======================================
| [ 4434.022494][ T8900] ==================================================================
| [ 4434.022878][ T8900] BUG: KASAN: slab-use-after-free in tls_strp_check_rcv (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) tls 
| [ 4434.023181][ T8900] Read of size 4 at addr ffff88801786f2d0 by task kworker/1:0/8900
| [ 4434.023454][ T8900]
[ 4434.023557][ T8900] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4434.023560][ T8900] Workqueue: tls-strp tls_strp_work [tls]
[ 4434.023572][ T8900] Call Trace:
[ 4434.023575][ T8900]  <TASK>
[ 4434.023577][ T8900] dump_stack_lvl (lib/dump_stack.c:123) 
[ 4434.023590][ T8900] print_address_description.constprop.0 (mm/kasan/report.c:409) 
[ 4434.023601][ T8900] ? tls_strp_check_rcv (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) tls 
[ 4434.023617][ T8900] print_report (mm/kasan/report.c:522) 
[ 4434.023621][ T8900] ? tls_strp_check_rcv (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) tls 
[ 4434.023628][ T8900] ? kasan_addr_to_slab (./include/linux/mm.h:1178 mm/kasan/../slab.h:211 mm/kasan/common.c:38) 
[ 4434.023632][ T8900] ? tls_strp_check_rcv (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) tls 
[ 4434.023640][ T8900] kasan_report (mm/kasan/report.c:636) 
[ 4434.023644][ T8900] ? tls_strp_check_rcv (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) tls 
[ 4434.023655][ T8900] tls_strp_check_rcv (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) tls 
[ 4434.023663][ T8900] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 4434.023670][ T8900] ? __pfx_tls_strp_check_rcv (net/tls/tls_strp.c:540) tls 
[ 4434.023680][ T8900] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:412) 
[ 4434.023688][ T8900] tls_strp_work (net/tls/tls_strp.c:573) tls 
[ 4434.023697][ T8900] process_one_work (kernel/workqueue.c:3238) 
[ 4434.023705][ T8900] ? __pfx_process_one_work (kernel/workqueue.c:3140) 
[ 4434.023711][ T8900] ? assign_work (kernel/workqueue.c:1200) 
[ 4434.023718][ T8900] worker_thread (kernel/workqueue.c:3315 kernel/workqueue.c:3402) 
[ 4434.023724][ T8900] ? __pfx_worker_thread (kernel/workqueue.c:3348) 
[ 4434.023727][ T8900] kthread (kernel/kthread.c:464) 
[ 4434.023731][ T8900] ? __pfx_kthread (kernel/kthread.c:413) 
[ 4434.023733][ T8900] ? ret_from_fork (arch/x86/kernel/process.c:147) 
[ 4434.023738][ T8900] ? __lock_release (kernel/locking/lockdep.c:5539) 
[ 4434.023742][ T8900] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 4434.023748][ T8900] ? __pfx_kthread (kernel/kthread.c:413) 
[ 4434.023752][ T8900] ret_from_fork (arch/x86/kernel/process.c:148) 
[ 4434.023754][ T8900] ? __pfx_kthread (kernel/kthread.c:413) 
[ 4434.023757][ T8900] ret_from_fork_asm (arch/x86/entry/entry_64.S:258) 
| [ 4434.044016][ T8900] Disabling lock debugging due to kernel taint
| [ 4434.044260][ T8900] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI
| [ 4434.044644][ T8900] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
| [ 4434.045302][ T8900] Tainted: [B]=BAD_PAGE
[ 4434.045433][ T8900] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 4434.045650][ T8900] Workqueue: tls-strp tls_strp_work [tls]
[ 4434.045841][ T8900] RIP: 0010:tls_strp_check_rcv (net/tls/tls_strp.c:446 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) tls 
[ 4434.046096][ T8900] Code: 7b 28 eb 41 41 01 c7 41 29 c5 48 89 d8 48 c1 e8 03 42 80 3c 30 00 0f 85 f8 01 00 00 48 8b 1b 48 8d 7b 28 48 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e 00 02 00 00 44 3b 7b 28 0f
All code
========
   0:	7b 28                	jnp    0x2a
