general protection fault, probably for non-canonical address 0xe0cadc3e20000272: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0x065701f100001390-0x065701f100001397]
CPU: 1 PID: 55 Comm: kworker/u4:4 Not tainted 6.3.0-syzkaller-12964-g89b7fd5d7f3c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Workqueue:  0x0 (bat_events)
RIP: 0010:lookup_object lib/debugobjects.c:195 [inline]
RIP: 0010:debug_object_deactivate lib/debugobjects.c:758 [inline]
RIP: 0010:debug_object_deactivate+0x144/0x300 lib/debugobjects.c:744
Code: 8f 01 00 00 48 8b ab 60 57 f8 91 31 db 48 85 ed 74 44 49 bc 00 00 00 00 00 fc ff df 48 8d 7d 18 83 c3 01 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 1e 01 00 00 4c 3b 7d 18 74 74 48 89 e8 48 c1
RSP: 0018:ffffc90001577c38 EFLAGS: 00010017
RAX: 00cae03e20000272 RBX: 0000000000000004 RCX: ffffffff81666574
RDX: 1ffffffff23f9cb1 RSI: 0000000000000012 RDI: 065701f100001394
RBP: 065701f10000137c R08: ffffffff91fce578 R09: 0000000000000003
R10: fffff520002aef75 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffffff8a4b8ce0 R14: 1ffff920002aef89 R15: ffff88803f3296d8
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020216030 CR3: 0000000038349000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 debug_work_deactivate kernel/workqueue.c:522 [inline]
 process_one_work+0x399/0x15e0 kernel/workqueue.c:2335
 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
 kthread+0x344/0x440 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:lookup_object lib/debugobjects.c:195 [inline]
RIP: 0010:debug_object_deactivate lib/debugobjects.c:758 [inline]
RIP: 0010:debug_object_deactivate+0x144/0x300 lib/debugobjects.c:744
Code: 8f 01 00 00 48 8b ab 60 57 f8 91 31 db 48 85 ed 74 44 49 bc 00 00 00 00 00 fc ff df 48 8d 7d 18 83 c3 01 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 1e 01 00 00 4c 3b 7d 18 74 74 48 89 e8 48 c1
RSP: 0018:ffffc90001577c38 EFLAGS: 00010017
RAX: 00cae03e20000272 RBX: 0000000000000004 RCX: ffffffff81666574
RDX: 1ffffffff23f9cb1 RSI: 0000000000000012 RDI: 065701f100001394
RBP: 065701f10000137c R08: ffffffff91fce578 R09: 0000000000000003
R10: fffff520002aef75 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffffff8a4b8ce0 R14: 1ffff920002aef89 R15: ffff88803f3296d8
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020216030 CR3: 0000000038349000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess):
   0:	8f 01                	popq   (%rcx)
   2:	00 00                	add    %al,(%rax)
   4:	48 8b ab 60 57 f8 91 	mov    -0x6e07a8a0(%rbx),%rbp
   b:	31 db                	xor    %ebx,%ebx
   d:	48 85 ed             	test   %rbp,%rbp
  10:	74 44                	je     0x56
  12:	49 bc 00 00 00 00 00 	movabs $0xdffffc0000000000,%r12
  19:	fc ff df
  1c:	48 8d 7d 18          	lea    0x18(%rbp),%rdi
  20:	83 c3 01             	add    $0x1,%ebx
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	0f 85 1e 01 00 00    	jne    0x153
  35:	4c 3b 7d 18          	cmp    0x18(%rbp),%r15
  39:	74 74                	je     0xaf
  3b:	48 89 e8             	mov    %rbp,%rax
  3e:	48                   	rex.W
  3f:	c1                   	.byte 0xc1