BUG: scheduling while atomic: syz.2.11/5353/0x00000001
BUG: kernel NULL pointer dereference, address: 0000000000000000
Oops: general protection fault, probably for non-canonical address 0xdffffc0008bc06c2: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range [0x0000000045e03610-0x0000000045e03617]
CPU: 0 UID: 0 PID: 5353 Comm: syz.2.11 Not tainted 6.11.0-rc4-next-20240821-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:to_desc kernel/printk/printk_ringbuffer.c:361 [inline]
RIP: 0010:_prb_commit+0xdf/0x3f0 kernel/printk/printk_ringbuffer.c:1693
Code: ff df 41 80 3c 04 00 74 08 4c 89 ef e8 2a 74 87 00 4d 8b 75 00 48 8d 7b 08 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 06 74 87 00 48 8b 43 08 48 89 04 24 48 89 d8
RSP: 0000:ffffc90004216460 EFLAGS: 00010003
RAX: 0000000008bc06c2 RBX: 0000000045e0360e RCX: dffffc0000000000
RDX: ffffc90005021000 RSI: 0000000000000530 RDI: 0000000045e03616
RBP: ffffc90004216540 R08: ffffffff8173c2b4 R09: 1ffffffff203818d
R10: dffffc0000000000 R11: fffffbfff203818e R12: 1ffff92000842cce
R13: ffffc90004216670 R14: ffffffff81701340 R15: ffffc90004216660
FS: 00007ff646bfc6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000087 CR3: 0000000052bc8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
prb_final_commit+0x1a/0x40 kernel/printk/printk_ringbuffer.c:1780
vprintk_store+0xc40/0x1160 kernel/printk/printk.c:2295
instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
xchg_tail kernel/locking/qspinlock.c:183 [inline]
__pv_queued_spin_lock_slowpath+0x35a/0xdb0 kernel/locking/qspinlock.c:460
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
queued_spin_lock_slowpath+0x18/0x30 arch/x86/include/asm/qspinlock.h:51
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
oops_begin+0xaf/0xc0 arch/x86/kernel/dumpstack.c:347
die_addr+0x1f/0xe0 arch/x86/kernel/dumpstack.c:454
__exc_general_protection arch/x86/kernel/traps.c:748 [inline]
exc_general_protection+0x3dd/0x5d0 arch/x86/kernel/traps.c:693
asm_exc_general_protection+0x26/0x30 arch/x86/include/asm/idtentry.h:617
RIP: 0010:pv_wait_early kernel/locking/qspinlock_paravirt.h:269 [inline]
RIP: 0010:pv_wait_node kernel/locking/qspinlock_paravirt.h:301 [inline]
RIP: 0010:__pv_queued_spin_lock_slowpath+0x43f/0xdb0 kernel/locking/qspinlock.c:473
Code: 00 00 00 83 3a 00 0f 85 53 01 00 00 84 db 74 08 f3 90 ff cb 75 e0 eb 17 43 0f b6 04 2c 84 c0 0f 85 11 01 00 00 48 8b 44 24 38 <80> 38 00 74 e1 48 8b 5c 24 28 48 89 df be 01 00 00 00 e8 5a ea 34
RSP: 0000:ffffc90004216b40 EFLAGS: 00010046
RAX: 00ff8880b913f994 RBX: 0000000000007f00 RCX: ffffffff8bc75d5a
RDX: ffff8880b913f9a8 RSI: 1ffff11017227f35 RDI: ffffffff931771a2
RBP: ffffc90004216c80 R08: ffffffff931771a3 R09: 1ffffffff262ee34
R10: dffffc0000000000 R11: fffffbfff262ee35 R12: 1ffff11017227f32
R13: dffffc0000000000 R14: ffffffff931771a0 R15: 1ffffffff1cf48b7
pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
queued_spin_lock_slowpath+0x18/0x30 arch/x86/include/asm/qspinlock.h:51
queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
oops_begin+0xaf/0xc0 arch/x86/kernel/dumpstack.c:347
page_fault_oops+0x21d/0xcc0 arch/x86/mm/fault.c:703
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x5ed/0x8c0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:0x96
Code: Unable to access opcode bytes at 0x6c.
RSP: 0000:ffffc90004216f70 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc90005021000 RSI: 00000000000003a9 RDI: 00000000000003aa
RBP: 0000000000000000 R08: ffffffff81420cc3 R09: ffffffff81420825
R10: 0000000000000002 R11: ffff88801db28000 R12: ffffffff8be011e6
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:to_desc kernel/printk/printk_ringbuffer.c:361 [inline]
RIP: 0010:_prb_commit+0xdf/0x3f0 kernel/printk/printk_ringbuffer.c:1693
Code: ff df 41 80 3c 04 00 74 08 4c 89 ef e8 2a 74 87 00 4d 8b 75 00 48 8d 7b 08 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 06 74 87 00 48 8b 43 08 48 89 04 24 48 89 d8
RSP: 0000:ffffc90004216460 EFLAGS: 00010003
RAX: 0000000008bc06c2 RBX: 0000000045e0360e RCX: dffffc0000000000
RDX: ffffc90005021000 RSI: 0000000000000530 RDI: 0000000045e03616
RBP: ffffc90004216540 R08: ffffffff8173c2b4 R09: 1ffffffff203818d
R10: dffffc0000000000 R11: fffffbfff203818e R12: 1ffff92000842cce
R13: ffffc90004216670 R14: ffffffff81701340 R15: ffffc90004216660
FS: 00007ff646bfc6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000087 CR3: 0000000052bc8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: df 41 80 filds -0x80(%rcx)
3: 3c 04 cmp $0x4,%al
5: 00 74 08 4c add %dh,0x4c(%rax,%rcx,1)
9: 89 ef mov %ebp,%edi
b: e8 2a 74 87 00 call 0x87743a
10: 4d 8b 75 00 mov 0x0(%r13),%r14
14: 48 8d 7b 08 lea 0x8(%rbx),%rdi
18: 48 89 f8 mov %rdi,%rax
1b: 48 c1 e8 03 shr $0x3,%rax
1f: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx
26: fc ff df
* 29: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
2d: 74 05 je 0x34
2f: e8 06 74 87 00 call 0x87743a
34: 48 8b 43 08 mov 0x8(%rbx),%rax
38: 48 89 04 24 mov %rax,(%rsp)
3c: 48 89 d8 mov %rbx,%rax