======================================
| [   34.822722][  T308] veth3: entered allmulticast mode
| [   34.832799][  T308] veth3: entered promiscuous mode
| [   35.152972][    C1] BUG: spinlock bad magic on CPU#1, ip/310
| [ 35.153291][ C1] lock: noop_qdisc+0x240/0x300, .magic: 00000000, .owner: ip/310, .owner_cpu: 1 
[   35.153898][    C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   35.154278][    C1] Call Trace:
[   35.154411][    C1]  <IRQ>
[ 35.154506][ C1] dump_stack_lvl (lib/dump_stack.c:122) 
[ 35.154688][ C1] do_raw_spin_unlock (kernel/locking/spinlock_debug.c:100 kernel/locking/spinlock_debug.c:141) 
[ 35.154868][ C1] _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) 
[ 35.155059][ C1] __dev_xmit_skb (./include/net/sch_generic.h:226 ./include/net/sch_generic.h:217 net/core/dev.c:3879) 
[ 35.155242][ C1] ? __pfx___dev_xmit_skb (net/core/dev.c:3784) 
[ 35.155433][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:890 net/core/dev.c:4348) 
[ 35.155613][ C1] ? lock_acquire (kernel/locking/lockdep.c:5732) 
[ 35.155788][ C1] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:890 net/core/dev.c:4348) 
[ 35.155961][ C1] __dev_queue_xmit (net/core/dev.c:4389) 
[ 35.156134][ C1] ? __lock_release (kernel/locking/lockdep.c:5435) 
[ 35.156301][ C1] ? ip_finish_output2 (./include/net/neighbour.h:542 net/ipv4/ip_output.c:235) 
[ 35.156474][ C1] ? __pfx___lock_release (kernel/locking/lockdep.c:5411) 
[ 35.156659][ C1] ? __pfx___dev_queue_xmit (net/core/dev.c:4332) 
[ 35.156827][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4273) 
[ 35.157004][ C1] ? eth_header (net/ethernet/eth.c:100) 
[ 35.157188][ C1] ? neigh_resolve_output (./include/linux/netdevice.h:3159 net/core/neighbour.c:1560 net/core/neighbour.c:1545) 
[ 35.157361][ C1] ip_finish_output2 (./include/net/neighbour.h:542 net/ipv4/ip_output.c:235) 
[ 35.157534][ C1] ? find_held_lock (kernel/locking/lockdep.c:5249) 
[ 35.157712][ C1] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 35.157889][ C1] ? igmpv3_send_cr (./include/linux/rcupdate.h:336 ./include/linux/rcupdate.h:869 net/ipv4/igmp.c:719) 
[ 35.158073][ C1] ? __ip_finish_output (./include/linux/skbuff.h:1666 ./include/linux/skbuff.h:4954 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) 
[ 35.158243][ C1] ip_output (./include/linux/netfilter.h:303 net/ipv4/ip_output.c:433) 
[ 35.158369][ C1] ? __pfx_ip_output (net/ipv4/ip_output.c:427) 
[ 35.158540][ C1] ? igmpv3_send_cr (net/ipv4/igmp.c:721) 
[ 35.158713][ C1] ? ip_local_out (net/ipv4/ip_output.c:128) 
[ 35.158893][ C1] igmp_ifc_timer_expire (net/ipv4/igmp.c:815) 
[ 35.159068][ C1] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 35.159283][ C1] call_timer_fn (kernel/time/timer.c:1792) 
[ 35.159459][ C1] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1782) 
[ 35.159638][ C1] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1782) 
[ 35.159812][ C1] ? __pfx_call_timer_fn (kernel/time/timer.c:1769) 
[ 35.159980][ C1] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:227) 
[ 35.160149][ C1] ? mark_held_locks (kernel/locking/lockdep.c:4273) 
[ 35.160328][ C1] __run_timers (kernel/time/timer.c:1844 kernel/time/timer.c:2417) 
[ 35.160502][ C1] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 35.160715][ C1] ? __pfx___run_timers (kernel/time/timer.c:2388) 
