======================================
| [ 648.502070][ C0] #1: ffffffffad745f50 (remove_cache_srcu){.+.+}-{0:0}, at: kasan_quarantine_reduce (./include/linux/srcu.h:116 ./include/linux/srcu.h:215 mm/kasan/quarantine.c:259) 
| [ 648.502413][ C0] #2: ffffc90000007d68 ((&tw->tw_timer)){+.-.}-{0:0}, at: call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1783) 
| [  648.502715][    C0]
| [  648.502715][    C0] stack backtrace:
[  648.503202][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  648.503594][    C0] Call Trace:
[  648.503727][    C0]  <IRQ>
[ 648.503812][ C0] dump_stack_lvl (lib/dump_stack.c:117) 
[ 648.504008][ C0] check_noncircular (kernel/locking/lockdep.c:2187) 
[ 648.504182][ C0] ? __pfx_check_noncircular (kernel/locking/lockdep.c:2163) 
[ 648.504367][ C0] ? lock_release (kernel/locking/lockdep.c:116 kernel/locking/lockdep.c:5767) 
[ 648.504558][ C0] ? is_bpf_text_address (kernel/bpf/core.c:772) 
[ 648.504738][ C0] ? alloc_chain_hlocks (kernel/locking/lockdep.c:3501) 
[ 648.504940][ C0] check_prev_add (kernel/locking/lockdep.c:3135) 
[ 648.505141][ C0] validate_chain (kernel/locking/lockdep.c:3254 kernel/locking/lockdep.c:3869) 
[ 648.505342][ C0] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) 
[ 648.505530][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 648.505731][ C0] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 3)) 
[ 648.505895][ C0] __lock_acquire (kernel/locking/lockdep.c:5137) 
[ 648.506111][ C0] ? __pfx_tw_timer_handler (net/ipv4/inet_timewait_sock.c:173) 
[ 648.506330][ C0] lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5756) 
[ 648.506551][ C0] ? tw_timer_handler (net/ipv4/inet_timewait_sock.c:81 net/ipv4/inet_timewait_sock.c:176) 
[ 648.506728][ C0] ? __pfx_tw_timer_handler (net/ipv4/inet_timewait_sock.c:173) 
[ 648.506917][ C0] ? lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5756) 
[ 648.507085][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 648.507257][ C0] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) 
[ 648.507422][ C0] ? tw_timer_handler (net/ipv4/inet_timewait_sock.c:81 net/ipv4/inet_timewait_sock.c:176) 
[ 648.507617][ C0] ? lock_acquire (kernel/locking/lockdep.c:5727) 
[ 648.507786][ C0] ? tw_timer_handler (net/ipv4/inet_timewait_sock.c:81 net/ipv4/inet_timewait_sock.c:176) 
[ 648.507965][ C0] _raw_spin_lock (./include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154) 
[ 648.508138][ C0] ? tw_timer_handler (net/ipv4/inet_timewait_sock.c:81 net/ipv4/inet_timewait_sock.c:176) 
[ 648.508316][ C0] tw_timer_handler (net/ipv4/inet_timewait_sock.c:81 net/ipv4/inet_timewait_sock.c:176) 
[ 648.508505][ C0] call_timer_fn (kernel/time/timer.c:1793) 
[ 648.508677][ C0] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1783) 
[ 648.508865][ C0] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1783) 
[ 648.509030][ C0] ? __pfx_call_timer_fn (kernel/time/timer.c:1770) 
[ 648.509204][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) 
[ 648.509381][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4274) 
[ 648.509574][ C0] __run_timers (kernel/time/timer.c:1845 kernel/time/timer.c:2418) 
[ 648.509750][ C0] ? __pfx_tw_timer_handler (net/ipv4/inet_timewait_sock.c:173) 
[ 648.509941][ C0] ? __pfx___run_timers (kernel/time/timer.c:2389) 
[ 648.510119][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:115 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 648.510302][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 648.510480][ C0] ? lock_acquire (kernel/locking/lockdep.c:5727) 
