ci2 starts bisection 2023-10-16 15:09:28.48854524 +0000 UTC m=+259893.071319078
bisecting fixing commit since d23900f974e0fb995b36ef47283a5aa74ca25f51
building syzkaller on f325deb023e4e2fb9197004be1b3da738680429c
ensuring issue is reproducible on original commit d23900f974e0fb995b36ef47283a5aa74ca25f51

testing commit d23900f974e0fb995b36ef47283a5aa74ca25f51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2721eaffbbb0935d03ebb66bc7d7effa663aa20c59b24fa9bd42130016939e58
run #0: crashed: kernel BUG in close_ctree
run #1: crashed: kernel BUG in close_ctree
run #2: crashed: kernel BUG in close_ctree
run #3: crashed: kernel BUG in close_ctree
run #4: crashed: VFS: Busy inodes after unmount (use-after-free)
run #5: crashed: kernel BUG in close_ctree
run #6: crashed: kernel BUG in close_ctree
run #7: crashed: kernel BUG in close_ctree
run #8: crashed: kernel BUG in close_ctree
run #9: crashed: VFS: Busy inodes after unmount (use-after-free)
run #10: crashed: kernel BUG in close_ctree
run #11: crashed: kernel BUG in close_ctree
run #12: crashed: kernel BUG in close_ctree
run #13: crashed: kernel BUG in close_ctree
run #14: crashed: kernel BUG in close_ctree
run #15: crashed: kernel BUG in close_ctree
run #16: crashed: kernel BUG in close_ctree
run #17: crashed: kernel BUG in close_ctree
run #18: OK
run #19: OK
representative crash: kernel BUG in close_ctree, types: [BUG]
check whether we can drop unnecessary instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed
testing commit d23900f974e0fb995b36ef47283a5aa74ca25f51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5ce85183b5b2c8165dd262ab22560e459766b20223de3f39cf4c3818b35fb3e2
run #0: crashed: kernel BUG in close_ctree
run #1: crashed: kernel BUG in close_ctree
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: kernel BUG in close_ctree, types: [BUG]
kconfig minimization: base=3820 full=7521 leaves diff=1989
split chunks (needed=false): <1989>
split chunk #0 of len 1989 into 5 parts
testing without sub-chunk 1/5
testing commit d23900f974e0fb995b36ef47283a5aa74ca25f51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b5ba89d73975a80e385d56d571c8e5442bdeb570555e4aebe6d4c18eae31a7f4
all runs: OK
false negative chance: 0.000
testing without sub-chunk 2/5
testing commit d23900f974e0fb995b36ef47283a5aa74ca25f51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 25074592df8f4bf034d69911a748a9375628e68d0eb3cc7261e8d5d21eaa8bcb
run #0: crashed: kernel BUG in close_ctree
run #1: crashed: kernel BUG in close_ctree
run #2: crashed: kernel BUG in close_ctree
run #3: crashed: VFS: Busy inodes after unmount (use-after-free)
run #4: crashed: kernel BUG in close_ctree
run #5: crashed: kernel BUG in close_ctree
run #6: crashed: kernel BUG in close_ctree
run #7: crashed: kernel BUG in close_ctree
run #8: crashed: VFS: Busy inodes after unmount (use-after-free)
run #9: crashed: kernel BUG in close_ctree
run #10: crashed: kernel BUG in close_ctree
run #11: crashed: kernel BUG in close_ctree
run #12: crashed: kernel BUG in close_ctree
run #13: crashed: kernel BUG in close_ctree
run #14: crashed: kernel BUG in close_ctree
run #15: crashed: kernel BUG in close_ctree
run #16: crashed: kernel BUG in close_ctree
run #17: crashed: kernel BUG in close_ctree
run #18: OK
run #19: OK
representative crash: kernel BUG in close_ctree, types: [BUG]
the chunk can be dropped
testing without sub-chunk 3/5
testing commit d23900f974e0fb995b36ef47283a5aa74ca25f51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 115fa7e36d4cfefb57c92db48852198b9f423d8754217d0d2c8ce7b533c37a09
