Oops: general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
CPU: 1 UID: 0 PID: 5346 Comm: syz.3.9 Not tainted 6.11.0-rc4-next-20240820-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:format_decode+0x1019/0x1bb0 lib/vsprintf.c:2706
Code: 42 80 3c 30 00 48 8b 5c 24 40 74 0d 48 8d bc 24 80 00 00 00 e8 b8 9e 47 f6 4c 89 ac 24 80 00 00 00 48 c7 44 24 60 0e 36 e0 45 <49> c7 04 1e 00 00 00 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 a0
RSP: 0018:ffffc900046751e0 EFLAGS: 00010087
RAX: ffffffff8bb49e8c RBX: 000000000000000c RCX: 0000000000040000
RDX: ffffc9000aced000 RSI: 0000000000001483 RDI: 0000000000001484
RBP: ffffc900046752d0 R08: ffffffff8bb49ce8 R09: ffffffff8bb499ca
R10: 0000000000000002 R11: ffff88807fb50000 R12: ffffffff8c0995c0
R13: ffffffff8c0995ef R14: dffffc0000000000 R15: 0000000000000025
FS:  00007f2c154e26c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8e939760 CR3: 000000007a56c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 vsnprintf+0x14f/0x1da0 lib/vsprintf.c:2776
 vscnprintf+0x42/0x90 lib/vsprintf.c:2930
 panic+0x245/0x870 kernel/panic.c:342
 __stack_chk_fail+0x15/0x20 kernel/panic.c:827
 fixup_exception+0x1c89/0x1cc0
 kernelmode_fixup_or_oops+0x66/0xf0 arch/x86/mm/fault.c:728
 __bad_area_nosemaphore+0x118/0x770 arch/x86/mm/fault.c:785
 handle_page_fault arch/x86/mm/fault.c:1479 [inline]
 exc_page_fault+0x5c8/0x8c0 arch/x86/mm/fault.c:1539
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:format_decode+0x1019/0x1bb0 lib/vsprintf.c:2706
Code: 42 80 3c 30 00 48 8b 5c 24 40 74 0d 48 8d bc 24 80 00 00 00 e8 b8 9e 47 f6 4c 89 ac 24 80 00 00 00 48 c7 44 24 60 0e 36 e0 45 <49> c7 04 1e 00 00 00 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 a0
RSP: 0018:ffffc900046751e0 EFLAGS: 00010087
RAX: ffffffff8bb49e8c RBX: 000000000000000c RCX: 0000000000040000
RDX: ffffc9000aced000 RSI: 0000000000001483 RDI: 0000000000001484
RBP: ffffc900046752d0 R08: ffffffff8bb49ce8 R09: ffffffff8bb499ca
R10: 0000000000000002 R11: ffff88807fb50000 R12: ffffffff8c0995c0
R13: ffffffff8c0995ef R14: dffffc0000000000 R15: 0000000000000025
FS:  00007f2c154e26c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8e939760 CR3: 000000007a56c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1)
   5:	48 8b 5c 24 40       	mov    0x40(%rsp),%rbx
   a:	74 0d                	je     0x19
   c:	48 8d bc 24 80 00 00 	lea    0x80(%rsp),%rdi
  13:	00
  14:	e8 b8 9e 47 f6       	call   0xf6479ed1
  19:	4c 89 ac 24 80 00 00 	mov    %r13,0x80(%rsp)
  20:	00
  21:	48 c7 44 24 60 0e 36 	movq   $0x45e0360e,0x60(%rsp)
  28:	e0 45
* 2a:	49 c7 04 1e 00 00 00 	movq   $0x0,(%r14,%rbx,1) <-- trapping instruction
  31:	00
  32:	65 48 8b 04 25 28 00 	mov    %gs:0x28,%rax
  39:	00 00
  3b:	48                   	rex.W
  3c:	3b                   	.byte 0x3b
  3d:	84 24 a0             	test   %ah,(%rax,%riz,4)