======================================
| xx__-> [ 3628.352821][    C0] ==================================================================
| [ 3628.353075][ C0] BUG: KASAN: slab-use-after-free in page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866) 
| [ 3628.353324][    C0] Read of size 1 at addr ffff88801a6a4af4 by task kworker/0:0/32300
| [ 3628.353545][    C0]
[ 3628.353629][    C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 3628.353631][    C0] Workqueue: mld mld_ifc_work
[ 3628.353637][    C0] Call Trace:
[ 3628.353639][    C0]  <IRQ>
[ 3628.353641][ C0] dump_stack_lvl (lib/dump_stack.c:123) 
[ 3628.353648][ C0] print_address_description.constprop.0 (mm/kasan/report.c:409) 
[ 3628.353653][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866) 
[ 3628.353657][ C0] print_report (mm/kasan/report.c:522) 
[ 3628.353659][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866) 
[ 3628.353662][ C0] ? kasan_addr_to_slab (./include/linux/mm.h:1280 mm/kasan/../slab.h:211 mm/kasan/common.c:38) 
[ 3628.353666][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866) 
[ 3628.353669][ C0] kasan_report (mm/kasan/report.c:636) 
[ 3628.353672][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866) 
[ 3628.353677][ C0] page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866) 
[ 3628.353681][ C0] napi_pp_put_page (net/core/skbuff.c:998) 
[ 3628.353685][ C0] skb_release_data (./include/linux/skbuff_ref.h:40 ./include/linux/skbuff_ref.h:56 net/core/skbuff.c:1079) 
[ 3628.353690][ C0] napi_consume_skb (net/core/skbuff.c:1479) 
[ 3628.353694][ C0] net_rx_action (net/core/dev.c:6546 net/core/dev.c:6532 net/core/dev.c:7495) 
[ 3628.353700][ C0] ? __pfx_net_rx_action (net/core/dev.c:7476) 
[ 3628.353705][ C0] ? __pfx_rcu_do_batch (kernel/rcu/tree.c:2492) 
[ 3628.353713][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4326) 
[ 3628.353719][ C0] handle_softirqs (kernel/softirq.c:561) 
[ 3628.353724][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:908 net/core/dev.c:4660) 
[ 3628.353728][ C0] do_softirq (kernel/softirq.c:462 kernel/softirq.c:449) 
[ 3628.353731][    C0]  </IRQ>
[ 3628.353732][    C0]  <TASK>
[ 3628.353733][ C0] __local_bh_enable_ip (kernel/softirq.c:389) 
[ 3628.353737][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:908 net/core/dev.c:4660) 
[ 3628.353739][ C0] __dev_queue_xmit (net/core/dev.c:4661) 
[ 3628.353742][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5235) 
[ 3628.353747][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4541) 
[ 3628.353750][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4326) 
[ 3628.353754][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:836 ./include/net/neighbour.h:493) 
[ 3628.353759][ C0] ? ip6_finish_output2 (./include/linux/rcupdate.h:331 (discriminator 142) ./include/linux/rcupdate.h:841 (discriminator 142) net/ipv6/ip6_output.c:126 (discriminator 142)) 
[ 3628.353763][ C0] ip6_finish_output2 (./include/net/neighbour.h:537 net/ipv6/ip6_output.c:141) 
[ 3628.353767][ C0] ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226) 
[ 3628.353771][ C0] ip6_output (./include/linux/netfilter.h:303 net/ipv6/ip6_output.c:247) 
[ 3628.353775][ C0] ? __pfx_ip6_output (net/ipv6/ip6_output.c:234) 
[ 3628.353778][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5235) 
[ 3628.353783][ C0] NF_HOOK.constprop.0 (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 ./include/linux/netfilter.h:238 ./include/linux/netfilter.h:312) 
[ 3628.353787][ C0] ? __pfx_NF_HOOK.constprop.0 (./include/linux/netfilter.h:308) 
[ 3628.353789][ C0] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3174) 
[ 3628.353794][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4326) 
[ 3628.353797][ C0] ? icmp6_dst_alloc (net/ipv6/route.c:3300) 
[ 3628.353801][ C0] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 kernel/softirq.c:394) 
[ 3628.353804][ C0] ? icmp6_dst_alloc (net/ipv6/route.c:3300) 
[ 3628.353809][ C0] mld_sendpack (net/ipv6/mcast.c:1872) 
[ 3628.353812][ C0] ? __pfx_mld_sendpack (net/ipv6/mcast.c:1829) 
[ 3628.353817][ C0] ? mld_send_cr (net/ipv6/mcast.c:2146 (discriminator 11)) 
[ 3628.353821][ C0] mld_ifc_work (net/ipv6/mcast.c:2704) 
[ 3628.353824][ C0] process_one_work (kernel/workqueue.c:3238) 
[ 3628.353830][ C0] ? __pfx_process_one_work (kernel/workqueue.c:3140) 
[ 3628.353834][ C0] ? assign_work (kernel/workqueue.c:1200) 
[ 3628.353838][ C0] worker_thread (kernel/workqueue.c:3313 kernel/workqueue.c:3400) 
[ 3628.353841][ C0] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40) 
[ 3628.353848][ C0] ? __pfx_worker_thread (kernel/workqueue.c:3346) 
[ 3628.353851][ C0] kthread (kernel/kthread.c:464) 
[ 3628.353854][ C0] ? __pfx_kthread (kernel/kthread.c:413) 
[ 3628.353856][ C0] ? ret_from_fork (arch/x86/kernel/process.c:152) 
[ 3628.353860][ C0] ? __lock_release (kernel/locking/lockdep.c:5534) 
[ 3628.353863][ C0] ? calculate_sigpending (./include/linux/instrumented.h:82 ./include/asm-generic/bitops/instrumented-atomic.h:28 ./include/linux/thread_info.h:97 ./include/linux/sched.h:2016 kernel/signal.c:191) 
[ 3628.353867][ C0] ? __pfx_kthread (kernel/kthread.c:413) 
[ 3628.353870][ C0] ret_from_fork (arch/x86/kernel/process.c:153) 
[ 3628.353873][ C0] ? __pfx_kthread (kernel/kthread.c:413) 


Finger prints:
print_report:kasan_report:page_pool_put_unrefed_netmem:napi_pp_put_page:skb_release_data