   2:	eb 41                	jmp    0x45
   4:	41 01 c7             	add    %eax,%r15d
   7:	41 29 c5             	sub    %eax,%r13d
   a:	48 89 d8             	mov    %rbx,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1)
  16:	0f 85 f8 01 00 00    	jne    0x214
  1c:	48 8b 1b             	mov    (%rbx),%rbx
  1f:	48 8d 7b 28          	lea    0x28(%rbx),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
  2a:*	42 0f b6 04 30       	movzbl (%rax,%r14,1),%eax		<-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	74 08                	je     0x3b
  33:	3c 03                	cmp    $0x3,%al
  35:	0f 8e 00 02 00 00    	jle    0x23b
  3b:	44 3b 7b 28          	cmp    0x28(%rbx),%r15d
  3f:	0f                   	.byte 0xf

Code starting with the faulting instruction
===========================================
   0:	42 0f b6 04 30       	movzbl (%rax,%r14,1),%eax
   5:	84 c0                	test   %al,%al
   7:	74 08                	je     0x11
   9:	3c 03                	cmp    $0x3,%al
   b:	0f 8e 00 02 00 00    	jle    0x211
  11:	44 3b 7b 28          	cmp    0x28(%rbx),%r15d
  15:	0f                   	.byte 0xf
[ 4434.046701][ T8900] RSP: 0018:ffffc900058a7bb0 EFLAGS: 00010206
[ 4434.046918][ T8900] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffffffc05a013c
[ 4434.047192][ T8900] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000028
[ 4434.047454][ T8900] RBP: ffff88800e2162d0 R08: ffff88800e2162da R09: fffffbfff5b5b0b8
[ 4434.047713][ T8900] R10: ffffffffadad85c7 R11: ffffc900058a76c0 R12: 1ffff92000b14f79
[ 4434.047970][ T8900] R13: 0000000000001ec5 R14: dffffc0000000000 R15: 000000002c5d2bb8
[ 4434.048242][ T8900] FS:  0000000000000000(0000) GS:ffff8880bf417000(0000) knlGS:0000000000000000
[ 4434.048540][ T8900] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4434.048758][ T8900] CR2: 00007ffcc7406000 CR3: 000000000b047003 CR4: 0000000000772ef0
[ 4434.049021][ T8900] PKRU: 55555554
[ 4434.049160][ T8900] Call Trace:
[ 4434.049289][ T8900]  <TASK>
[ 4434.049377][ T8900] ? do_raw_spin_lock (./arch/x86/include/asm/atomic.h:107 ./include/linux/atomic/atomic-arch-fallback.h:2170 ./include/linux/atomic/atomic-instrumented.h:1302 ./include/asm-generic/qspinlock.h:111 kernel/locking/spinlock_debug.c:116) 
[ 4434.049560][ T8900] ? __pfx_tls_strp_check_rcv (net/tls/tls_strp.c:540) tls 
[ 4434.049780][ T8900] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:412) 
[ 4434.049953][ T8900] tls_strp_work (net/tls/tls_strp.c:573) tls 
[ 4434.050140][ T8900] process_one_work (kernel/workqueue.c:3238) 
[ 4434.050407][ T8900] ? __pfx_process_one_work (kernel/workqueue.c:3140) 
[ 4434.050580][ T8900] ? assign_work (kernel/workqueue.c:1200) 
[ 4434.050755][ T8900] worker_thread (kernel/workqueue.c:3315 kernel/workqueue.c:3402) 
[ 4434.050930][ T8900] ? __pfx_worker_thread (kernel/workqueue.c:3348) 
[ 4434.051195][ T8900] kthread (kernel/kthread.c:464) 
[ 4434.051324][ T8900] ? __pfx_kthread (kernel/kthread.c:413) 
[ 4434.051495][ T8900] ? ret_from_fork (arch/x86/kernel/process.c:147) 
[ 4434.051665][ T8900] ? __lock_release (kernel/locking/lockdep.c:5539) 
[ 4434.051922][ T8900] ? rcu_is_watching (./include/linux/context_tracking.h:128 kernel/rcu/tree.c:745) 
[ 4434.052093][ T8900] ? __pfx_kthread (kernel/kthread.c:413) 
[ 4434.052285][ T8900] ret_from_fork (arch/x86/kernel/process.c:148) 
[ 4434.052458][ T8900] ? __pfx_kthread (kernel/kthread.c:413) 


Finger prints:
print_report:kasan_report:tls_strp_check_rcv:tls_strp_work:process_one_work
tls_strp_check_rcv:tls_strp_work:process_one_work:worker_thread:kthread