[   65.147408][  T895] netconsole: network logging started
[   65.783985][  T882] ==================================================================
[   65.784253][  T882] BUG: KASAN: slab-use-after-free in account_kernel_stack.isra.0+0xf9/0x140
[   65.784541][  T882] Read of size 8 at addr ffff888001926740 by task timeout/882
[   65.784789][  T882] 
[   65.784874][  T882] CPU: 2 UID: 0 PID: 882 Comm: timeout Not tainted 6.16.0-rc2-virtme #1 PREEMPT(full) 
[   65.784879][  T882] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   65.784881][  T882] Call Trace:
[   65.784883][  T882]  <TASK>
[   65.784885][  T882]  dump_stack_lvl+0x82/0xd0
[   65.784892][  T882]  print_address_description.constprop.0+0x2c/0x400
[   65.784898][  T882]  ? account_kernel_stack.isra.0+0xf9/0x140
[   65.784901][  T882]  print_report+0xb4/0x270
[   65.784904][  T882]  ? account_kernel_stack.isra.0+0xf9/0x140
[   65.784907][  T882]  ? kasan_addr_to_slab+0x25/0x80
[   65.784913][  T882]  ? account_kernel_stack.isra.0+0xf9/0x140
[   65.784916][  T882]  kasan_report+0xca/0x100
[   65.784919][  T882]  ? account_kernel_stack.isra.0+0xf9/0x140
[   65.784925][  T882]  account_kernel_stack.isra.0+0xf9/0x140
[   65.784929][  T882]  do_exit+0x767/0xe90
[   65.784935][  T882]  ? __pfx_do_exit+0x10/0x10
[   65.784939][  T882]  ? do_group_exit+0x183/0x260
[   65.784941][  T882]  ? __lock_release+0x5d/0x170
[   65.784946][  T882]  ? rcu_is_watching+0x12/0xc0
[   65.784952][  T882]  do_group_exit+0xb8/0x260
[   65.784956][  T882]  __x64_sys_exit_group+0x3e/0x50
[   65.784958][  T882]  x64_sys_call+0xf76/0x18a0
[   65.784963][  T882]  do_syscall_64+0xc1/0x380
[   65.784968][  T882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.784971][  T882] RIP: 0033:0x7f68948c8abd
[   65.784975][  T882] Code: Unable to access opcode bytes at 0x7f68948c8a93.
[   65.784977][  T882] RSP: 002b:00007ffe1c977218 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   65.784980][  T882] RAX: ffffffffffffffda RBX: 00007f68949a59c0 RCX: 00007f68948c8abd
[   65.784982][  T882] RDX: 00000000000000e7 RSI: ffffffffffffff80 RDI: 0000000000000004
[   65.784984][  T882] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000020
[   65.784986][  T882] R10: 00007ffe1c9770c0 R11: 0000000000000246 R12: 00007f68949a59c0
[   65.784988][  T882] R13: 00007f68949aaee0 R14: 0000000000000002 R15: 00007f68949aaec8
[   65.784994][  T882]  </TASK>
[   65.784996][  T882] 
[   65.790996][  T882] Allocated by task 880:
[   65.791119][  T882]  kasan_save_stack+0x24/0x50
[   65.791295][  T882]  kasan_save_track+0x14/0x30
[   65.791462][  T882]  __kasan_kmalloc+0x7f/0x90
[   65.791629][  T882]  __get_vm_area_node+0xbe/0x2d0
[   65.791794][  T882]  __vmalloc_node_range_noprof+0x207/0x490
[   65.792000][  T882]  __vmalloc_node_noprof+0x8e/0x100
[   65.792168][  T882]  dup_task_struct+0x5ff/0x7f0
[   65.792335][  T882]  copy_process+0x355/0x5210
[   65.792502][  T882]  kernel_clone+0xc1/0x510
[   65.792667][  T882]  __do_sys_clone+0xb5/0x100
[   65.792833][  T882]  do_syscall_64+0xc1/0x380
[   65.793000][  T882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.793207][  T882] 
[   65.793291][  T882] Freed by task 894:
[   65.793414][  T882]  kasan_save_stack+0x24/0x50
[   65.793583][  T882]  kasan_save_track+0x14/0x30
[   65.793752][  T882]  kasan_save_free_info+0x3b/0x60
[   65.793918][  T882]  __kasan_slab_free+0x38/0x50
[   65.794084][  T882]  kfree+0x144/0x320
[   65.794214][  T882]  krealloc_noprof+0xd4/0x320
[   65.794381][  T882]  emit_its_trampoline+0xa5/0x300
[   65.794548][  T882]  apply_retpolines+0xcf/0x550
[   65.794715][  T882]  module_finalize+0x3d5/0x9d0
[   65.794883][  T882]  load_module+0x139a/0x2660
[   65.795053][  T882]  init_module_from_file+0xe9/0x150
[   65.795233][  T882]  idempotent_init_module+0x335/0x620
[   65.795401][  T882]  __x64_sys_finit_module+0xca/0x150
[   65.795569][  T882]  do_syscall_64+0xc1/0x380
[   65.795738][  T882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.795944][  T882] 
[   65.796027][  T882] The buggy address belongs to the object at ffff888001926720
[   65.796027][  T882]  which belongs to the cache kmalloc-96 of size 96
[   65.796520][  T882] The buggy address is located 32 bytes inside of
[   65.796520][  T882]  freed 96-byte region [ffff888001926720, ffff888001926780)
[   65.796920][  T882] 
[   65.797009][  T882] The buggy address belongs to the physical page:
[   65.797302][  T882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888001926a20 pfn:0x1926
[   65.797636][  T882] flags: 0x80000000000200(workingset|node=0|zone=1)
[   65.797850][  T882] page_type: f5(slab)
[   65.798079][  T882] raw: 0080000000000200 ffff888001042340 ffffea0000049090 ffffea000028ac10
[   65.798381][  T882] raw: ffff888001926a20 000000000010000f 00000000f5000000 0000000000000000
[   65.798678][  T882] page dumped because: kasan: bad access detected
[   65.798977][  T882] 
[   65.799058][  T882] Memory state around the buggy address:
[   65.799218][  T882]  ffff888001926600: fc fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc
[   65.799551][  T882]  ffff888001926680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.799794][  T882] >ffff888001926700: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[   65.800037][  T882]                                            ^
[   65.800321][  T882]  ffff888001926780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.800560][  T882]  ffff888001926800: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc
[   65.800803][  T882] ==================================================================
[   65.802901][  T882] Disabling lock debugging due to kernel taint