general protection fault in __sprint

Oops: general protection fault, probably for non-canonical address 0xdfffc5000a176ea0: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 5569 Comm: syz.2.55 Not tainted 6.11.0-rc4-next-20240821-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:__sprint_symbol+0x304/0x3a0 kernel/kallsyms.c:469
Code: 42 0f b6 04 28 84 c0 0f 85 85 00 00 00 66 41 c7 06 5d 00 ff c3 eb 05 e8 fa 95 0b 00 48 c7 44 24 40 0e 36 e0 45 48 8b 44 24 38 <49> c7 44 05 00 00 00 00 00 49 c7 44 05 09 00 00 00 00 66 41 c7 44
RSP: 0018:ffffc9000a176d00 EFLAGS: 00010046
RAX: ffffc9000a176ea0 RBX: 0000000000000003 RCX: eaaa9e831141c500
RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffc9000a176ea3
RBP: ffffc9000a176e30 R08: ffffffff8bb6b703 R09: 0000000000000000
R10: ffffc9000a176a60 R11: fffff5200142ed4f R12: 1ffff9200142edb8
R13: dffffc0000000000 R14: 1ffff9200142edb4 R15: 0000000000000000
FS:  0000555582212500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000549 CR3: 0000000075612000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 symbol_string+0x191/0x3b0 lib/vsprintf.c:998
 pointer+0x8cb/0x1210 lib/vsprintf.c:2422
 vsnprintf+0xdb0/0x1da0 lib/vsprintf.c:2828
 vscnprintf+0x42/0x90 lib/vsprintf.c:2930
 panic+0x245/0x870 kernel/panic.c:342
 __stack_chk_fail+0x15/0x20 kernel/panic.c:827
 oops_begin+0xb6/0xc0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__sprint_symbol+0x304/0x3a0 kernel/kallsyms.c:469
Code: 42 0f b6 04 28 84 c0 0f 85 85 00 00 00 66 41 c7 06 5d 00 ff c3 eb 05 e8 fa 95 0b 00 48 c7 44 24 40 0e 36 e0 45 48 8b 44 24 38 <49> c7 44 05 00 00 00 00 00 49 c7 44 05 09 00 00 00 00 66 41 c7 44
RSP: 0018:ffffc9000a176d00 EFLAGS: 00010046
RAX: ffffc9000a176ea0 RBX: 0000000000000003 RCX: eaaa9e831141c500
RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffc9000a176ea3
RBP: ffffc9000a176e30 R08: ffffffff8bb6b703 R09: 0000000000000000
R10: ffffc9000a176a60 R11: fffff5200142ed4f R12: 1ffff9200142edb8
R13: dffffc0000000000 R14: 1ffff9200142edb4 R15: 0000000000000000
FS:  0000555582212500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000549 CR3: 0000000075612000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax
   5:	84 c0                	test   %al,%al
   7:	0f 85 85 00 00 00    	jne    0x92
   d:	66 41 c7 06 5d 00    	movw   $0x5d,(%r14)
  13:	ff c3                	inc    %ebx
  15:	eb 05                	jmp    0x1c
  17:	e8 fa 95 0b 00       	call   0xb9616
  1c:	48 c7 44 24 40 0e 36 	movq   $0x45e0360e,0x40(%rsp)
  23:	e0 45
  25:	48 8b 44 24 38       	mov    0x38(%rsp),%rax
* 2a:	49 c7 44 05 00 00 00 	movq   $0x0,0x0(%r13,%rax,1) <-- trapping instruction
  31:	00 00
  33:	49 c7 44 05 09 00 00 	movq   $0x0,0x9(%r13,%rax,1)
  3a:	00 00
  3c:	66                   	data16
  3d:	41                   	rex.B
  3e:	c7                   	.byte 0xc7
  3f:	44                   	rex.R