[ 648.510667][ C0] ? run_timer_softirq (kernel/time/timer.c:2429 kernel/time/timer.c:2422 kernel/time/timer.c:2438 kernel/time/timer.c:2446) 
[ 648.510852][ C0] run_timer_softirq (kernel/time/timer.c:2430 kernel/time/timer.c:2422 kernel/time/timer.c:2438 kernel/time/timer.c:2446) 
[ 648.511037][ C0] __do_softirq (kernel/softirq.c:554) 
[ 648.511228][ C0] irq_exit_rcu (kernel/softirq.c:428 kernel/softirq.c:633 kernel/softirq.c:645) 
[ 648.511355][ C0] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043 arch/x86/kernel/apic/apic.c:1043) 
[  648.511521][    C0]  </IRQ>
[  648.511628][    C0]  <TASK>
[ 648.511713][ C0] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) 
[ 648.511941][ C0] RIP: 0010:_raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) 
[ 648.512162][ C0] Code: 10 e8 a1 79 91 fd 48 89 ef e8 d9 e9 91 fd 81 e3 00 02 00 00 75 1d 9c 58 f6 c4 02 75 29 48 85 db 74 01 fb 65 ff 0d 35 f2 c5 53 <74> 0e 5b 5d c3 cc cc cc cc e8 9f e5 b4 fd eb dc 0f 1f 44 00 00 5b
All code
========
   0:	10 e8                	adc    %ch,%al
   2:	a1 79 91 fd 48 89 ef 	movabs 0xd9e8ef8948fd9179,%eax
   9:	e8 d9 
   b:	e9 91 fd 81 e3       	jmp    0xffffffffe381fda1
  10:	00 02                	add    %al,(%rdx)
  12:	00 00                	add    %al,(%rax)
  14:	75 1d                	jne    0x33
  16:	9c                   	pushf
  17:	58                   	pop    %rax
  18:	f6 c4 02             	test   $0x2,%ah
  1b:	75 29                	jne    0x46
  1d:	48 85 db             	test   %rbx,%rbx
  20:	74 01                	je     0x23
  22:	fb                   	sti
  23:	65 ff 0d 35 f2 c5 53 	decl   %gs:0x53c5f235(%rip)        # 0x53c5f25f
  2a:*	74 0e                	je     0x3a		<-- trapping instruction
  2c:	5b                   	pop    %rbx
  2d:	5d                   	pop    %rbp
  2e:	c3                   	ret
  2f:	cc                   	int3
  30:	cc                   	int3
  31:	cc                   	int3
  32:	cc                   	int3
  33:	e8 9f e5 b4 fd       	call   0xfffffffffdb4e5d7
  38:	eb dc                	jmp    0x16
  3a:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  3f:	5b                   	pop    %rbx

Code starting with the faulting instruction
===========================================
   0:	74 0e                	je     0x10
   2:	5b                   	pop    %rbx
   3:	5d                   	pop    %rbp
   4:	c3                   	ret
   5:	cc                   	int3
   6:	cc                   	int3
   7:	cc                   	int3
   8:	cc                   	int3
   9:	e8 9f e5 b4 fd       	call   0xfffffffffdb4e5ad
   e:	eb dc                	jmp    0xffffffffffffffec
  10:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  15:	5b                   	pop    %rbx
[  648.512855][    C0] RSP: 0018:ffffc9000136faa8 EFLAGS: 00000286
[  648.513086][    C0] RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff5eb4355
[  648.513353][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffac3dd7a1
[  648.513636][    C0] RBP: ffff888001041080 R08: 0000000000000001 R09: fffffbfff5eb22a9
[  648.513894][    C0] R10: ffffffffaf59154f R11: 0000000000001000 R12: ffff8880010433c0
[  648.514156][    C0] R13: ffff88800f04c000 R14: 0000000000000286 R15: ffff888001041080
[ 648.514415][ C0] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) 
[ 648.514630][ C0] free_to_partial_list (mm/slub.c:4071) 
[ 648.514802][ C0] ? qlist_free_all (mm/kasan/quarantine.c:163 mm/kasan/quarantine.c:179) 
