BUG: scheduling while atomic: syz.2.11/5353/0x00000001
BUG: kernel NULL pointer dereference, address: 0000000000000000
Oops: general protection fault, probably for non-canonical address 0xdffffc0008bc06c2: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range [0x0000000045e03610-0x0000000045e03617]
CPU: 0 UID: 0 PID: 5353 Comm: syz.2.11 Not tainted 6.11.0-rc4-next-20240821-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:to_desc kernel/printk/printk_ringbuffer.c:361 [inline]
RIP: 0010:_prb_commit+0xdf/0x3f0 kernel/printk/printk_ringbuffer.c:1693
Code: ff df 41 80 3c 04 00 74 08 4c 89 ef e8 2a 74 87 00 4d 8b 75 00 48 8d 7b 08 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 06 74 87 00 48 8b 43 08 48 89 04 24 48 89 d8
RSP: 0000:ffffc90004216460 EFLAGS: 00010003
RAX: 0000000008bc06c2 RBX: 0000000045e0360e RCX: dffffc0000000000
RDX: ffffc90005021000 RSI: 0000000000000530 RDI: 0000000045e03616
RBP: ffffc90004216540 R08: ffffffff8173c2b4 R09: 1ffffffff203818d
R10: dffffc0000000000 R11: fffffbfff203818e R12: 1ffff92000842cce
R13: ffffc90004216670 R14: ffffffff81701340 R15: ffffc90004216660
FS:  00007ff646bfc6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000087 CR3: 0000000052bc8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 prb_final_commit+0x1a/0x40 kernel/printk/printk_ringbuffer.c:1780
 vprintk_store+0xc40/0x1160 kernel/printk/printk.c:2295
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 xchg_tail kernel/locking/qspinlock.c:183 [inline]
 __pv_queued_spin_lock_slowpath+0x35a/0xdb0 kernel/locking/qspinlock.c:460
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x18/0x30 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 oops_begin+0xaf/0xc0 arch/x86/kernel/dumpstack.c:347
 die_addr+0x1f/0xe0 arch/x86/kernel/dumpstack.c:454
 __exc_general_protection arch/x86/kernel/traps.c:748 [inline]
 exc_general_protection+0x3dd/0x5d0 arch/x86/kernel/traps.c:693
 asm_exc_general_protection+0x26/0x30 arch/x86/include/asm/idtentry.h:617
RIP: 0010:pv_wait_early kernel/locking/qspinlock_paravirt.h:269 [inline]
RIP: 0010:pv_wait_node kernel/locking/qspinlock_paravirt.h:301 [inline]
RIP: 0010:__pv_queued_spin_lock_slowpath+0x43f/0xdb0 kernel/locking/qspinlock.c:473
Code: 00 00 00 83 3a 00 0f 85 53 01 00 00 84 db 74 08 f3 90 ff cb 75 e0 eb 17 43 0f b6 04 2c 84 c0 0f 85 11 01 00 00 48 8b 44 24 38 <80> 38 00 74 e1 48 8b 5c 24 28 48 89 df be 01 00 00 00 e8 5a ea 34
RSP: 0000:ffffc90004216b40 EFLAGS: 00010046
RAX: 00ff8880b913f994 RBX: 0000000000007f00 RCX: ffffffff8bc75d5a
RDX: ffff8880b913f9a8 RSI: 1ffff11017227f35 RDI: ffffffff931771a2
RBP: ffffc90004216c80 R08: ffffffff931771a3 R09: 1ffffffff262ee34
R10: dffffc0000000000 R11: fffffbfff262ee35 R12: 1ffff11017227f32
R13: dffffc0000000000 R14: ffffffff931771a0 R15: 1ffffffff1cf48b7
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x18/0x30 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 oops_begin+0xaf/0xc0 arch/x86/kernel/dumpstack.c:347
 page_fault_oops+0x21d/0xcc0 arch/x86/mm/fault.c:703
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5ed/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:0x96
Code: Unable to access opcode bytes at 0x6c.
RSP: 0000:ffffc90004216f70 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc90005021000 RSI: 00000000000003a9 RDI: 00000000000003aa
RBP: 0000000000000000 R08: ffffffff81420cc3 R09: ffffffff81420825
R10: 0000000000000002 R11: ffff88801db28000 R12: ffffffff8be011e6
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:to_desc kernel/printk/printk_ringbuffer.c:361 [inline]
RIP: 0010:_prb_commit+0xdf/0x3f0 kernel/printk/printk_ringbuffer.c:1693
Code: ff df 41 80 3c 04 00 74 08 4c 89 ef e8 2a 74 87 00 4d 8b 75 00 48 8d 7b 08 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 06 74 87 00 48 8b 43 08 48 89 04 24 48 89 d8
RSP: 0000:ffffc90004216460 EFLAGS: 00010003
RAX: 0000000008bc06c2 RBX: 0000000045e0360e RCX: dffffc0000000000
RDX: ffffc90005021000 RSI: 0000000000000530 RDI: 0000000045e03616
RBP: ffffc90004216540 R08: ffffffff8173c2b4 R09: 1ffffffff203818d
R10: dffffc0000000000 R11: fffffbfff203818e R12: 1ffff92000842cce
R13: ffffc90004216670 R14: ffffffff81701340 R15: ffffc90004216660
FS:  00007ff646bfc6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000087 CR3: 0000000052bc8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	df 41 80             	filds  -0x80(%rcx)
   3:	3c 04                	cmp    $0x4,%al
   5:	00 74 08 4c          	add    %dh,0x4c(%rax,%rcx,1)
   9:	89 ef                	mov    %ebp,%edi
   b:	e8 2a 74 87 00       	call   0x87743a
  10:	4d 8b 75 00          	mov    0x0(%r13),%r14
  14:	48 8d 7b 08          	lea    0x8(%rbx),%rdi
  18:	48 89 f8             	mov    %rdi,%rax
  1b:	48 c1 e8 03          	shr    $0x3,%rax
  1f:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  26:	fc ff df
* 29:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2d:	74 05                	je     0x34
  2f:	e8 06 74 87 00       	call   0x87743a
  34:	48 8b 43 08          	mov    0x8(%rbx),%rax
  38:	48 89 04 24          	mov    %rax,(%rsp)
  3c:	48 89 d8             	mov    %rbx,%rax