======================================
| xx__-> [ 185.212858][ C0] ==================================================================
| [ 185.213115][ C0] BUG: KASAN: slab-use-after-free in page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
| [ 185.213367][ C0] Read of size 1 at addr ffff88800c221af4 by task kworker/0:2/984
| [ 185.213578][ C0]
[ 185.213652][ C0] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 185.213654][ C0] Workqueue: mld mld_ifc_work
[ 185.213660][ C0] Call Trace:
[ 185.213662][ C0]
[ 185.213664][ C0] dump_stack_lvl (lib/dump_stack.c:123)
[ 185.213671][ C0] print_address_description.constprop.0 (mm/kasan/report.c:409)
[ 185.213676][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 185.213680][ C0] print_report (mm/kasan/report.c:522)
[ 185.213682][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 185.213685][ C0] ? kasan_addr_to_slab (./include/linux/mm.h:1280 mm/kasan/../slab.h:211 mm/kasan/common.c:38)
[ 185.213689][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 185.213692][ C0] kasan_report (mm/kasan/report.c:636)
[ 185.213695][ C0] ? page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 185.213700][ C0] page_pool_put_unrefed_netmem (./include/linux/dma-mapping.h:294 net/core/page_pool.c:465 net/core/page_pool.c:808 net/core/page_pool.c:866)
[ 185.213706][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5235)
[ 185.213712][ C0] napi_pp_put_page (net/core/skbuff.c:998)
[ 185.213716][ C0] skb_free_head (net/core/skbuff.c:1054)
[ 185.213718][ C0] skb_release_data (net/core/skbuff.c:1096)
[ 185.213722][ C0] ? __lock_release (kernel/locking/lockdep.c:5534)
[ 185.213726][ C0] napi_consume_skb (net/core/skbuff.c:1479)
[ 185.213730][ C0] net_rx_action (net/core/dev.c:6546 net/core/dev.c:6532 net/core/dev.c:7495)
[ 185.213736][ C0] ? __pfx_net_rx_action (net/core/dev.c:7476)
[ 185.213739][ C0] ? lockdep_rcu_suspicious (kernel/locking/lockdep.c:6832)
[ 185.213742][ C0] ? tmigr_handle_remote (./arch/x86/include/asm/atomic.h:23 ./include/linux/atomic/atomic-arch-fallback.h:457 ./include/linux/atomic/atomic-instrumented.h:33 kernel/time/timer_migration.c:441 kernel/time/timer_migration.c:1074)
[ 185.213748][ C0] ? __pfx_tmigr_handle_remote (kernel/time/timer_migration.c:1059)
[ 185.213752][ C0] ? run_timer_softirq (kernel/time/timer.c:2421 kernel/time/timer.c:2435 kernel/time/timer.c:2443)
[ 185.213758][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4326)
[ 185.213761][ C0] handle_softirqs (kernel/softirq.c:561)
[ 185.213766][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:908 net/core/dev.c:4660)
[ 185.213770][ C0] do_softirq (kernel/softirq.c:462 kernel/softirq.c:449)
[ 185.213773][ C0]
[ 185.213774][ C0]
[ 185.213775][ C0] __local_bh_enable_ip (kernel/softirq.c:389)
[ 185.213779][ C0] ? __dev_queue_xmit (./include/linux/rcupdate.h:341 ./include/linux/rcupdate.h:908 net/core/dev.c:4660)
[ 185.213781][ C0] __dev_queue_xmit (net/core/dev.c:4661)
[ 185.213784][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5235)
[ 185.213788][ C0] ? __pfx___dev_queue_xmit (net/core/dev.c:4541)
[ 185.213792][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4326)
[ 185.213795][ C0] ? neigh_hh_output (./include/linux/seqlock.h:74 ./include/linux/seqlock.h:836 ./include/net/neighbour.h:493)
[ 185.213799][ C0] ? ip6_finish_output2 (./include/linux/rcupdate.h:331 (discriminator 142) ./include/linux/rcupdate.h:841 (discriminator 142) net/ipv6/ip6_output.c:126 (discriminator 142))
[ 185.213803][ C0] ip6_finish_output2 (./include/net/neighbour.h:537 net/ipv6/ip6_output.c:141)
[ 185.213808][ C0] ip6_finish_output (net/ipv6/ip6_output.c:215 net/ipv6/ip6_output.c:226)
[ 185.213812][ C0] ip6_output (./include/linux/netfilter.h:303 net/ipv6/ip6_output.c:247)
[ 185.213815][ C0] ? __pfx_ip6_output (net/ipv6/ip6_output.c:234)
[ 185.213818][ C0] ? __lock_acquire (kernel/locking/lockdep.c:5235)
[ 185.213823][ C0] NF_HOOK.constprop.0 (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 ./include/linux/netfilter.h:238 ./include/linux/netfilter.h:312)
[ 185.213827][ C0] ? __pfx_NF_HOOK.constprop.0 (./include/linux/netfilter.h:308)
[ 185.213829][ C0] ? __pfx_xfrm_lookup_with_ifid (net/xfrm/xfrm_policy.c:3174)
[ 185.213834][ C0] ? mark_held_locks (kernel/locking/lockdep.c:4326)
[ 185.213837][ C0] ? icmp6_dst_alloc (net/ipv6/route.c:3300)
[ 185.213842][ C0] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 kernel/softirq.c:394)
[ 185.213845][ C0] ? icmp6_dst_alloc (net/ipv6/route.c:3300)
[ 185.213849][ C0] mld_sendpack (net/ipv6/mcast.c:1872)
[ 185.213853][ C0] ? __pfx_mld_sendpack (net/ipv6/mcast.c:1829)
[ 185.213858][ C0] ? mld_send_cr (net/ipv6/mcast.c:2146 (discriminator 11))
[ 185.213861][ C0] mld_ifc_work (net/ipv6/mcast.c:2704)
[ 185.213864][ C0] process_one_work (kernel/workqueue.c:3238)
[ 185.213870][ C0] ? __pfx_process_one_work (kernel/workqueue.c:3140)
[ 185.213875][ C0] ? assign_work (kernel/workqueue.c:1200)
[ 185.213878][ C0] worker_thread (kernel/workqueue.c:3313 kernel/workqueue.c:3400)
[ 185.213881][ C0] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40)
[ 185.213887][ C0] ? __pfx_worker_thread (kernel/workqueue.c:3346)
[ 185.213891][ C0] kthread (kernel/kthread.c:464)
[ 185.213894][ C0] ? __pfx_kthread (kernel/kthread.c:413)
[ 185.213897][ C0] ? ret_from_fork (arch/x86/kernel/process.c:152)
[ 185.213901][ C0] ? __lock_release (kernel/locking/lockdep.c:5534)
[ 185.213903][ C0] ? calculate_sigpending (./include/linux/instrumented.h:82 ./include/asm-generic/bitops/instrumented-atomic.h:28 ./include/linux/thread_info.h:97 ./include/linux/sched.h:2016 kernel/signal.c:191)
[ 185.213907][ C0] ? __pfx_kthread (kernel/kthread.c:413)
[ 185.213909][ C0] ret_from_fork (arch/x86/kernel/process.c:153)
[ 185.213912][ C0] ? __pfx_kthread (kernel/kthread.c:413)
Finger prints:
print_report:kasan_report:page_pool_put_unrefed_netmem:napi_pp_put_page:skb_free_head