[ 648.514999][ C0] qlist_free_all (mm/kasan/quarantine.c:174) 
[ 648.515172][ C0] kasan_quarantine_reduce (./include/linux/srcu.h:285 mm/kasan/quarantine.c:287) 
[ 648.515370][ C0] __kasan_slab_alloc (mm/kasan/common.c:322) 
[ 648.515546][ C0] kmalloc_trace (mm/slub.c:3799 mm/slub.c:3845 mm/slub.c:3992) 
[ 648.515725][ C0] load_elf_binary (./include/linux/slab.h:628 fs/binfmt_elf.c:905) 
[ 648.515893][ C0] ? find_held_lock (kernel/locking/lockdep.c:5244) 
[ 648.516101][ C0] ? __lock_release (kernel/locking/lockdep.c:5430) 
[ 648.516270][ C0] ? search_binary_handler (fs/exec.c:1778) 
[ 648.516461][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) 
[ 648.516649][ C0] ? __pfx_lock_acquire.part.0 (kernel/locking/lockdep.c:5719) 
[ 648.516862][ C0] ? __pfx_load_elf_binary (fs/binfmt_elf.c:820) 
[ 648.517035][ C0] ? search_binary_handler (fs/exec.c:1778) 
[ 648.517232][ C0] search_binary_handler (fs/exec.c:1778) 
[ 648.517413][ C0] ? __pfx_search_binary_handler (fs/exec.c:1757) 
[ 648.517648][ C0] ? __task_pid_nr_ns (./include/linux/rcupdate.h:339 ./include/linux/rcupdate.h:814 kernel/pid.c:514) 
[ 648.517840][ C0] ? exec_binprm (./include/linux/rcupdate.h:339 ./include/linux/rcupdate.h:814 fs/exec.c:1812) 
[ 648.518029][ C0] exec_binprm (fs/exec.c:1821) 
[ 648.518202][ C0] bprm_execve (fs/exec.c:1872 fs/exec.c:1848) 
[ 648.518333][ C0] do_execveat_common.isra.0 (fs/exec.c:1979) 
[ 648.518505][ C0] ? getname_flags (./arch/x86/include/asm/atomic.h:28 ./include/linux/atomic/atomic-arch-fallback.h:503 ./include/linux/atomic/atomic-instrumented.h:68 fs/namei.c:190) 
[ 648.518683][ C0] __x64_sys_execve (fs/exec.c:2124) 
[ 648.518846][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 648.519014][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[  648.519224][    C0] RIP: 0033:0x7f0c9f1dd40b
[ 648.519398][ C0] Code: c0 75 03 5f ff e7 c3 48 8b 0d f1 a9 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 80 00 00 00 00 f3 0f 1e fa b8 3b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c5 a9 1b 00 f7 d8 64 89 01 48
All code
========
   0:	c0 75 03 5f          	shlb   $0x5f,0x3(%rbp)
   4:	ff e7                	jmp    *%rdi
   6:	c3                   	ret
   7:	48 8b 0d f1 a9 1b 00 	mov    0x1ba9f1(%rip),%rcx        # 0x1ba9ff
   e:	f7 d8                	neg    %eax
  10:	64 89 01             	mov    %eax,%fs:(%rcx)
  13:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
  17:	c3                   	ret
  18:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  1f:	f3 0f 1e fa          	endbr64
  23:	b8 3b 00 00 00       	mov    $0x3b,%eax
  28:	0f 05                	syscall
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 8b 0d c5 a9 1b 00 	mov    0x1ba9c5(%rip),%rcx        # 0x1ba9ff
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	ret
   9:	48 8b 0d c5 a9 1b 00 	mov    0x1ba9c5(%rip),%rcx        # 0x1ba9d5
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
[  648.520024][    C0] RSP: 002b:00007fffbbb40748 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  648.520286][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0c9f1dd40b
[  648.520543][    C0] RDX: 0000557b4bdb6340 RSI: 0000557b4bdaef40 RDI: 0000557b4bdb3fe0
[  648.520803][    C0] RBP: 0000557b4bdb3fe0 R08: 0000557b4bd8f1e0 R09: 0000000000000020
[  648.521184][    C0] R10: 00000000000001b6 R11: 0000000000000246 R12: 00000000ffffffff


Finger prints:
dump_stack_lvl:check_noncircular:check_prev_add:validate_chain