[ 35.160886][ C1] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 35.161103][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 35.161330][ C1] ? lock_acquire (kernel/locking/lockdep.c:5732) 
[ 35.161494][ C1] ? run_timer_softirq (kernel/time/timer.c:2428 kernel/time/timer.c:2421 kernel/time/timer.c:2437 kernel/time/timer.c:2447) 
[ 35.161659][ C1] run_timer_softirq (kernel/time/timer.c:2429 kernel/time/timer.c:2421 kernel/time/timer.c:2437 kernel/time/timer.c:2447) 
[ 35.161828][ C1] handle_softirqs (kernel/softirq.c:554) 
[ 35.161999][ C1] irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637 kernel/softirq.c:649) 
[ 35.162123][ C1] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043 arch/x86/kernel/apic/apic.c:1043) 
[   35.162293][    C1]  </IRQ>
[   35.162382][    C1]  <TASK>
[ 35.162468][ C1] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) 
[ 35.162678][ C1] RIP: 0010:kasan_check_range (mm/kasan/generic.c:87 mm/kasan/generic.c:104 mm/kasan/generic.c:129 mm/kasan/generic.c:161 mm/kasan/generic.c:180 mm/kasan/generic.c:189) 
[ 35.162856][ C1] Code: c2 48 85 c0 75 b0 48 89 da 4c 89 d8 4c 29 da e9 49 ff ff ff 48 85 d2 74 b3 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 a5 80 38 00 <74> f2 e9 74 ff ff ff b8 01 00 00 00 c3 cc cc cc cc 48 29 c3 48 89
All code
========
   0:	c2 48 85             	ret    $0x8548
   3:	c0 75 b0 48          	shlb   $0x48,-0x50(%rbp)
   7:	89 da                	mov    %ebx,%edx
   9:	4c 89 d8             	mov    %r11,%rax
   c:	4c 29 da             	sub    %r11,%rdx
   f:	e9 49 ff ff ff       	jmp    0xffffffffffffff5d
  14:	48 85 d2             	test   %rdx,%rdx
  17:	74 b3                	je     0xffffffffffffffcc
  19:	48 01 ea             	add    %rbp,%rdx
  1c:	eb 09                	jmp    0x27
  1e:	48 83 c0 01          	add    $0x1,%rax
  22:	48 39 d0             	cmp    %rdx,%rax
  25:	74 a5                	je     0xffffffffffffffcc
  27:	80 38 00             	cmpb   $0x0,(%rax)
  2a:*	74 f2                	je     0x1e		<-- trapping instruction
  2c:	e9 74 ff ff ff       	jmp    0xffffffffffffffa5
  31:	b8 01 00 00 00       	mov    $0x1,%eax
  36:	c3                   	ret
  37:	cc                   	int3
  38:	cc                   	int3
  39:	cc                   	int3
  3a:	cc                   	int3
  3b:	48 29 c3             	sub    %rax,%rbx
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	74 f2                	je     0xfffffffffffffff4
   2:	e9 74 ff ff ff       	jmp    0xffffffffffffff7b
   7:	b8 01 00 00 00       	mov    $0x1,%eax
   c:	c3                   	ret
   d:	cc                   	int3
   e:	cc                   	int3
   f:	cc                   	int3
  10:	cc                   	int3
  11:	48 29 c3             	sub    %rax,%rbx
  14:	48                   	rex.W
  15:	89                   	.byte 0x89
[   35.163474][    C1] RSP: 0018:ffffc900006dfaf0 EFLAGS: 00000246
[   35.163716][    C1] RAX: fffffbfff132ab3b RBX: fffffbfff132ab3c RCX: ffffffff854e9e67
[   35.163971][    C1] RDX: fffffbfff132ab3c RSI: 0000000000000008 RDI: ffffffff899559d8
[   35.164219][    C1] RBP: fffffbfff132ab3b R08: 0000000000000000 R09: fffffbfff132ab3b
[   35.164471][    C1] R10: ffffffff899559df R11: 0000000000000005 R12: ffffffff8535a18b
[   35.164720][    C1] R13: 0000000000000000 R14: ffffea0000161300 R15: 0000000000000000
[ 35.164977][ C1] ? __virt_addr_valid (./include/linux/rcupdate.h:336 ./include/linux/rcupdate.h:951 ./include/linux/mmzone.h:2034 arch/x86/mm/physaddr.c:65) 
