======================================
| [   37.690829][  T292] macvlan4: entered promiscuous mode
| [   37.851154][  T293] br0: entered promiscuous mode
| [   37.855205][    C0] BUG: spinlock bad magic on CPU#0, ip/293
| [ 37.855445][ C0] lock: noop_qdisc+0x240/0x300, .magic: 00000000, .owner: ip/293, .owner_cpu: 0 
[   37.855999][    C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[   37.856362][    C0] Call Trace:
[   37.856503][    C0]  <IRQ>
[ 37.856583][ C0] dump_stack_lvl (lib/dump_stack.c:122) 
[ 37.856750][ C0] do_raw_spin_unlock (kernel/locking/spinlock_debug.c:100 kernel/locking/spinlock_debug.c:141) 
[ 37.856902][ C0] _raw_spin_unlock (./arch/x86/include/asm/preempt.h:94 ./include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186) 
[ 37.857059][ C0] __dev_xmit_skb (./include/net/sch_generic.h:226 ./include/net/sch_generic.h:217 net/core/dev.c:3879) 
[ 37.857210][ C0] ? __pfx___dev_xmit_skb (net/core/dev.c:3784) 
[ 37.857385][ C0] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:890 net/core/dev.c:4348) 
[ 37.857557][ C0] ? lock_acquire (kernel/locking/lockdep.c:5732) 
[ 37.857751][ C0] ? __dev_queue_xmit (./include/linux/bottom_half.h:20 ./include/linux/rcupdate.h:890 net/core/dev.c:4348) 
[ 37.857902][ C0] __dev_queue_xmit (net/core/dev.c:4389) 
[ 37.858085][ C0] ? __lock_release (kernel/locking/lockdep.c:5435) 
[ 37.858238][ C0] ? ip_finish_output2 (./include/net/neighbour.h:542 net/ipv4/ip_output.c:235) 
[ 37.858402][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5411) 
[ 37.858576][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4332) 
[ 37.858727][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4273) 
[ 37.858921][ C0] ? eth_header (net/ethernet/eth.c:100) 
[ 37.859082][ C0] ? neigh_resolve_output (./include/linux/netdevice.h:3159 net/core/neighbour.c:1560 net/core/neighbour.c:1545) 
[ 37.859251][ C0] ip_finish_output2 (./include/net/neighbour.h:542 net/ipv4/ip_output.c:235) 
[ 37.859412][ C0] ? igmpv3_send_cr (./include/linux/rcupdate.h:336 ./include/linux/rcupdate.h:869 net/ipv4/igmp.c:719) 
[ 37.859586][ C0] ? __pfx_ip_finish_output2 (net/ipv4/ip_output.c:199) 
[ 37.859746][ C0] ? __ip_finish_output (./include/linux/skbuff.h:1666 ./include/linux/skbuff.h:4954 net/ipv4/ip_output.c:307 net/ipv4/ip_output.c:295) 
[ 37.859921][ C0] igmp_ifc_timer_expire (net/ipv4/igmp.c:815) 
[ 37.860078][ C0] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 37.860292][ C0] call_timer_fn (kernel/time/timer.c:1792) 
[ 37.860461][ C0] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1782) 
[ 37.860614][ C0] ? call_timer_fn (./include/linux/lockdep.h:31 kernel/time/timer.c:1782) 
[ 37.860791][ C0] ? __pfx_call_timer_fn (kernel/time/timer.c:1769) 
[ 37.860943][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:227) 
[ 37.861099][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4273) 
[ 37.861287][ C0] __run_timers (kernel/time/timer.c:1844 kernel/time/timer.c:2417) 
[ 37.861445][ C0] ? __pfx_igmp_ifc_timer_expire (net/ipv4/igmp.c:809) 
[ 37.861666][ C0] ? __pfx___run_timers (kernel/time/timer.c:2388) 
[ 37.861832][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 37.861995][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 37.862165][ C0] ? lock_acquire (kernel/locking/lockdep.c:5732) 
[ 37.862336][ C0] ? run_timer_softirq (kernel/time/timer.c:2428 kernel/time/timer.c:2421 kernel/time/timer.c:2437 kernel/time/timer.c:2447) 
[ 37.862504][ C0] run_timer_softirq (kernel/time/timer.c:2429 kernel/time/timer.c:2421 kernel/time/timer.c:2437 kernel/time/timer.c:2447) 
