[   19.970920][  T266] netconsole: network logging started
[   20.875968][  T223] ==================================================================
[   20.876321][  T223] BUG: KASAN: slab-use-after-free in account_kernel_stack.isra.0+0xf9/0x140
[   20.876717][  T223] Read of size 8 at addr ffff888001926740 by task make/223
[   20.877083][  T223] 
[   20.877211][  T223] CPU: 0 UID: 0 PID: 223 Comm: make Not tainted 6.16.0-rc2-virtme #1 PREEMPT(full) 
[   20.877219][  T223] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[   20.877222][  T223] Call Trace:
[   20.877224][  T223]  <TASK>
[   20.877227][  T223]  dump_stack_lvl+0x82/0xd0
[   20.877239][  T223]  print_address_description.constprop.0+0x2c/0x400
[   20.877246][  T223]  ? account_kernel_stack.isra.0+0xf9/0x140
[   20.877251][  T223]  print_report+0xb4/0x270
[   20.877254][  T223]  ? account_kernel_stack.isra.0+0xf9/0x140
[   20.877257][  T223]  ? kasan_addr_to_slab+0x25/0x80
[   20.877266][  T223]  ? account_kernel_stack.isra.0+0xf9/0x140
[   20.877270][  T223]  kasan_report+0xca/0x100
[   20.877273][  T223]  ? account_kernel_stack.isra.0+0xf9/0x140
[   20.877279][  T223]  account_kernel_stack.isra.0+0xf9/0x140
[   20.877283][  T223]  do_exit+0x767/0xe90
[   20.877291][  T223]  ? __pfx_do_exit+0x10/0x10
[   20.877294][  T223]  ? do_group_exit+0x183/0x260
[   20.877297][  T223]  ? __lock_release+0x5d/0x170
[   20.877306][  T223]  ? rcu_is_watching+0x12/0xc0
[   20.877316][  T223]  do_group_exit+0xb8/0x260
[   20.877319][  T223]  __x64_sys_exit_group+0x3e/0x50
[   20.877322][  T223]  x64_sys_call+0xf76/0x18a0
[   20.877329][  T223]  do_syscall_64+0xc1/0x380
[   20.877335][  T223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   20.877340][  T223] RIP: 0033:0x7f20cd036abd
[   20.877345][  T223] Code: Unable to access opcode bytes at 0x7f20cd036a93.
[   20.877347][  T223] RSP: 002b:00007ffe821e73f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   20.877352][  T223] RAX: ffffffffffffffda RBX: 00007f20cd1139c0 RCX: 00007f20cd036abd
[   20.877356][  T223] RDX: 00000000000000e7 RSI: ffffffffffffff78 RDI: 0000000000000000
[   20.877358][  T223] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000068
[   20.877360][  T223] R10: 00007ffe821e7200 R11: 0000000000000246 R12: 00007f20cd1139c0
[   20.877362][  T223] R13: 00007f20cd118ee0 R14: 0000000000000002 R15: 00007f20cd118ec8
[   20.877368][  T223]  </TASK>
[   20.877370][  T223] 
[   20.885701][  T223] Allocated by task 1:
[   20.885849][  T223]  kasan_save_stack+0x24/0x50
[   20.886071][  T223]  kasan_save_track+0x14/0x30
[   20.886291][  T223]  __kasan_kmalloc+0x7f/0x90
[   20.886497][  T223]  __get_vm_area_node+0xbe/0x2d0
[   20.886750][  T223]  __vmalloc_node_range_noprof+0x207/0x490
[   20.887040][  T223]  __vmalloc_node_noprof+0x8e/0x100
[   20.887257][  T223]  dup_task_struct+0x5ff/0x7f0
[   20.887480][  T223]  copy_process+0x355/0x5210
[   20.887700][  T223]  kernel_clone+0xc1/0x510
[   20.887918][  T223]  __do_sys_clone+0xb5/0x100
[   20.888120][  T223]  do_syscall_64+0xc1/0x380
[   20.888336][  T223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   20.888598][  T223] 
[   20.888704][  T223] Freed by task 265:
[   20.888876][  T223]  kasan_save_stack+0x24/0x50
[   20.889120][  T223]  kasan_save_track+0x14/0x30
[   20.889340][  T223]  kasan_save_free_info+0x3b/0x60
[   20.889566][  T223]  __kasan_slab_free+0x38/0x50
[   20.889786][  T223]  kfree+0x144/0x320
[   20.889966][  T223]  krealloc_noprof+0xd4/0x320
[   20.890184][  T223]  emit_its_trampoline+0xa5/0x300
[   20.890414][  T223]  apply_retpolines+0xcf/0x550
[   20.890640][  T223]  module_finalize+0x3d5/0x9d0
[   20.890858][  T223]  load_module+0x139a/0x2660
[   20.891087][  T223]  init_module_from_file+0xe9/0x150
[   20.891315][  T223]  idempotent_init_module+0x335/0x620
[   20.891547][  T223]  __x64_sys_finit_module+0xca/0x150
[   20.891782][  T223]  do_syscall_64+0xc1/0x380
[   20.892010][  T223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   20.892319][  T223] 
[   20.892452][  T223] The buggy address belongs to the object at ffff888001926720
[   20.892452][  T223]  which belongs to the cache kmalloc-96 of size 96
[   20.893030][  T223] The buggy address is located 32 bytes inside of
[   20.893030][  T223]  freed 96-byte region [ffff888001926720, ffff888001926780)
[   20.893615][  T223] 
[   20.893751][  T223] The buggy address belongs to the physical page:
[   20.894022][  T223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1926
[   20.894418][  T223] flags: 0x80000000000000(node=0|zone=1)
[   20.894671][  T223] page_type: f5(slab)
[   20.894833][  T223] raw: 0080000000000000 ffff888001042340 ffffea000014e410 ffffea0000049090
[   20.895234][  T223] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   20.895586][  T223] page dumped because: kasan: bad access detected
[   20.895844][  T223] 
[   20.895942][  T223] Memory state around the buggy address:
[   20.896150][  T223]  ffff888001926600: fc fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc
[   20.896463][  T223]  ffff888001926680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.896800][  T223] >ffff888001926700: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[   20.897125][  T223]                                            ^
[   20.897401][  T223]  ffff888001926780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.897718][  T223]  ffff888001926800: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc
[   20.898035][  T223] ==================================================================
[   20.898390][  T223] Disabling lock debugging due to kernel taint