e7                	jbe    0x21
  3a:	0f 11 40 20          	movups %xmm0,0x20(%rax)
  3e:	0f                   	.byte 0xf
  3f:	11                   	.byte 0x11

Code starting with the faulting instruction
===========================================
   0:	0f 11 07             	movups %xmm0,(%rdi)
   3:	0f 11 47 10          	movups %xmm0,0x10(%rdi)
   7:	48 01 d7             	add    %rdx,%rdi
   a:	48 83 fa 40          	cmp    $0x40,%rdx
   e:	76 e7                	jbe    0xfffffffffffffff7
  10:	0f 11 40 20          	movups %xmm0,0x20(%rax)
  14:	0f                   	.byte 0xf
  15:	11                   	.byte 0x11
[   88.446011][    C2] RSP: 002b:00007ffd3161cea8 EFLAGS: 00010206
[   88.446189][    C2] RAX: 00007ff6e5c3f868 RBX: 0000000000000004 RCX: 00007ff6e5c4cf90
[   88.446414][    C2] RDX: 0000000000000798 RSI: 0000000000000000 RDI: 00007ff6e5c3f868
[   88.446627][    C2] RBP: 00007ffd3161d5c0 R08: 00007ff6e5c3f868 R09: 00000000001f5000
[   88.446836][    C2] R10: 0000000000000003 R11: 0000000000000246 R12: 00007ffd3161cf40


Finger prints:
__inet_csk_reqsk_queue_drop:reqsk_timer_handler:call_timer_fn:__run_timers:run_timer_softirq