[ 37.862671][ C0] handle_softirqs (kernel/softirq.c:554) 
[ 37.862831][ C0] irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637 kernel/softirq.c:649) 
[ 37.862956][ C0] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043 arch/x86/kernel/apic/apic.c:1043) 
[   37.863132][    C0]  </IRQ>
[   37.863214][    C0]  <TASK>
[ 37.863289][ C0] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) 
[ 37.863503][ C0] RIP: 0010:orc_find.part.0 (arch/x86/kernel/unwind_orc.c:220) 
[ 37.863659][ C0] Code: f0 8b 14 9d 44 79 71 97 48 8d 0c 40 48 8d b4 09 f0 45 29 97 83 c2 01 48 81 fe 44 79 71 97 0f 83 83 01 00 00 89 d1 48 8d 0c 49 <48> 8d 8c 09 f0 45 29 97 48 81 f9 44 79 71 97 0f 87 68 01 00 00 44
All code
========
   0:	f0 8b 14 9d 44 79 71 	lock mov -0x688e86bc(,%rbx,4),%edx
   7:	97 
   8:	48 8d 0c 40          	lea    (%rax,%rax,2),%rcx
   c:	48 8d b4 09 f0 45 29 	lea    -0x68d6ba10(%rcx,%rcx,1),%rsi
  13:	97 
  14:	83 c2 01             	add    $0x1,%edx
  17:	48 81 fe 44 79 71 97 	cmp    $0xffffffff97717944,%rsi
  1e:	0f 83 83 01 00 00    	jae    0x1a7
  24:	89 d1                	mov    %edx,%ecx
  26:	48 8d 0c 49          	lea    (%rcx,%rcx,2),%rcx
  2a:*	48 8d 8c 09 f0 45 29 	lea    -0x68d6ba10(%rcx,%rcx,1),%rcx		<-- trapping instruction
  31:	97 
  32:	48 81 f9 44 79 71 97 	cmp    $0xffffffff97717944,%rcx
  39:	0f 87 68 01 00 00    	ja     0x1a7
  3f:	44                   	rex.R

Code starting with the faulting instruction
===========================================
   0:	48 8d 8c 09 f0 45 29 	lea    -0x68d6ba10(%rcx,%rcx,1),%rcx
   7:	97 
   8:	48 81 f9 44 79 71 97 	cmp    $0xffffffff97717944,%rcx
   f:	0f 87 68 01 00 00    	ja     0x17d
  15:	44                   	rex.R
[   37.864211][    C0] RSP: 0018:ffffc900005ef710 EFLAGS: 00000283
[   37.864415][    C0] RAX: 0000000000011125 RBX: 0000000000003ab4 RCX: 0000000000033372
[   37.864655][    C0] RDX: 0000000000011126 RSI: ffffffff972facce RDI: ffffffff97726414
[   37.864881][    C0] RBP: 0000000000003ab3 R08: ffffc900005ef890 R09: 1ffff920000bdef3
[   37.865114][    C0] R10: ffffc900005ef850 R11: ffffc900005ef891 R12: ffffffff929ab3b9
[   37.865346][    C0] R13: 0000000000030001 R14: 0000000000011125 R15: 0000000000000000
[ 37.865575][ C0] ? do_exit (kernel/exit.c:869) 
[ 37.865696][ C0] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24) 
[ 37.865863][ C0] unwind_next_frame (arch/x86/kernel/unwind_orc.c:495) 
[ 37.866021][ C0] ? do_exit (kernel/exit.c:872) 
[ 37.866138][ C0] ? __pfx_unwind_next_frame (arch/x86/kernel/unwind_orc.c:469) 
[ 37.866288][ C0] ? do_exit (kernel/exit.c:872) 
[ 37.866400][ C0] ? kernel_text_address (kernel/extable.c:99) 
[ 37.866555][ C0] ? __pfx_stack_trace_consume_entry (kernel/stacktrace.c:83) 
[ 37.866741][ C0] arch_stack_walk (arch/x86/kernel/stacktrace.c:24) 
[ 37.866909][ C0] ? do_exit (kernel/exit.c:872) 
[ 37.867023][ C0] stack_trace_save (kernel/stacktrace.c:123) 
[ 37.867189][ C0] ? __pfx_stack_trace_save (kernel/stacktrace.c:114) 
[ 37.867338][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5142) 
[ 37.867486][ C0] ? check_prev_add (kernel/locking/lockdep.c:3152) 
[ 37.867636][ C0] kasan_save_stack (mm/kasan/common.c:48) 
[ 37.867795][ C0] ? kasan_save_stack (mm/kasan/common.c:48) 
[ 37.868054][ C0] ? kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) 
[ 37.868205][ C0] ? kasan_save_free_info (mm/kasan/generic.c:582) 
[ 37.868362][ C0] ? poison_slab_object (mm/kasan/common.c:240 mm/kasan/common.c:211) 