run #0: crashed: kernel BUG in close_ctree
run #1: crashed: VFS: Busy inodes after unmount (use-after-free)
run #2: crashed: kernel BUG in close_ctree
run #3: crashed: kernel BUG in close_ctree
run #4: crashed: kernel BUG in close_ctree
run #5: crashed: VFS: Busy inodes after unmount (use-after-free)
run #6: crashed: kernel BUG in close_ctree
run #7: crashed: kernel BUG in close_ctree
run #8: crashed: kernel BUG in close_ctree
run #9: crashed: kernel BUG in close_ctree
run #10: crashed: kernel BUG in close_ctree
run #11: crashed: kernel BUG in close_ctree
run #12: crashed: VFS: Busy inodes after unmount (use-after-free)
run #13: crashed: kernel BUG in close_ctree
run #14: crashed: kernel BUG in close_ctree
run #15: crashed: kernel BUG in close_ctree
run #16: crashed: kernel BUG in close_ctree
run #17: crashed: kernel BUG in close_ctree
run #18: OK
run #19: OK
representative crash: kernel BUG in close_ctree, types: [BUG]
the chunk can be dropped
testing without sub-chunk 4/5
testing commit d23900f974e0fb995b36ef47283a5aa74ca25f51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 91c2a08cc7d398d77d0a7a675b2f85e3983b516ec3e555416ee9a895cfb517d5
all runs: OK
false negative chance: 0.000
testing without sub-chunk 5/5
testing commit d23900f974e0fb995b36ef47283a5aa74ca25f51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 14d31a937b932c230da3bc5b0360f95fbd79ee059c172aeec99184f5d9cc2561
run #0: crashed: kernel BUG in close_ctree
run #1: crashed: kernel BUG in close_ctree
run #2: crashed: kernel BUG in close_ctree
run #3: crashed: VFS: Busy inodes after unmount (use-after-free)
run #4: crashed: kernel BUG in close_ctree
run #5: crashed: kernel BUG in close_ctree
run #6: crashed: VFS: Busy inodes after unmount (use-after-free)
run #7: crashed: kernel BUG in close_ctree
run #8: crashed: kernel BUG in close_ctree
run #9: crashed: kernel BUG in close_ctree
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: crashed: kernel BUG in close_ctree
run #15: OK
run #16: crashed: kernel BUG in close_ctree
run #17: OK
run #18: OK
run #19: OK
representative crash: kernel BUG in close_ctree, types: [BUG]
the chunk can be dropped
minimized to 796 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_FD BLK_DEV_INITRD BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_MQ_RDMA BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CC_HAS_ZERO_CALL_USED_REGS CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CFB CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECB CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_OFB CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLM DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM DVB_CORE ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_DRAGONRISE HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_RTRS_CLIENT INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IOSCHED_BFQ IP_SCTP ISDN ISDN_CAPI L2TP LIBNVDIMM MAC80211 MAC80211_LEDS MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_CLS_U32 NET_IPGRE NET_IPGRE_DEMUX NET_SCH_DEFAULT NFS_V4_1 NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_842_COMPRESS PSTORE_COMPRESS PSTORE_DEFLATE_COMPRESS PSTORE_DEFLATE_COMPRESS_DEFAULT PSTORE_LZ4HC_COMPRESS PSTORE_LZ4_COMPRESS PSTORE_LZO_COMPRESS PSTORE_ZSTD_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS_COMMON SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STAGING_MEDIA STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_DEVICE TLS_TOE TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TRUSTED_KEYS TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_PHY USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VLAN_8021Q VXLAN WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE]
