general protection fault, probably for non-canonical address 0xdffffc000000044c: 0000 [#1] PREEMPT SMP KASAN KASAN: probably user-memory-access in range [0x0000000000002260-0x0000000000002267] CPU: 0 PID: 14770 Comm: kworker/u4:10 Not tainted 6.5.0-rc2-syzkaller-00046-gccff6d117d8d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 Workqueue: events_unbound flush_to_ldisc RIP: 0010:n_tty_receive_buf_common+0x697/0x15e0 drivers/tty/n_tty.c:1689 Code: 24 31 ff 48 8b 98 38 04 00 00 48 c1 eb 14 83 e3 01 89 de e8 fb cc f8 fc 84 db 0f 85 11 07 00 00 e8 be d1 f8 fc 48 8b 44 24 78 <80> 38 00 0f 85 d3 0c 00 00 48 8b 44 24 10 48 8b a8 60 22 00 00 48 RSP: 0018:ffffc90004897b08 EFLAGS: 00010293 RAX: dffffc000000044c RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88802fc09dc0 RSI: ffffffff848d9ef2 RDI: dffffc000000044c RBP: 000000000000000d R08: 0000000000000001 R09: ffffed10084a5050 R10: ffff888042528287 R11: 0000000000000000 R12: ffffffff848dae40 R13: 0000000000000000 R14: ffffffff8d4a7e60 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f31ae744d58 CR3: 0000000043ca7000 CR4: 00000000003506f0 Call Trace: tty_ldisc_receive_buf+0xa0/0x180 drivers/tty/tty_buffer.c:457 tty_port_default_receive_buf+0x6f/0xa0 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x252/0x7c0 drivers/tty/tty_buffer.c:565 process_one_work+0xaa2/0x16f0 kernel/workqueue.c:2597 worker_thread+0x687/0x1110 kernel/workqueue.c:2748 kthread+0x33a/0x430 kernel/kthread.c:389 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:296 RIP: 0000:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:n_tty_receive_buf_common+0x697/0x15e0 drivers/tty/n_tty.c:1689 Code: 24 31 ff 48 8b 98 38 04 00 00 48 c1 eb 14 83 e3 01 89 de e8 fb cc f8 fc 84 db 0f 85 11 07 00 00 e8 be d1 f8 fc 48 8b 44 24 78 <80> 38 00 0f 85 d3 0c 00 00 48 8b 44 24 10 48 8b a8 60 22 00 00 48 RSP: 0018:ffffc90004897b08 EFLAGS: 00010293 RAX: dffffc000000044c RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88802fc09dc0 RSI: ffffffff848d9ef2 RDI: dffffc000000044c RBP: 000000000000000d R08: 0000000000000001 R09: ffffed10084a5050 R10: ffff888042528287 R11: 0000000000000000 R12: ffffffff848dae40 R13: 0000000000000000 R14: ffffffff8d4a7e60 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f31adcc24c0 CR3: 000000002c053000 CR4: 00000000003506f0 ---------------- Code disassembly (best guess): 0: 24 31 and $0x31,%al 2: ff 48 8b decl -0x75(%rax) 5: 98 cwtl 6: 38 04 00 cmp %al,(%rax,%rax,1) 9: 00 48 c1 add %cl,-0x3f(%rax) c: eb 14 jmp 0x22 e: 83 e3 01 and $0x1,%ebx 11: 89 de mov %ebx,%esi 13: e8 fb cc f8 fc call 0xfcf8cd13 18: 84 db test %bl,%bl 1a: 0f 85 11 07 00 00 jne 0x731 20: e8 be d1 f8 fc call 0xfcf8d1e3 25: 48 8b 44 24 78 mov 0x78(%rsp),%rax * 2a: 80 38 00 cmpb $0x0,(%rax) <-- trapping instruction 2d: 0f 85 d3 0c 00 00 jne 0xd06 33: 48 8b 44 24 10 mov 0x10(%rsp),%rax 38: 48 8b a8 60 22 00 00 mov 0x2260(%rax),%rbp 3f: 48 rex.W