======================================
| [ 1278.050181][  T228] ==================================================================
| [ 1278.050455][ T228] BUG: KASAN: slab-use-after-free in account_kernel_stack.isra.0 (kernel/fork.c:444) 
| [ 1278.050748][  T228] Read of size 8 at addr ffff888001932740 by task sh/228
| [ 1278.050957][  T228]
[ 1278.051048][  T228] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1278.051050][  T228] Call Trace:
[ 1278.051052][  T228]  <TASK>
[ 1278.051054][ T228] dump_stack_lvl (lib/dump_stack.c:123) 
[ 1278.051061][ T228] print_address_description.constprop.0 (mm/kasan/report.c:409) 
[ 1278.051068][ T228] ? account_kernel_stack.isra.0 (kernel/fork.c:444) 
[ 1278.051071][ T228] print_report (mm/kasan/report.c:522) 
[ 1278.051075][ T228] ? account_kernel_stack.isra.0 (kernel/fork.c:444) 
[ 1278.051078][ T228] ? kasan_addr_to_slab (./include/linux/mm.h:1178 mm/kasan/../slab.h:211 mm/kasan/common.c:38) 
[ 1278.051081][ T228] ? account_kernel_stack.isra.0 (kernel/fork.c:444) 
[ 1278.051084][ T228] kasan_report (mm/kasan/report.c:636) 
[ 1278.051088][ T228] ? account_kernel_stack.isra.0 (kernel/fork.c:444) 
[ 1278.051095][ T228] account_kernel_stack.isra.0 (kernel/fork.c:444) 
[ 1278.051099][ T228] do_exit (./include/linux/sched/task_stack.h:33 kernel/exit.c:789 kernel/exit.c:849 kernel/exit.c:998) 
[ 1278.051103][ T228] ? __pfx_do_exit (kernel/exit.c:897) 
[ 1278.051106][ T228] ? do_group_exit (./include/linux/spinlock.h:402 kernel/exit.c:1101) 
[ 1278.051109][ T228] ? __lock_release (kernel/locking/lockdep.c:5539) 
[ 1278.051114][ T228] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 1278.051121][ T228] do_group_exit (kernel/exit.c:1085) 
[ 1278.051125][ T228] __x64_sys_exit_group (kernel/exit.c:1113) 
[ 1278.051128][ T228] x64_sys_call (arch/x86/entry/syscall_64.c:37) 
[ 1278.051134][ T228] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) 
[ 1278.051137][ T228] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1278.051141][  T228] RIP: 0033:0x7f1411607abd
[ 1278.051145][ T228] Code: Unable to access opcode bytes at 0x7f1411607a93.

Code starting with the faulting instruction
===========================================
[ 1278.051147][  T228] RSP: 002b:00007ffc4eda10d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1278.051151][  T228] RAX: ffffffffffffffda RBX: 00007f14116e49c0 RCX: 00007f1411607abd
[ 1278.051153][  T228] RDX: 00000000000000e7 RSI: ffffffffffffff80 RDI: 0000000000000000
[ 1278.051155][  T228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000030
[ 1278.051157][  T228] R10: 00007ffc4eda0f60 R11: 0000000000000246 R12: 00007f14116e49c0
[ 1278.051159][  T228] R13: 00007f14116e9ee0 R14: 0000000000000001 R15: 00007f14116e9ec8
| [ 1278.068153][  T228] Disabling lock debugging due to kernel taint
| [ 1278.068372][  T228] Oops: general protection fault, probably for non-canonical address 0xdffffc0002067e00: 0000 [#1] SMP KASAN NOPTI
| [ 1278.068727][  T228] KASAN: probably user-memory-access in range [0x000000001033f000-0x000000001033f007]
| [ 1278.069426][  T228] Tainted: [B]=BAD_PAGE
[ 1278.069547][  T228] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1278.069745][ T228] RIP: 0010:account_kernel_stack.isra.0 (kernel/fork.c:444) 
[ 1278.069955][ T228] Code: be 25 00 00 00 49 83 c6 08 e8 b3 c4 72 00 49 83 fe 40 74 4a 41 80 7d 00 00 75 56 49 8b 5c 24 20 4c 01 f3 48 89 da 48 c1 ea 03 <42> 80 3c 3a 00 75 5c 48 8b 3b 48 89 fa 48 c1 ea 03 42 80 3c 3a 00
All code
========
   0:	be 25 00 00 00       	mov    $0x25,%esi
   5:	49 83 c6 08          	add    $0x8,%r14
   9:	e8 b3 c4 72 00       	call   0x72c4c1
   e:	49 83 fe 40          	cmp    $0x40,%r14
  12:	74 4a                	je     0x5e
  14:	41 80 7d 00 00       	cmpb   $0x0,0x0(%r13)
  19:	75 56                	jne    0x71
  1b:	49 8b 5c 24 20       	mov    0x20(%r12),%rbx
  20:	4c 01 f3             	add    %r14,%rbx
  23:	48 89 da             	mov    %rbx,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
  2a:*	42 80 3c 3a 00       	cmpb   $0x0,(%rdx,%r15,1)		<-- trapping instruction
  2f:	75 5c                	jne    0x8d
  31:	48 8b 3b             	mov    (%rbx),%rdi
  34:	48 89 fa             	mov    %rdi,%rdx
  37:	48 c1 ea 03          	shr    $0x3,%rdx
  3b:	42 80 3c 3a 00       	cmpb   $0x0,(%rdx,%r15,1)

