general protection fault, probably for non-canonical address 0xdffffc0000000026: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000130-0x0000000000000137] CPU: 1 PID: 929 Comm: kworker/1:2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: pm pm_runtime_work RIP: 0010:serial8250_tx_chars+0x3c7/0x8b0 drivers/tty/serial/8250/8250_port.c:1809 Code: 02 00 00 e8 2b 96 9a fc 48 8b 44 24 30 80 38 00 0f 85 21 04 00 00 4d 03 a5 a0 03 00 00 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08 84 c0 0f 85 af 03 00 00 48 8b 44 24 18 41 RSP: 0018:ffffc900047a7a10 EFLAGS: 00010046 RAX: 0000000000000026 RBX: ffffffff949172e0 RCX: ffffffff9491758c RDX: 0000000000000000 RSI: ffffffff84f26285 RDI: ffffffff94917590 RBP: dffffc0000000000 R08: 0000000000000004 R09: ffffffff94917404 R10: 0000000000000130 R11: 0000000000000002 R12: 0000000000000130 R13: ffff88801fbb0c30 R14: 0000000000000010 R15: ffff88801fc6a158 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30b28000 CR3: 00000000293ea000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __start_tx+0x3e9/0x4a0 drivers/tty/serial/8250/8250_port.c:1544 serial8250_start_tx+0x363/0x530 drivers/tty/serial/8250/8250_port.c:1653 serial_port_runtime_suspend+0x27c/0x350 drivers/tty/serial/serial_port.c:62 __rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394 rpm_callback+0x1da/0x220 drivers/base/power/runtime.c:448 rpm_suspend+0x2e7/0x11c0 drivers/base/power/runtime.c:672 pm_runtime_work+0x134/0x150 drivers/base/power/runtime.c:976 process_one_work+0x9a9/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:serial8250_tx_chars+0x3c7/0x8b0 drivers/tty/serial/8250/8250_port.c:1809 Code: 02 00 00 e8 2b 96 9a fc 48 8b 44 24 30 80 38 00 0f 85 21 04 00 00 4d 03 a5 a0 03 00 00 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08 84 c0 0f 85 af 03 00 00 48 8b 44 24 18 41 RSP: 0018:ffffc900047a7a10 EFLAGS: 00010046 RAX: 0000000000000026 RBX: ffffffff949172e0 RCX: ffffffff9491758c RDX: 0000000000000000 RSI: ffffffff84f26285 RDI: ffffffff94917590 RBP: dffffc0000000000 R08: 0000000000000004 R09: ffffffff94917404 R10: 0000000000000130 R11: 0000000000000002 R12: 0000000000000130 R13: ffff88801fbb0c30 R14: 0000000000000010 R15: ffff88801fc6a158 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30b28000 CR3: 00000000293ea000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 02 00 add (%rax),%al 2: 00 e8 add %ch,%al 4: 2b 96 9a fc 48 8b sub -0x74b70366(%rsi),%edx a: 44 24 30 rex.R and $0x30,%al d: 80 38 00 cmpb $0x0,(%rax) 10: 0f 85 21 04 00 00 jne 0x437 16: 4d 03 a5 a0 03 00 00 add 0x3a0(%r13),%r12 1d: 4c 89 e0 mov %r12,%rax 20: 4c 89 e2 mov %r12,%rdx 23: 48 c1 e8 03 shr $0x3,%rax 27: 83 e2 07 and $0x7,%edx * 2a: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax <-- trapping instruction 2e: 38 d0 cmp %dl,%al 30: 7f 08 jg 0x3a 32: 84 c0 test %al,%al 34: 0f 85 af 03 00 00 jne 0x3e9 3a: 48 8b 44 24 18 mov 0x18(%rsp),%rax 3f: 41 rex.B