determining the merge base between d23900f974e0fb995b36ef47283a5aa74ca25f51 and 58720809f52779dc0f08e53e54b014209d13eebb
830b3c68c1fb1e9176028d02ef86f3cf76aa2476/Linux 6.1 is a merge base, check if it has the bug
testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 96b9dc1d9c1acec3ed17701d7d82e0d28c59b2a8a75707a0ad738e56ebb31e16
run #0: crashed: VFS: Busy inodes after unmount (use-after-free)
run #1: crashed: kernel BUG in close_ctree
run #2: crashed: kernel BUG in close_ctree
run #3: crashed: kernel BUG in close_ctree
run #4: crashed: VFS: Busy inodes after unmount (use-after-free)
run #5: crashed: kernel BUG in close_ctree
run #6: crashed: kernel BUG in close_ctree
run #7: crashed: kernel BUG in close_ctree
run #8: crashed: kernel BUG in close_ctree
run #9: crashed: VFS: Busy inodes after unmount (use-after-free)
run #10: crashed: kernel BUG in close_ctree
run #11: crashed: VFS: Busy inodes after unmount (use-after-free)
run #12: crashed: kernel BUG in close_ctree
run #13: crashed: kernel BUG in close_ctree
run #14: crashed: kernel BUG in close_ctree
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: kernel BUG in close_ctree, types: [BUG]
testing current HEAD 58720809f52779dc0f08e53e54b014209d13eebb
testing commit 58720809f52779dc0f08e53e54b014209d13eebb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 06540d958031b934653d26ebe41cc0a306ae6c2a25ddb89455cf30bc61ce2f3c
run #0: crashed: kernel BUG in close_ctree
run #1: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #2: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #3: crashed: kernel BUG in close_ctree
run #4: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #5: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #6: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #7: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #8: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #9: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #10: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #11: crashed: kernel BUG in close_ctree
run #12: crashed: kernel BUG in close_ctree
run #13: crashed: KASAN: slab-use-after-free Read in reweight_entity
run #14: crashed: kernel BUG in close_ctree
run #15: crashed: VFS: Busy inodes after unmount (use-after-free)
run #16: crashed: kernel BUG in close_ctree
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-use-after-free Read in reweight_entity, types: [KASAN BUG]
crash still not fixed/happens on the oldest tested release
reproducer is flaky (0.60 repro chance estimate)
revisions tested: 9, total time: 3h1m58.355476432s (build: 1h4m50.107989544s, test: 1h54m6.406596622s)
crash still not fixed or there were kernel test errors
commit msg: Linux 6.6-rc6
crash: KASAN: slab-use-after-free Read in reweight_entity
==================================================================
BUG: KASAN: slab-use-after-free in __update_min_deadline kernel/sched/fair.c:805 [inline]
BUG: KASAN: slab-use-after-free in min_deadline_update kernel/sched/fair.c:819 [inline]
BUG: KASAN: slab-use-after-free in min_deadline_cb_propagate kernel/sched/fair.c:825 [inline]
BUG: KASAN: slab-use-after-free in reweight_entity+0x477/0x8f0 kernel/sched/fair.c:3660
Read of size 8 at addr ffff88807bea00b0 by task syz-executor.0/4270

CPU: 1 PID: 4270 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x163/0x220 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0x15f/0x540 mm/kasan/report.c:475
 kasan_report+0x171/0x1b0 mm/kasan/report.c:588