[ 35.165147][ C1] ? trace_lock_release (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:562 ./include/linux/cpumask.h:1141 ./include/trace/events/lock.h:69) 
[ 35.165329][ C1] ? __virt_addr_valid (./include/linux/rcupdate.h:336 ./include/linux/rcupdate.h:951 ./include/linux/mmzone.h:2034 arch/x86/mm/physaddr.c:65) 
[ 35.165497][ C1] trace_lock_release (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/cpumask.h:562 ./include/linux/cpumask.h:1141 ./include/trace/events/lock.h:69) 
[ 35.165664][ C1] ? __virt_addr_valid (./include/linux/rcupdate.h:336 ./include/linux/rcupdate.h:951 ./include/linux/mmzone.h:2034 arch/x86/mm/physaddr.c:65) 
[ 35.165832][ C1] lock_release (kernel/locking/lockdep.c:115 kernel/locking/lockdep.c:5772) 
[ 35.166079][ C1] __virt_addr_valid (./arch/x86/include/asm/preempt.h:94 ./include/linux/rcupdate.h:953 ./include/linux/mmzone.h:2034 arch/x86/mm/physaddr.c:65) 
[ 35.166346][ C1] ? __pfx_free_object_rcu (mm/kmemleak.c:503) 
[ 35.166628][ C1] kasan_addr_to_slab (mm/kasan/common.c:37) 
[ 35.166899][ C1] __kasan_record_aux_stack (mm/kasan/generic.c:531) 
[ 35.167166][ C1] ? __pfx_free_object_rcu (mm/kmemleak.c:503) 
[ 35.167427][ C1] __call_rcu_common.constprop.0 (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:87 ./arch/x86/include/asm/irqflags.h:123 kernel/rcu/tree.c:3107) 
[ 35.167671][ C1] kmem_cache_free (./include/linux/kmemleak.h:48 mm/slub.c:2213 mm/slub.c:4473 mm/slub.c:4548) 
[ 35.167842][ C1] ? __vm_area_free (kernel/fork.c:514) 
[ 35.168013][ C1] __vm_area_free (kernel/fork.c:514) 
[ 35.168181][ C1] exit_mmap (mm/mmap.c:3438) 
[ 35.168317][ C1] ? __pfx_exit_mmap (mm/mmap.c:3386) 
[ 35.168525][ C1] ? __mutex_unlock_slowpath (./arch/x86/include/asm/atomic64_64.h:101 ./include/linux/atomic/atomic-arch-fallback.h:4329 ./include/linux/atomic/atomic-long.h:1506 ./include/linux/atomic/atomic-instrumented.h:4481 kernel/locking/mutex.c:929) 
[ 35.168699][ C1] mmput (kernel/fork.c:1412 kernel/fork.c:1347 kernel/fork.c:1367) 
[ 35.168824][ C1] exit_mm (kernel/exit.c:572) 
[ 35.168951][ C1] do_exit (kernel/exit.c:872) 
[ 35.169079][ C1] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 35.169246][ C1] ? __pfx_do_exit (kernel/exit.c:821) 
[ 35.169460][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 35.169688][ C1] do_group_exit (kernel/exit.c:1012) 
[ 35.169862][ C1] __x64_sys_exit_group (kernel/exit.c:1040) 
[ 35.170027][ C1] x64_sys_call (./arch/x86/include/generated/asm/syscalls_64.h:61) 
[ 35.170194][ C1] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 35.170363][ C1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[   35.170575][    C1] RIP: 0033:0x7f01ca002a8d
[ 35.170748][ C1] Code: Unable to access opcode bytes at 0x7f01ca002a63.

Code starting with the faulting instruction
===========================================
[   35.171003][    C1] RSP: 002b:00007ffd1096e938 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   35.171337][    C1] RAX: ffffffffffffffda RBX: 00007f01ca0df9c0 RCX: 00007f01ca002a8d
[   35.171588][    C1] RDX: 00000000000000e7 RSI: fffffffffffffe90 RDI: 0000000000000000
[   35.171834][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000060
[   35.172080][    C1] R10: 00007f01c9eeffa8 R11: 0000000000000246 R12: 00007f01ca0df9c0


Finger prints:
do_raw_spin_unlock:_raw_spin_unlock:__dev_xmit_skb:__dev_queue_xmit:ip_finish_output2