BUG: corrupted list in pwq_release

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: slab-use-after-free Read in pwq_release_workfn kernel	C	unreliable		79	575d	625d	25/28	fixed on 2023/12/21 03:45

slab kmalloc-512 start ffff888031101800 pointer offset 0 size 512 list_del corruption. next->prev should be ffff888033e8e088, but was ffffffff99cdf5e0. (next=ffff888031101800) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:67! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.15.0-rc5-syzkaller-00275-gbec6f00f120e #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 lib/list_debug.c:65 Code: 4c b0 48 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 7d 3c 68 fd 49 8b 56 08 48 c7 c7 40 04 c1 8b 48 89 de 4c 89 f1 e8 17 2b 70 fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90000087cc0 EFLAGS: 00010246 RAX: 000000000000006d RBX: ffff888033e8e088 RCX: 76e3f22c575db300 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffffbfff1bba4b4 R12: 1ffff11006220301 R13: dffffc0000000000 R14: ffff888031101800 R15: ffff888031101808 FS: 0000000000000000(0000) GS:ffff888126100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fb7cf7d450 CR3: 000000003ccfa000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __list_del_entry_valid include/linux/list.h:124 [inline] __list_del_entry include/linux/list.h:215 [inline] list_del_rcu include/linux/rculist.h:168 [inline] pwq_release_workfn+0xbd/0x870 kernel/workqueue.c:5078 kthread_worker_fn+0x504/0xb60 kernel/kthread.c:1010 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 lib/list_debug.c:65 Code: 4c b0 48 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 7d 3c 68 fd 49 8b 56 08 48 c7 c7 40 04 c1 8b 48 89 de 4c 89 f1 e8 17 2b 70 fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90000087cc0 EFLAGS: 00010246 RAX: 000000000000006d RBX: ffff888033e8e088 RCX: 76e3f22c575db300 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffffbfff1bba4b4 R12: 1ffff11006220301 R13: dffffc0000000000 R14: ffff888031101800 R15: ffff888031101808 FS: 0000000000000000(0000) GS:ffff888126200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fb7cf7f000 CR3: 0000000032b80000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2025/05/10 19:47	upstream	bec6f00f120e	77908e5f	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	BUG: corrupted list in pwq_release_workfn
2025/05/01 19:00	upstream	4f79eaa2ceac	51b137cd	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	BUG: corrupted list in pwq_release_workfn
2025/05/15 21:30	net	09db7a4d287d	d6b2ee52	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-net-this-kasan-gce	BUG: corrupted list in pwq_release_workfn

Crashes (3):

Assets (help?)