======================================
| xx__-> [ 355.846278][ C2] ==================================================================
| [ 355.846614][ C2] BUG: KASAN: slab-use-after-free in page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
| [ 355.846896][ C2] Read of size 1 at addr ffff8880097a9af4 by task kworker/2:1/55
| [ 355.847137][ C2]
[ 355.847227][ C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 355.847230][ C2] Workqueue: mld mld_ifc_work
[ 355.847237][ C2] Call Trace:
[ 355.847240][ C2]
[ 355.847242][ C2] dump_stack_lvl (lib/dump_stack.c:123)
[ 355.847251][ C2] print_address_description.constprop.0 (mm/kasan/report.c:409)
[ 355.847258][ C2] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 355.847261][ C2] print_report (mm/kasan/report.c:522)
[ 355.847263][ C2] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 355.847267][ C2] ? kasan_addr_to_slab (./include/linux/mm.h:1280 mm/kasan/../slab.h:211 mm/kasan/common.c:38)
[ 355.847272][ C2] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 355.847275][ C2] kasan_report (mm/kasan/report.c:636)
[ 355.847278][ C2] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 355.847282][ C2] page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 355.847285][ C2] ? __lock_acquire (kernel/locking/lockdep.c:5235)
[ 355.847292][ C2] napi_pp_put_page (net/core/skbuff.c:998)
[ 355.847297][ C2] skb_free_head (net/core/skbuff.c:1054)
[ 355.847300][ C2] skb_release_data (net/core/skbuff.c:1096)
[ 355.847303][ C2] ? __lock_release (kernel/locking/lockdep.c:5534)
[ 355.847307][ C2] napi_consume_skb (net/core/skbuff.c:1479)
[ 355.847311][ C2] net_rx_action (net/core/dev.c:6546 net/core/dev.c:6532 net/core/dev.c:7495)
[ 355.847319][ C2] ? __pfx_net_rx_action (net/core/dev.c:7476)
[ 355.847322][ C2] ? lockdep_rcu_suspicious (kernel/locking/lockdep.c:6832)
[ 355.847326][ C2] ? tmigr_handle_remote (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 kernel/time/timer_migration.c:441 kernel/time/timer_migration.c:1074)
[ 355.847332][ C2] ? __pfx_tmigr_handle_remote (kernel/time/timer_migration.c:1059)
[ 355.847336][ C2] ? run_timer_softirq (kernel/time/timer.c:2421 kernel/time/timer.c:2435 kernel/time/timer.c:2443)
[ 355.847343][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4326)
[ 355.847346][ C2] handle_softirqs (kernel/softirq.c:561)
[ 355.847354][ C2] ? __dev_queue_xmit (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:908 net/core/dev.c:4660)
[ 355.847357][ C2] do_softirq (kernel/softirq.c:462 kernel/softirq.c:449)
[ 355.847360][ C2]
[ 355.847361][ C2]
[ 355.847363][ C2] __local_bh_enable_ip (kernel/softirq.c:389)
[ 355.847367][ C2] ? __dev_queue_xmit (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:908 net/core/dev.c:4660)
[ 355.847369][ C2] __dev_queue_xmit (net/core/dev.c:4661)
[ 355.847372][ C2] ? __lock_acquire (kernel/locking/lockdep.c:5235)
[ 355.847377][ C2] ? __pfx___dev_queue_xmit (net/core/dev.c:4541)
[ 355.847380][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4326)
[ 355.847384][ C2] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:836 ./include/net/neighbour.h:493)
[ 355.847390][ C2] ? ip6_finish_output2 (./include/linux/rcupdate.h:331 (discriminator 142) ./include/linux/rcupdate.h:841 (discriminator 142) net/ipv6/ip6_output.c:126 (discriminator 142))
[ 355.847394][ C2] ip6_finish_output2 (./include/net/neighbour.h:537 net/ipv6/ip6_output.c:141)
[ 355.847398][ C2] ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)
[ 355.847402][ C2] ip6_output (./include/linux/netfilter.h:303 net/ipv6/ip6_output.c:247)
[ 355.847406][ C2] ? __pfx_ip6_output (net/ipv6/ip6_output.c:234)
[ 355.847409][ C2] ? __lock_acquire (kernel/locking/lockdep.c:5235)
[ 355.847415][ C2] NF_HOOK.constprop.0 (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 ./include/linux/netfilter.h:238 ./include/linux/netfilter.h:312)
[ 355.847418][ C2] ? __pfx_NF_HOOK.constprop.0 (./include/linux/netfilter.h:308)
[ 355.847421][ C2] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3174)
[ 355.847427][ C2] ? mark_held_locks (kernel/locking/lockdep.c:4326)
[ 355.847430][ C2] ? icmp6_dst_alloc (net/ipv6/route.c:3300)
[ 355.847436][ C2] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 kernel/softirq.c:394)
[ 355.847440][ C2] ? icmp6_dst_alloc (net/ipv6/route.c:3300)
[ 355.847444][ C2] mld_sendpack (net/ipv6/mcast.c:1872)
[ 355.847448][ C2] ? __pfx_mld_sendpack (net/ipv6/mcast.c:1829)
[ 355.847452][ C2] ? mld_send_cr (net/ipv6/mcast.c:2146 (discriminator 11))
[ 355.847456][ C2] mld_ifc_work (net/ipv6/mcast.c:2704)
[ 355.847459][ C2] process_one_work (kernel/workqueue.c:3238)
[ 355.847466][ C2] ? __pfx_process_one_work (kernel/workqueue.c:3140)
[ 355.847470][ C2] ? assign_work (kernel/workqueue.c:1200)
[ 355.847474][ C2] worker_thread (kernel/workqueue.c:3313 kernel/workqueue.c:3400)
[ 355.847476][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40)
[ 355.847484][ C2] ? __pfx_worker_thread (kernel/workqueue.c:3346)
[ 355.847487][ C2] kthread (kernel/kthread.c:464)
[ 355.847491][ C2] ? __pfx_kthread (kernel/kthread.c:413)
[ 355.847493][ C2] ? ret_from_fork (arch/x86/kernel/process.c:152)
[ 355.847498][ C2] ? __lock_release (kernel/locking/lockdep.c:5534)
[ 355.847500][ C2] ? calculate_sigpending (./include/linux/instrumented.h:82 ./include/asm-generic/bitops/instrumented-atomic.h:28 ./include/linux/thread_info.h:97 ./include/linux/sched.h:2016 kernel/signal.c:191)
[ 355.847504][ C2] ? __pfx_kthread (kernel/kthread.c:413)
[ 355.847507][ C2] ret_from_fork (arch/x86/kernel/process.c:153)
[ 355.847510][ C2] ? __pfx_kthread (kernel/kthread.c:413)
Finger prints:
print_report:kasan_report:page_pool_put_unrefed_netmem:napi_pp_put_page:skb_free_head