 __update_min_deadline kernel/sched/fair.c:805 [inline]
 min_deadline_update kernel/sched/fair.c:819 [inline]
 min_deadline_cb_propagate kernel/sched/fair.c:825 [inline]
 reweight_entity+0x477/0x8f0 kernel/sched/fair.c:3660
 update_cfs_group kernel/sched/fair.c:3826 [inline]
 entity_tick kernel/sched/fair.c:5317 [inline]
 task_tick_fair+0x33d/0x8e0 kernel/sched/fair.c:12392
 scheduler_tick+0x1f2/0x6c0 kernel/sched/core.c:5657
 update_process_times+0x119/0x140 kernel/time/timer.c:2076
 tick_sched_handle kernel/time/tick-sched.c:254 [inline]
 tick_sched_timer+0x265/0x430 kernel/time/tick-sched.c:1492
 __run_hrtimer kernel/time/hrtimer.c:1688 [inline]
 __hrtimer_run_queues+0x49c/0xa70 kernel/time/hrtimer.c:1752
 hrtimer_interrupt+0x367/0x8c0 kernel/time/hrtimer.c:1814
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1063 [inline]
 __sysvec_apic_timer_interrupt+0x100/0x380 arch/x86/kernel/apic/apic.c:1080
 sysvec_apic_timer_interrupt+0x39/0xb0 arch/x86/kernel/apic/apic.c:1074
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0033:0x7f11230288ab
Code: cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 47 0f b6 0c 08 <45> 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01 49 89 47 10 83
RSP: 002b:00007f1123e35520 EFLAGS: 00000206
RAX: 0000000000f70373 RBX: 00007f1123e355c0 RCX: 0000000000000040
RDX: 0000000000000055 RSI: 0000000000000001 RDI: 00007f1123e35660
RBP: 0000000000000102 R08: 00007f1119fff000 R09: 0000000000000000
R10: 0000000000000000 R11: 00007f1123e355d0 R12: 0000000000000001
R13: 00007f11230e9d40 R14: 0000000000000000 R15: 00007f1123e35660
 </TASK>

Allocated by task 3043:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
 __kasan_slab_alloc+0x62/0x70 mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x67/0x3c0 mm/slab.h:762
 slab_alloc_node mm/slub.c:3478 [inline]
 kmem_cache_alloc_node+0x144/0x320 mm/slub.c:3523
 alloc_task_struct_node kernel/fork.c:173 [inline]
 dup_task_struct+0x38/0x700 kernel/fork.c:1110
 copy_process+0x40a/0x3cd0 kernel/fork.c:2327
 kernel_clone+0x196/0x620 kernel/fork.c:2909
 __do_sys_clone kernel/fork.c:3052 [inline]
 __se_sys_clone kernel/fork.c:3036 [inline]
 __x64_sys_clone+0x24f/0x2a0 kernel/fork.c:3036
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Freed by task 3043:
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x24/0x40 mm/kasan/generic.c:522
 ____kasan_slab_free+0xd6/0x120 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1800 [inline]
 slab_free_freelist_hook mm/slub.c:1826 [inline]
 slab_free mm/slub.c:3809 [inline]
 kmem_cache_free+0x28a/0x4f0 mm/slub.c:3831
 put_task_struct include/linux/sched/task.h:136 [inline]
 delayed_put_task_struct+0xbb/0x1d0 kernel/exit.c:226
 rcu_do_batch kernel/rcu/tree.c:2139 [inline]
 rcu_core+0xacb/0x1790 kernel/rcu/tree.c:2403
 __do_softirq+0x294/0x8e1 kernel/softirq.c:553

Last potentially related work creation:
 kasan_save_stack+0x3b/0x60 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xad/0xc0 mm/kasan/generic.c:492
 __call_rcu_common kernel/rcu/tree.c:2653 [inline]
 call_rcu+0x163/0xa70 kernel/rcu/tree.c:2767
 release_task+0x140f/0x1480
 wait_task_zombie kernel/exit.c:1210 [inline]
 wait_consider_task+0x1858/0x2770 kernel/exit.c:1437
 do_wait_pid kernel/exit.c:1568 [inline]
 do_wait+0x46c/0x950 kernel/exit.c:1610
 kernel_wait4+0x1e5/0x360 kernel/exit.c:1780
 __do_sys_wait4 kernel/exit.c:1808 [inline]
 __se_sys_wait4 kernel/exit.c:1804 [inline]
 __x64_sys_wait4+0x121/0x1a0 kernel/exit.c:1804
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Second to last potentially related work creation:
 kasan_save_stack+0x3b/0x60 mm/kasan/common.c:45
 __kasan_record_aux_stack+0xad/0xc0 mm/kasan/generic.c:492
 task_work_add+0x75/0x270 kernel/task_work.c:48
 task_tick_mm_cid kernel/sched/core.c:12023 [inline]
 scheduler_tick+0x2de/0x6c0 kernel/sched/core.c:5662
 update_process_times+0x119/0x140 kernel/time/timer.c:2076
 tick_sched_handle kernel/time/tick-sched.c:254 [inline]
 tick_sched_timer+0x265/0x430 kernel/time/tick-sched.c:1492
 __run_hrtimer kernel/time/hrtimer.c:1688 [inline]
 __hrtimer_run_queues+0x49c/0xa70 kernel/time/hrtimer.c:1752
 hrtimer_interrupt+0x367/0x8c0 kernel/time/hrtimer.c:1814
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1063 [inline]
 __sysvec_apic_timer_interrupt+0x100/0x380 arch/x86/kernel/apic/apic.c:1080
 sysvec_apic_timer_interrupt+0x87/0xb0 arch/x86/kernel/apic/apic.c:1074
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:645

The buggy address belongs to the object at ffff88807bea0000
 which belongs to the cache task_struct of size 7360
The buggy address is located 176 bytes inside of
 freed 7360-byte region [ffff88807bea0000, ffff88807bea1cc0)

The buggy address belongs to the physical page:
page:ffffea0001efa800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bea0
head:ffffea0001efa800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff88801703fbc1
flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff00000000840 ffff88800ea6c500 ffffea0001d92600 dead000000000002
raw: 0000000000000000 0000000000040004 00000001ffffffff ffff88801703fbc1
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2087, tgid 2087 (udevd), ts 10187491588, free_ts 9052103579
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1d2/0x1f0 mm/page_alloc.c:1536
 prep_new_page mm/page_alloc.c:1543 [inline]
 get_page_from_freelist+0x31b7/0x3330 mm/page_alloc.c:3170
 __alloc_pages+0x251/0x660 mm/page_alloc.c:4426
 alloc_slab_page+0x6a/0x150 mm/slub.c:1870
 allocate_slab mm/slub.c:2017 [inline]
 new_slab+0x84/0x2d0 mm/slub.c:2070
 ___slab_alloc+0xc75/0x1300 mm/slub.c:3223
 __slab_alloc mm/slub.c:3322 [inline]
 __slab_alloc_node mm/slub.c:3375 [inline]
 slab_alloc_node mm/slub.c:3468 [inline]
 kmem_cache_alloc_node+0x1dd/0x320 mm/slub.c:3523
 alloc_task_struct_node kernel/fork.c:173 [inline]
 dup_task_struct+0x38/0x700 kernel/fork.c:1110
 copy_process+0x40a/0x3cd0 kernel/fork.c:2327
 kernel_clone+0x196/0x620 kernel/fork.c:2909
 __do_sys_clone kernel/fork.c:3052 [inline]
 __se_sys_clone kernel/fork.c:3036 [inline]
 __x64_sys_clone+0x24f/0x2a0 kernel/fork.c:3036
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1136 [inline]
 free_unref_page_prepare+0x8a3/0x9c0 mm/page_alloc.c:2312
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:2405
 free_contig_range+0x9a/0x150 mm/page_alloc.c:6342
 destroy_args+0x66/0x610 mm/debug_vm_pgtable.c:1028
 debug_vm_pgtable+0x431/0x4a0 mm/debug_vm_pgtable.c:1408
 do_one_initcall+0x1b0/0x590 init/main.c:1232
 do_initcall_level+0x125/0x1b0 init/main.c:1294
 do_initcalls+0x3e/0x70 init/main.c:1310
 kernel_init_freeable+0x383/0x4e0 init/main.c:1547
 kernel_init+0x14/0x190 init/main.c:1437
 ret_from_fork+0x2a/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304

Memory state around the buggy address:
 ffff88807be9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88807bea0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88807bea0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                     ^
 ffff88807bea0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88807bea0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================