38.909992][ T2911] event_handler+0x24e/0x4b0 [ 438.914696][ T2911] ? process_scheduled_works+0x825/0x1400 [ 438.920455][ T2911] process_scheduled_works+0x90f/0x1400 [ 438.926208][ T2911] ? assign_work+0x3d0/0x3d0 [ 438.931265][ T2911] ? assign_work+0x364/0x3d0 [ 438.935964][ T2911] worker_thread+0xa5f/0xff0 [ 438.940591][ T2911] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 438.946499][ T2911] kthread+0x2d3/0x370 [ 438.950679][ T2911] ? pr_cont_work+0x5e0/0x5e0 [ 438.955612][ T2911] ? kthread_blkcg+0xd0/0xd0 [ 438.960204][ T2911] ret_from_fork+0x48/0x80 [ 438.964619][ T2911] ? kthread_blkcg+0xd0/0xd0 [ 438.969211][ T2911] ret_from_fork_asm+0x11/0x20 [ 438.974001][ T2911] [ 438.977033][ T2911] [ 438.979363][ T2911] Allocated by task 8730: [ 438.983692][ T2911] kasan_set_track+0x4f/0x70 [ 438.988280][ T2911] __kasan_kmalloc+0x98/0xb0 [ 438.992870][ T2911] alloc_ucounts+0x15b/0x4c0 [ 438.997455][ T2911] copy_creds+0x5a3/0xc20 [ 439.001862][ T2911] copy_process+0x9a4/0x3fb0 [ 439.006441][ T2911] kernel_clone+0x222/0x840 [ 439.010932][ T2911] __x64_sys_clone+0x258/0x2a0 [ 439.015683][ T2911] do_syscall_64+0x44/0x110 [ 439.020273][ T2911] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 439.026341][ T2911] [ 439.028652][ T2911] Freed by task 0: [ 439.032370][ T2911] kasan_set_track+0x4f/0x70 [ 439.036961][ T2911] kasan_save_free_info+0x28/0x40 [ 439.041979][ T2911] ____kasan_slab_free+0xd6/0x120 [ 439.046993][ T2911] __kmem_cache_free+0x263/0x3a0 [ 439.052095][ T2911] put_ucounts+0x233/0x280 [ 439.056508][ T2911] put_cred_rcu+0x241/0x440 [ 439.061004][ T2911] rcu_core+0xad8/0x17a0 [ 439.065264][ T2911] __do_softirq+0x2bf/0x93a [ 439.069760][ T2911] [ 439.072071][ T2911] Last potentially related work creation: [ 439.077772][ T2911] kasan_save_stack+0x3f/0x60 [ 439.082526][ T2911] __kasan_record_aux_stack+0xad/0xc0 [ 439.087898][ T2911] insert_work+0x3e/0x320 [ 439.092217][ T2911] __queue_work+0xc06/0x1010 [ 439.096799][ T2911] queue_work_on+0x14f/0x250 [ 439.101468][ T2911] inet6addr_event+0xfc/0x160 [ 439.106188][ T2911] notifier_call_chain+0x18c/0x3a0 [ 439.111299][ T2911] atomic_notifier_call_chain+0xdb/0x180 [ 439.117016][ T2911] ipv6_add_addr+0xde3/0x1090 [ 439.121730][ T2911] inet6_addr_add+0x55c/0xaf0 [ 439.126499][ T2911] inet6_rtm_newaddr+0x8a3/0xc80 [ 439.131464][ T2911] rtnetlink_rcv_msg+0x882/0x1030 [ 439.136587][ T2911] netlink_rcv_skb+0x1df/0x430 [ 439.141710][ T2911] netlink_unicast+0x7e6/0x980 [ 439.146474][ T2911] netlink_sendmsg+0xa37/0xd70 [ 439.151230][ T2911] ____sys_sendmsg+0x592/0x890 [ 439.156013][ T2911] __sys_sendmsg+0x2b0/0x3a0 [ 439.160771][ T2911] do_syscall_64+0x44/0x110 [ 439.165358][ T2911] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 439.171327][ T2911] [ 439.173725][ T2911] The buggy address belongs to the object at ffff888020985500 [ 439.173725][ T2911] which belongs to the cache kmalloc-192 of size 192 [ 439.187768][ T2911] The buggy address is located 88 bytes inside of [ 439.187768][ T2911] freed 192-byte region [ffff888020985500, ffff8880209855c0) [ 439.201480][ T2911] [ 439.203797][ T2911] The buggy address belongs to the physical page: [ 439.210208][ T2911] page:ffffea0000826140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20985 [ 439.220364][ T2911] ksm flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 439.228245][ T2911] page_type: 0xffffffff() [ 439.232748][ T2911] raw: 00fff00000000800 ffff888012c41a00 ffffea00009c1d00 dead000000000003 [ 439.241326][ T2911] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 439.249893][ T2911] page dumped because: kasan: bad access detected [ 439.258292][ T2911] page_owner tracks the page as allocated [ 439.263989][ T2911] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 8, tgid 8 (kworker/0:0), ts 8973757983, free_ts 0 [ 439.280740][ T2911] post_alloc_hook+0x1e6/0x210 [ 439.285501][ T2911] get_page_from_freelist+0x339a/0x3530 [ 439.291124][ T2911] __alloc_pages+0x255/0x670 [ 439.295701][ T2911] alloc_pages_mpol+0x3de/0x640 [ 439.300630][ T2911] alloc_slab_page+0x6a/0x160 [ 439.305564][ T2911] new_slab+0x84/0x2f0 [ 439.309802][ T2911] ___slab_alloc+0xc85/0x1310 [ 439.314470][ T2911] __kmem_cache_alloc_node+0x21d/0x300 [ 439.319941][ T2911] __kmalloc+0xa8/0x230 [ 439.324295][ T2911] usb_alloc_urb+0x3a/0x130 [ 439.328800][ T2911] usb_control_msg+0x189/0x4c0 [ 439.333730][ T2911] hub_ext_port_status+0x11f/0x840 [ 439.338832][ T2911] hub_activate+0x7ca/0x1c70 [ 439.343418][ T2911] process_scheduled_works+0x90f/0x1400 [ 439.348964][ T2911] worker_thread+0xa5f/0xff0 [ 439.353542][ T2911] kthread+0x2d3/0x370 [ 439.357688][ T2911] page_owner free stack trace missing [ 439.363064][ T2911] [ 439.365406][ T2911] Memory state around the buggy address: [ 439.371110][ T2911] ffff888020985400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.379342][ T2911] ffff888020985480: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 439.387588][ T2911] >ffff888020985500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 439.395641][ T2911] ^ [ 439.402914][ T2911] ffff888020985580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 439.411230][ T2911] ffff888020985600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 439.419375][ T2911] ================================================================== [ 439.427866][ T2911] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 439.435069][ T2911] CPU: 0 PID: 2911 Comm: kworker/u4:13 Not tainted 6.6.0-syzkaller-14142-g90b0c2b2edd1-dirty #0 [ 439.445471][ T2911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 439.455609][ T2911] Workqueue: usbip_event event_handler [ 439.461067][ T2911] Call Trace: [ 439.464340][ T2911] [ 439.467271][ T2911] dump_stack_lvl+0x1e7/0x2d0 [ 439.472030][ T2911] ? nf_tcp_handle_invalid+0x650/0x650 [ 439.477481][ T2911] ? panic+0x850/0x850 [ 439.481542][ T2911] ? rcu_is_watching+0x15/0xb0 [ 439.486392][ T2911] ? lock_release+0xbf/0x9d0 [ 439.490985][ T2911] ? vscnprintf+0x5d/0x80 [ 439.495307][ T2911] panic+0x349/0x850 [ 439.499196][ T2911] ? check_panic_on_warn+0x21/0xa0 [ 439.504296][ T2911] ? __memcpy_flushcache+0x2b0/0x2b0 [ 439.509574][ T2911] ? do_raw_spin_unlock+0x13b/0x8b0 [ 439.514773][ T2911] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 439.520680][ T2911] ? _raw_spin_unlock+0x40/0x40 [ 439.525524][ T2911] ? print_report+0x4fb/0x540 [ 439.530199][ T2911] check_panic_on_warn+0x82/0xa0 [ 439.535227][ T2911] ? pickup_urb_and_free_priv+0x282/0x370 [ 439.540945][ T2911] end_report+0x6e/0x130 [ 439.545179][ T2911] kasan_report+0x153/0x170 [ 439.549672][ T2911] ? pickup_urb_and_free_priv+0x282/0x370 [ 439.555556][ T2911] pickup_urb_and_free_priv+0x282/0x370 [ 439.561190][ T2911] vhci_cleanup_unlink_list+0x12d/0x490 [ 439.566851][ T2911] ? _raw_spin_unlock+0x40/0x40 [ 439.571966][ T2911] vhci_shutdown_connection+0x203/0x4a0 [ 439.577591][ T2911] event_handler+0x24e/0x4b0 [ 439.582171][ T2911] ? process_scheduled_works+0x825/0x1400 [ 439.587880][ T2911] process_scheduled_works+0x90f/0x1400 [ 439.593465][ T2911] ? assign_work+0x3d0/0x3d0 [ 439.598049][ T2911] ? assign_work+0x364/0x3d0 [ 439.602804][ T2911] worker_thread+0xa5f/0xff0 [ 439.607473][ T2911] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 439.613366][ T2911] kthread+0x2d3/0x370 [ 439.617433][ T2911] ? pr_cont_work+0x5e0/0x5e0 [ 439.622113][ T2911] ? kthread_blkcg+0xd0/0xd0 [ 439.626805][ T2911] ret_from_fork+0x48/0x80 [ 439.631307][ T2911] ? kthread_blkcg+0xd0/0xd0 [ 439.635896][ T2911] ret_from_fork_asm+0x11/0x20 [ 439.640654][ T2911] [ 439.643836][ T2911] Kernel Offset: disabled [ 439.648145][ T2911] Rebooting in 86400 seconds..