general protection fault, probably for non-canonical address 0xdffffcc020008009: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000060100040048-0x000006010004004f]
CPU: 1 PID: 5479 Comm: sed Not tainted 6.6.0-rc1-next-20230915-syzkaller-05666-gdfa449a58323 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1021 [inline]
RIP: 0010:debug_check_no_obj_freed+0x1fe/0x4c0 lib/debugobjects.c:1063
Code: 02 00 00 48 be 00 01 00 00 00 00 ad de 48 89 53 08 48 89 c7 48 89 30 4c 89 68 08 e8 ec d2 ff ff 48 89 d8 48 89 c2 48 c1 ea 03 <42> 80 3c 22 00 0f 84 27 ff ff ff 48 89 c7 48 89 44 24 50 e8 3a cf
RSP: 0018:ffffc90004e2fc50 EFLAGS: 00010006
RAX: 0000060100040048 RBX: 0000060100040048 RCX: ffffffff816920be
RDX: 000000c020008009 RSI: ffff888027a51100 RDI: ffff8880680856a8
RBP: 0000000000000006 R08: 0000000000000001 R09: fffff520009c5f78
R10: 0000000000000003 R11: 0000000000000000 R12: dffffc0000000000
R13: dead000000000122 R14: ffff888027a51100 R15: ffff888027a52100
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc30d1f2018 CR3: 000000001f790000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 slab_free_hook mm/slub.c:1775 [inline]
 slab_free_freelist_hook+0x18c/0x1e0 mm/slub.c:1826
 slab_free mm/slub.c:3809 [inline]
 kmem_cache_free+0xf0/0x480 mm/slub.c:3831
 putname fs/namei.c:273 [inline]
 putname+0x101/0x140 fs/namei.c:259
 do_sys_openat2+0x15c/0x1e0 fs/open.c:1430
 do_sys_open fs/open.c:1437 [inline]
 __do_sys_openat fs/open.c:1453 [inline]
 __se_sys_openat fs/open.c:1448 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1448
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc30d20fa46
Code: 10 00 00 00 44 8b 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 0a 48 01 00 48 83 c8 ff c3 31
RSP: 002b:00007ffdb032f598 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffdb032f7f8 RCX: 00007fc30d20fa46
RDX: 0000000000080000 RSI: 00007ffdb032f610 RDI: 00000000ffffff9c
RBP: 00007ffdb032f600 R08: 0000000000080000 R09: 00007ffdb032f610
R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffdb032f610
R13: 0000000000000009 R14: 00007ffdb032f7df R15: 00000000ffffffff
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:1021 [inline]
RIP: 0010:debug_check_no_obj_freed+0x1fe/0x4c0 lib/debugobjects.c:1063
Code: 02 00 00 48 be 00 01 00 00 00 00 ad de 48 89 53 08 48 89 c7 48 89 30 4c 89 68 08 e8 ec d2 ff ff 48 89 d8 48 89 c2 48 c1 ea 03 <42> 80 3c 22 00 0f 84 27 ff ff ff 48 89 c7 48 89 44 24 50 e8 3a cf
RSP: 0018:ffffc90004e2fc50 EFLAGS: 00010006

RAX: 0000060100040048 RBX: 0000060100040048 RCX: ffffffff816920be
RDX: 000000c020008009 RSI: ffff888027a51100 RDI: ffff8880680856a8
RBP: 0000000000000006 R08: 0000000000000001 R09: fffff520009c5f78
R10: 0000000000000003 R11: 0000000000000000 R12: dffffc0000000000
R13: dead000000000122 R14: ffff888027a51100 R15: ffff888027a52100
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc30d1f2018 CR3: 000000001f790000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	48 be 00 01 00 00 00 	movabs $0xdead000000000100,%rsi
   9:	00 ad de
   c:	48 89 53 08          	mov    %rdx,0x8(%rbx)
  10:	48 89 c7             	mov    %rax,%rdi
  13:	48 89 30             	mov    %rsi,(%rax)
  16:	4c 89 68 08          	mov    %r13,0x8(%rax)
  1a:	e8 ec d2 ff ff       	call   0xffffd30b
  1f:	48 89 d8             	mov    %rbx,%rax
  22:	48 89 c2             	mov    %rax,%rdx
  25:	48 c1 ea 03          	shr    $0x3,%rdx
* 29:	42 80 3c 22 00       	cmpb   $0x0,(%rdx,%r12,1) <-- trapping instruction
  2e:	0f 84 27 ff ff ff    	je     0xffffff5b
  34:	48 89 c7             	mov    %rax,%rdi
  37:	48 89 44 24 50       	mov    %rax,0x50(%rsp)
  3c:	e8                   	.byte 0xe8
  3d:	3a cf                	cmp    %bh,%cl