[ 37.868520][ C0] ? __kasan_slab_free (mm/kasan/common.c:256) 
[ 37.868775][ C0] ? kmem_cache_free (mm/slub.c:4473 mm/slub.c:4548) 
[ 37.868939][ C0] ? __vm_area_free (kernel/fork.c:514) 
[ 37.869094][ C0] ? exit_mmap (mm/mmap.c:3438) 
[ 37.869244][ C0] ? mmput (kernel/fork.c:1412 kernel/fork.c:1347 kernel/fork.c:1367) 
[ 37.869460][ C0] ? exit_mm (kernel/exit.c:572) 
[ 37.869580][ C0] ? do_exit (kernel/exit.c:872) 
[ 37.869708][ C0] ? __pfx___lock_release (kernel/locking/lockdep.c:5411) 
[ 37.869857][ C0] ? hlock_class (./arch/x86/include/asm/bitops.h:227 ./arch/x86/include/asm/bitops.h:239 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:227) 
[ 37.870007][ C0] ? mark_lock (kernel/locking/lockdep.c:4655 (discriminator 3)) 
[ 37.870213][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4273) 
[ 37.870363][ C0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4299 kernel/locking/lockdep.c:4358) 
[ 37.870551][ C0] ? __debug_check_no_obj_freed (lib/debugobjects.c:1001) 
[ 37.870739][ C0] ? __pfx___debug_check_no_obj_freed (lib/debugobjects.c:961) 
[ 37.871022][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4273) 
[ 37.871173][ C0] ? __vm_area_free (kernel/fork.c:514) 
[ 37.871321][ C0] kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) 
[ 37.871475][ C0] kasan_save_free_info (mm/kasan/generic.c:582) 
[ 37.871724][ C0] poison_slab_object (mm/kasan/common.c:240 mm/kasan/common.c:211) 
[ 37.871872][ C0] __kasan_slab_free (mm/kasan/common.c:256) 
[ 37.872020][ C0] kmem_cache_free (mm/slub.c:4473 mm/slub.c:4548) 
[ 37.872169][ C0] ? __vm_area_free (kernel/fork.c:514) 
[ 37.872412][ C0] __vm_area_free (kernel/fork.c:514) 
[ 37.872568][ C0] exit_mmap (mm/mmap.c:3438) 
[ 37.872681][ C0] ? __pfx_exit_mmap (mm/mmap.c:3386) 
[ 37.872834][ C0] ? __mutex_unlock_slowpath (./arch/x86/include/asm/atomic64_64.h:101 ./include/linux/atomic/atomic-arch-fallback.h:4329 ./include/linux/atomic/atomic-long.h:1506 ./include/linux/atomic/atomic-instrumented.h:4481 kernel/locking/mutex.c:929) 
[ 37.872989][ C0] mmput (kernel/fork.c:1412 kernel/fork.c:1347 kernel/fork.c:1367) 
[ 37.873195][ C0] exit_mm (kernel/exit.c:572) 
[ 37.873308][ C0] do_exit (kernel/exit.c:872) 
[ 37.873420][ C0] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 37.873569][ C0] ? __pfx_do_exit (kernel/exit.c:821) 
[ 37.873718][ C0] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114) 
[ 37.873966][ C0] do_group_exit (kernel/exit.c:1012) 
[ 37.874116][ C0] __x64_sys_exit_group (kernel/exit.c:1040) 
[ 37.874264][ C0] x64_sys_call (./arch/x86/include/generated/asm/syscalls_64.h:61) 
[ 37.874414][ C0] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) 
[ 37.874678][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[   37.874862][    C0] RIP: 0033:0x7f21f777ba8d
[ 37.875021][ C0] Code: Unable to access opcode bytes at 0x7f21f777ba63.

Code starting with the faulting instruction
===========================================
[   37.875210][    C0] RSP: 002b:00007fff8f489c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   37.875531][    C0] RAX: ffffffffffffffda RBX: 00007f21f78589c0 RCX: 00007f21f777ba8d
[   37.875752][    C0] RDX: 00000000000000e7 RSI: fffffffffffffe90 RDI: 0000000000000000
[   37.875973][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000060
[   37.876291][    C0] R10: 00007f21f7668fa8 R11: 0000000000000246 R12: 00007f21f78589c0


Finger prints:
do_raw_spin_unlock:_raw_spin_unlock:__dev_xmit_skb:__dev_queue_xmit:ip_finish_output2