general protection fault, probably for non-canonical address 0xe0987c381047c2a2: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0x04c401c0823e1510-0x04c401c0823e1517]
CPU: 1 PID: 5038 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller-00013-ge338142b39cf #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1012 [inline]
RIP: 0010:debug_check_no_obj_freed+0x1d7/0x420 lib/debugobjects.c:1054
Code: 39 00 0f 85 0f 02 00 00 48 89 45 08 4d 89 30 4c 89 c7 4d 89 68 08 e8 d8 cb ff ff 48 85 ed 74 2c 49 89 e8 4c 89 c0 48 c1 e8 03 <42> 80 3c 38 00 0f 84 2e ff ff ff 4c 89 c7 4c 89 44 24 38 e8 a1 7f
RSP: 0018:ffffc9000400f910 EFLAGS: 00010012
RAX: 009880381047c2a2 RBX: ffff8880383fd000 RCX: ffffffff81665104
RDX: 1ffffffff2402945 RSI: 0000000000000004 RDI: ffff888068c58d38
RBP: 04c401c0823e1510 R08: 04c401c0823e1510 R09: 0000000000000000
R10: fffff52000801f10 R11: 0000000000094001 R12: 0000000000000002
R13: dead000000000122 R14: dead000000000100 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2db24000 CR3: 000000000c571000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 free_pages_prepare mm/page_alloc.c:1308 [inline]
 free_unref_page_prepare+0x202/0xcb0 mm/page_alloc.c:2564
 free_unref_page+0x33/0x370 mm/page_alloc.c:2659
 vfree+0x180/0x7e0 mm/vmalloc.c:2798
 kcov_put kernel/kcov.c:428 [inline]
 kcov_put+0x26/0x40 kernel/kcov.c:424
 kcov_close+0x10/0x20 kernel/kcov.c:524
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xad3/0x2960 kernel/exit.c:871
 do_group_exit+0xd4/0x2a0 kernel/exit.c:1021
 get_signal+0x2315/0x25b0 kernel/signal.c:2874
 arch_do_signal_or_restart+0x79/0x5c0 arch/x86/kernel/signal.c:306
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd3ece8b116
Code: Unable to access opcode bytes at 0x7fd3ece8b0ec.
RSP: 002b:00007fffef31e988 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd3ece8b116
RDX: 00007fffef31e9c0 RSI: 00007fffef31e9c0 RDI: 00007fffef31ea50
RBP: 00007fffef31ea50 R08: 0000000000000001 R09: 00007fffef31e820
R10: 0000555555a3e8fb R11: 0000000000000246 R12: 00007fd3ecee6cdc
R13: 00007fffef31fb10 R14: 0000555555a3e810 R15: 00007fffef31fb50
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1012 [inline]
RIP: 0010:debug_check_no_obj_freed+0x1d7/0x420 lib/debugobjects.c:1054
Code: 39 00 0f 85 0f 02 00 00 48 89 45 08 4d 89 30 4c 89 c7 4d 89 68 08 e8 d8 cb ff ff 48 85 ed 74 2c 49 89 e8 4c 89 c0 48 c1 e8 03 <42> 80 3c 38 00 0f 84 2e ff ff ff 4c 89 c7 4c 89 44 24 38 e8 a1 7f
RSP: 0018:ffffc9000400f910 EFLAGS: 00010012

RAX: 009880381047c2a2 RBX: ffff8880383fd000 RCX: ffffffff81665104
RDX: 1ffffffff2402945 RSI: 0000000000000004 RDI: ffff888068c58d38
RBP: 04c401c0823e1510 R08: 04c401c0823e1510 R09: 0000000000000000
R10: fffff52000801f10 R11: 0000000000094001 R12: 0000000000000002
R13: dead000000000122 R14: dead000000000100 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2db24000 CR3: 000000000c571000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess):
   0:	39 00                	cmp    %eax,(%rax)
   2:	0f 85 0f 02 00 00    	jne    0x217
   8:	48 89 45 08          	mov    %rax,0x8(%rbp)
   c:	4d 89 30             	mov    %r14,(%r8)
   f:	4c 89 c7             	mov    %r8,%rdi
  12:	4d 89 68 08          	mov    %r13,0x8(%r8)
  16:	e8 d8 cb ff ff       	callq  0xffffcbf3
  1b:	48 85 ed             	test   %rbp,%rbp
  1e:	74 2c                	je     0x4c
  20:	49 89 e8             	mov    %rbp,%r8
  23:	4c 89 c0             	mov    %r8,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	0f 84 2e ff ff ff    	je     0xffffff63
  35:	4c 89 c7             	mov    %r8,%rdi
  38:	4c 89 44 24 38       	mov    %r8,0x38(%rsp)
  3d:	e8                   	.byte 0xe8
  3e:	a1                   	.byte 0xa1
  3f:	7f                   	.byte 0x7f