Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __schedule+0x2543/0x4b30
Oops: general protection fault, probably for non-canonical address 0x1fffffff7340f672: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 5463 Comm: syz.1.35 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 8000:0xffffc90004c3ef10
Code: ff ff e0 ef c3 04 00 c9 ff ff 00 00 00 00 00 00 00 00 9d 98 37 81 ff ff ff ff 01 00 00 00 00 00 00 00 00 80 c3 04 00 c9 ff ff <00> 00 c4 04 00 c9 ff ff 00 00 00 00 00 00 00 00 02 00 00 00 00 00
RSP: ff48:ffffffff81414d7c EFLAGS: ffffffff81413f16 ORIG_RAX: ffffffff817f5148
RAX: ffffffff8e040ece RBX: 1ffffffff1d02a14 RCX: ffffffff81703ab0
RDX: ffffffff909d05f2 RSI: ffffc90004c40000 RDI: ffffc90004c3ef00
RBP: ffffc90004c3eef0 R08: 0000000045e0360e R09: ffffc90004c3ef90
R10: ffffffff81414d7c R11: fffff52000987d98 R12: ffffffff817013b0
R13: ffffffff8e040e94 R14: 0000000045e0360e R15: ffffffff8e939760
FS:  0000555573394500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  8000 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001030 CR3: 0000000076022000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
Oops: general protection fault, probably for non-canonical address 0xe3fffb2400130fad: 0000 [#2] PREEMPT SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0x1ffff92000987d68-0x1ffff92000987d6f]
CPU: 1 UID: 0 PID: 5463 Comm: syz.1.35 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:string_nocheck lib/vsprintf.c:646 [inline]
RIP: 0010:string+0x1a5/0x2b0 lib/vsprintf.c:728
Code: 85 c0 0f 84 db 00 00 00 4c 89 7c 24 08 49 89 c7 49 ff cf 31 db 49 8d 3c 1c 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 5d 4c 8d 6c 1d 00 41 0f b6 2c 1c 31 ff 89 ee
RSP: 0018:ffffc90004c3e510 EFLAGS: 00010003
RAX: 03ffff2400130fad RBX: 0000000000000000 RCX: dffffc0000000000
RDX: ffff888023d09e00 RSI: ffffffffffffffff RDI: 1ffff92000987d6c
RBP: ffffc90004c3e7f0 R08: ffffffff8bb4b507 R09: ffffffff8bb47ba4
R10: 0000000000000012 R11: ffff888023d09e00 R12: 1ffff92000987d6c
R13: 0000000000000000 R14: ffffc90004c3e7f0 R15: fffffffffffffffe
FS:  0000555573394500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001030 CR3: 0000000076022000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 vsnprintf+0x1101/0x1da0 lib/vsprintf.c:2824
 vprintk_store+0x480/0x1160 kernel/printk/printk.c:2228
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:down_trylock+0x2e/0xa0 kernel/locking/semaphore.c:140
Code: 55 41 57 41 56 41 55 41 54 53 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 f0 ed 00 00 49 89 c6 4d 8d 6f 40 4c 89 eb 48 c1 eb 03 <42> 0f b6 04 23 84 c0 75 34 41 8b 6d 00 ff cd 78 0d 42 0f b6 04 23
RSP: 0018:ffffc90004c3ede8 EFLAGS: 00010806
RAX: 0000000000000046 RBX: 1ffffffff1d02a14 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc90004c3ecc0
RBP: ffffc90004c3eef0 R08: 0000000000000003 R09: fffff52000987d98
R10: dffffc0000000000 R11: fffff52000987d98 R12: ffffffff8170cc5e
R13: ffffffff8e8150a0 R14: 0000000000000046 R15: ffffffff8e815060
FS:  0000555573394500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001030 CR3: 0000000076022000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	85 c0                	test   %eax,%eax
   2:	0f 84 db 00 00 00    	je     0xe3
   8:	4c 89 7c 24 08       	mov    %r15,0x8(%rsp)
   d:	49 89 c7             	mov    %rax,%r15
  10:	49 ff cf             	dec    %r15
  13:	31 db                	xor    %ebx,%ebx
  15:	49 8d 3c 1c          	lea    (%r12,%rbx,1),%rdi
  19:	48 89 f8             	mov    %rdi,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	75 5d                	jne    0x8f
  32:	4c 8d 6c 1d 00       	lea    0x0(%rbp,%rbx,1),%r13
  37:	41 0f b6 2c 1c       	movzbl (%r12,%rbx,1),%ebp
  3c:	31 ff                	xor    %edi,%edi
  3e:	89 ee                	mov    %ebp,%esi