Oops: general protection fault, probably for non-canonical address 0xdffffc0600000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: probably user-memory-access in range [0x0000003000000008-0x000000300000000f]
CPU: 0 UID: 0 PID: 5344 Comm: syz.3.9 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:vsnprintf+0x638/0x1da0 lib/vsprintf.c:2828
Code: 38 c1 7c 80 4c 89 f7 e8 c6 c5 47 f6 e9 73 ff ff ff 83 f8 04 0f 84 a8 03 00 00 83 f8 05 0f 85 4b 0f 00 00 49 89 d7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 18 11 00 00 8b 1a bf 29 00 00 00 89 de
RSP: 0018:ffffc900042f71a0 EFLAGS: 00010002
RAX: 0000000000000005 RBX: 0000000000000002 RCX: ffff88802aa78000
RDX: 0000003000000008 RSI: ffffffff8fffcc40 RDI: 0000000000000005
RBP: ffffc900042f7298 R08: 0000000000000001 R09: ffffffff8bb47ba4
R10: 0000000000000012 R11: ffff88802aa78000 R12: ffffffff8c0995f1
R13: dffffc0000000000 R14: ffff0a00ffffff05 R15: 0000000600000001
FS:  00005555940ac500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88802aa78b00 CR3: 0000000079ce0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 vscnprintf+0x42/0x90 lib/vsprintf.c:2930
 panic+0x245/0x870 kernel/panic.c:342
 __stack_chk_fail+0x15/0x20 kernel/panic.c:827
 oops_begin+0xb6/0xc0
 page_fault_oops+0x21d/0xcc0 arch/x86/mm/fault.c:703
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:vsnprintf+0x638/0x1da0 lib/vsprintf.c:2828
Code: 38 c1 7c 80 4c 89 f7 e8 c6 c5 47 f6 e9 73 ff ff ff 83 f8 04 0f 84 a8 03 00 00 83 f8 05 0f 85 4b 0f 00 00 49 89 d7 49 c1 ef 03 <43> 0f b6 04 2f 84 c0 0f 85 18 11 00 00 8b 1a bf 29 00 00 00 89 de
RSP: 0018:ffffc900042f71a0 EFLAGS: 00010002
RAX: 0000000000000005 RBX: 0000000000000002 RCX: ffff88802aa78000
RDX: 0000003000000008 RSI: ffffffff8fffcc40 RDI: 0000000000000005
RBP: ffffc900042f7298 R08: 0000000000000001 R09: ffffffff8bb47ba4
R10: 0000000000000012 R11: ffff88802aa78000 R12: ffffffff8c0995f1
R13: dffffc0000000000 R14: ffff0a00ffffff05 R15: 0000000600000001
FS:  00005555940ac500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88802aa78b00 CR3: 0000000079ce0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	38 c1                	cmp    %al,%cl
   2:	7c 80                	jl     0xffffff84
   4:	4c 89 f7             	mov    %r14,%rdi
   7:	e8 c6 c5 47 f6       	call   0xf647c5d2
   c:	e9 73 ff ff ff       	jmp    0xffffff84
  11:	83 f8 04             	cmp    $0x4,%eax
  14:	0f 84 a8 03 00 00    	je     0x3c2
  1a:	83 f8 05             	cmp    $0x5,%eax
  1d:	0f 85 4b 0f 00 00    	jne    0xf6e
  23:	49 89 d7             	mov    %rdx,%r15
  26:	49 c1 ef 03          	shr    $0x3,%r15
* 2a:	43 0f b6 04 2f       	movzbl (%r15,%r13,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 18 11 00 00    	jne    0x114f
  37:	8b 1a                	mov    (%rdx),%ebx
  39:	bf 29 00 00 00       	mov    $0x29,%edi
  3e:	89 de                	mov    %ebx,%esi