Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __schedule+0x2543/0x4b30 BUG: unable to handle page fault for address: 0000000045e0360e #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 0 P4D 0 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#2] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 5739 Comm: syz.3.73 Tainted: G D 6.11.0-rc4-next-20240823-syzkaller #0 Tainted: [D]=DIE Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:page_fault_oops+0x88d/0xcc0 arch/x86/mm/fault.c:707 Code: 1c 25 80 d7 03 00 48 83 c3 20 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 fd 72 ba 00 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 e4 72 ba 00 48 8b 1b bf 9d 6e ac RSP: 0000:ffffc9000302ef80 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 523a4324f0f9b000 RDX: 0000000000000000 RSI: 0000000080000005 RDI: 0000000000000000 RBP: ffffc9000302f108 R08: ffffffff817452ac R09: 1ffff1101722519a R10: dffffc0000000000 R11: ffffed101722519b R12: 1ffff92000605dfc R13: dffffc0000000000 R14: 0000000045e0360e R15: 0000000000000010 FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000045e0360e CR3: 0000000060e9e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:do_task_dead+0xc5/0xd0 kernel/sched/core.c:6694 Code: 03 42 0f b6 04 20 84 c0 74 14 89 d9 80 e1 07 80 c1 03 38 c1 7c 08 48 89 df e8 a7 5c 98 00 80 4b 01 80 31 ff e8 bc e3 62 0a 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc9000302fa70 EFLAGS: 00010246 RAX: 523a4324f0f9b000 RBX: ffff88801a35002c RCX: 1ffff92000605f28 RDX: dffffc0000000000 RSI: ffffffff8c0aca40 RDI: ffff88801a3515f8 RBP: ffffc9000302fc00 R08: ffffffff901c1baf R09: 1ffffffff2038375 R10: dffffc0000000000 R11: fffffbfff2038376 R12: dffffc0000000000 R13: ffffffff816435d9 R14: ffff88801a350a00 R15: 0000000000000246 FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000045e0360e CR3: 0000000060e9e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 1c 25 sbb $0x25,%al 2: 80 d7 03 adc $0x3,%bh 5: 00 48 83 add %cl,-0x7d(%rax) 8: c3 ret 9: 20 48 89 and %cl,-0x77(%rax) c: d8 48 c1 fmuls -0x3f(%rax) f: e8 03 42 80 3c call 0x3c804217 14: 28 00 sub %al,(%rax) 16: 74 08 je 0x20 18: 48 89 df mov %rbx,%rdi 1b: e8 fd 72 ba 00 call 0xba731d 20: 48 8b 1b mov (%rbx),%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 df mov %rbx,%rdi 34: e8 e4 72 ba 00 call 0xba731d 39: 48 8b 1b mov (%rbx),%rbx 3c: bf .byte 0xbf 3d: 9d popf 3e: 6e outsb %ds:(%rsi),(%dx) 3f: ac lods %ds:(%rsi),%al