Code starting with the faulting instruction
===========================================
   0:	42 80 3c 3a 00       	cmpb   $0x0,(%rdx,%r15,1)
   5:	75 5c                	jne    0x63
   7:	48 8b 3b             	mov    (%rbx),%rdi
   a:	48 89 fa             	mov    %rdi,%rdx
   d:	48 c1 ea 03          	shr    $0x3,%rdx
  11:	42 80 3c 3a 00       	cmpb   $0x0,(%rdx,%r15,1)
[ 1278.070538][  T228] RSP: 0018:ffffc90000a67e00 EFLAGS: 00010206
[ 1278.070743][  T228] RAX: 0000000000000001 RBX: 000000001033f000 RCX: ffffffff84a7398a
[ 1278.070983][  T228] RDX: 0000000002067e00 RSI: 0000000000000008 RDI: ffffffff89fb2600
[ 1278.071223][  T228] RBP: fffffffffffffffc R08: 0000000000000001 R09: fffffbfff13f64c0
[ 1278.071465][  T228] R10: ffffffff89fb2607 R11: ffffc90000a67900 R12: ffff888001932720
[ 1278.071702][  T228] R13: ffffed10003264e8 R14: 0000000000000000 R15: dffffc0000000000
[ 1278.071940][  T228] FS:  0000000000000000(0000) GS:ffff8880a52bc000(0000) knlGS:0000000000000000
[ 1278.072308][  T228] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1278.072511][  T228] CR2: 00007f1411588f00 CR3: 0000000034736002 CR4: 0000000000772ef0
[ 1278.072757][  T228] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1278.073090][  T228] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1278.073328][  T228] PKRU: 55555554
[ 1278.073448][  T228] Call Trace:
[ 1278.073566][  T228]  <TASK>
[ 1278.073650][ T228] do_exit (./include/linux/sched/task_stack.h:33 kernel/exit.c:789 kernel/exit.c:849 kernel/exit.c:998) 
[ 1278.073863][ T228] ? __pfx_do_exit (kernel/exit.c:897) 
[ 1278.074028][ T228] ? do_group_exit (./include/linux/spinlock.h:402 kernel/exit.c:1101) 
[ 1278.074186][ T228] ? __lock_release (kernel/locking/lockdep.c:5539) 
[ 1278.074346][ T228] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 1278.074594][ T228] do_group_exit (kernel/exit.c:1085) 
[ 1278.074753][ T228] __x64_sys_exit_group (kernel/exit.c:1113) 
[ 1278.074912][ T228] x64_sys_call (arch/x86/entry/syscall_64.c:37) 
[ 1278.075071][ T228] do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) 
[ 1278.075316][ T228] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) 
[ 1278.075513][  T228] RIP: 0033:0x7f1411607abd
[ 1278.075680][ T228] Code: Unable to access opcode bytes at 0x7f1411607a93.

Code starting with the faulting instruction
===========================================
[ 1278.075886][  T228] RSP: 002b:00007ffc4eda10d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1278.076124][  T228] RAX: ffffffffffffffda RBX: 00007f14116e49c0 RCX: 00007f1411607abd
[ 1278.076358][  T228] RDX: 00000000000000e7 RSI: ffffffffffffff80 RDI: 0000000000000000
[ 1278.076689][  T228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000030
[ 1278.076923][  T228] R10: 00007ffc4eda0f60 R11: 0000000000000246 R12: 00007f14116e49c0


Finger prints:
print_report:kasan_report:do_exit:do_group_exit:__x64_sys_exit_group
do_exit:do_group_exit:__x64_sys_exit_group:x64_sys_call:do_syscall_64