==================================================================
BUG: KASAN: slab-out-of-bounds in atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
BUG: KASAN: slab-out-of-bounds in atomic_fetch_add_unless include/linux/atomic-fallback.h:1086 [inline]
BUG: KASAN: slab-out-of-bounds in atomic_add_unless include/linux/atomic-fallback.h:1111 [inline]
BUG: KASAN: slab-out-of-bounds in atomic_inc_not_zero include/linux/atomic-fallback.h:1127 [inline]
BUG: KASAN: slab-out-of-bounds in page_get_anon_vma+0x24b/0x4b0 mm/rmap.c:477
Read of size 4 at addr ffff88808eb06f08 by task kswapd0/1553

CPU: 0 PID: 1553 Comm: kswapd0 Not tainted 5.1.0-rc5+ #77
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187
 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x123/0x190 mm/kasan/generic.c:191
 kasan_check_read+0x11/0x20 mm/kasan/common.c:102
 atomic_read include/asm-generic/atomic-instrumented.h:26 [inline]
 atomic_fetch_add_unless include/linux/atomic-fallback.h:1086 [inline]
 atomic_add_unless include/linux/atomic-fallback.h:1111 [inline]
 atomic_inc_not_zero include/linux/atomic-fallback.h:1127 [inline]
 page_get_anon_vma+0x24b/0x4b0 mm/rmap.c:477
 split_huge_page_to_list+0x58a/0x2de0 mm/huge_memory.c:2675
 split_huge_page include/linux/huge_mm.h:148 [inline]
 deferred_split_scan+0x64b/0xa60 mm/huge_memory.c:2853
 do_shrink_slab+0x400/0xa80 mm/vmscan.c:551
 shrink_slab mm/vmscan.c:700 [inline]
 shrink_slab+0x4be/0x5e0 mm/vmscan.c:680
 shrink_node+0x552/0x1570 mm/vmscan.c:2717
 kswapd_shrink_node mm/vmscan.c:3471 [inline]
 balance_pgdat+0x56c/0xe80 mm/vmscan.c:3629
 kswapd+0x5f4/0xfd0 mm/vmscan.c:3884
 kthread+0x357/0x430 kernel/kthread.c:253
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352

Allocated by task 15130:
 save_stack+0x45/0xd0 mm/kasan/common.c:75
 set_track mm/kasan/common.c:87 [inline]
 __kasan_kmalloc mm/kasan/common.c:497 [inline]
 __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:470
 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:511
 __do_kmalloc_node mm/slab.c:3687 [inline]
 __kmalloc_node_track_caller+0x4e/0x70 mm/slab.c:3701
 __kmalloc_reserve.isra.0+0x40/0xf0 net/core/skbuff.c:140
 __alloc_skb+0x10b/0x5e0 net/core/skbuff.c:208
 alloc_skb include/linux/skbuff.h:1058 [inline]
 nlmsg_new include/net/netlink.h:658 [inline]
 inet6_ifa_notify net/ipv6/addrconf.c:5351 [inline]
 __ipv6_ifa_notify+0x15e/0xa80 net/ipv6/addrconf.c:5948
 ipv6_ifa_notify+0xf7/0x210 net/ipv6/addrconf.c:5993
 addrconf_dad_completed+0xeb/0xbb0 net/ipv6/addrconf.c:4155
 addrconf_dad_work+0x780/0x1150 net/ipv6/addrconf.c:4104
 process_one_work+0x98e/0x1790 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x357/0x430 kernel/kthread.c:253
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352

Freed by task 15130:
 save_stack+0x45/0xd0 mm/kasan/common.c:75
 set_track mm/kasan/common.c:87 [inline]
 __kasan_slab_free+0x102/0x150 mm/kasan/common.c:459
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:467
 __cache_free mm/slab.c:3499 [inline]
 kfree+0xcf/0x230 mm/slab.c:3822
 skb_free_head+0x93/0xb0 net/core/skbuff.c:557
 skb_release_data+0x576/0x7a0 net/core/skbuff.c:577
 skb_release_all+0x4d/0x60 net/core/skbuff.c:631
 __kfree_skb net/core/skbuff.c:645 [inline]
 consume_skb net/core/skbuff.c:705 [inline]
 consume_skb+0xe2/0x380 net/core/skbuff.c:699
 netlink_broadcast_filtered+0x316/0xb20 net/netlink/af_netlink.c:1521
 netlink_broadcast net/netlink/af_netlink.c:1543 [inline]
 nlmsg_multicast include/net/netlink.h:738 [inline]
 nlmsg_notify+0x93/0x1c0 net/netlink/af_netlink.c:2529
 rtnl_notify+0xc5/0xf0 net/core/rtnetlink.c:741
 inet6_ifa_notify net/ipv6/addrconf.c:5362 [inline]
 __ipv6_ifa_notify+0x1b8/0xa80 net/ipv6/addrconf.c:5948
 ipv6_ifa_notify+0xf7/0x210 net/ipv6/addrconf.c:5993
 addrconf_dad_completed+0xeb/0xbb0 net/ipv6/addrconf.c:4155
 addrconf_dad_work+0x780/0x1150 net/ipv6/addrconf.c:4104
 process_one_work+0x98e/0x1790 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x357/0x430 kernel/kthread.c:253
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352

The buggy address belongs to the object at ffff88808eb06cc0
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 72 bytes to the right of
 512-byte region [ffff88808eb06cc0, ffff88808eb06ec0)
The buggy address belongs to the page:
page:ffffea00023ac180 count:1 mapcount:0 mapping:ffff88812c3f0940 index:0xffff88808eb06cc0
flags: 0x1fffc0000000200(slab)
raw: 01fffc0000000200 ffffea00017c6a48 ffffea0002a6f7c8 ffff88812c3f0940
raw: ffff88808eb06cc0 ffff88808eb06040 0000000100000004 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88808eb06e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88808eb06e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff88808eb06f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                      ^
 ffff88808eb06f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88808eb07000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
==================================================================