general protection fault, probably for non-canonical address 0xdffffc000000013d: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000009e8-0x00000000000009ef] CPU: 1 PID: 5137 Comm: kworker/1:5 Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: pm pm_runtime_work RIP: 0010:serial8250_tx_chars+0x3c7/0x8b0 drivers/tty/serial/8250/8250_port.c:1799 Code: 02 00 00 e8 bb 8c 93 fc 48 8b 44 24 30 80 38 00 0f 85 21 04 00 00 4d 03 a5 a0 03 00 00 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08 84 c0 0f 85 af 03 00 00 48 8b 44 24 18 41 RSP: 0000:ffffc900037bfa18 EFLAGS: 00010002 RAX: 000000000000013d RBX: ffffffff9494a3e0 RCX: ffffffff9494a68c RDX: 0000000000000007 RSI: ffffffff84fa3595 RDI: ffffffff9494a690 RBP: dffffc0000000000 R08: 0000000000000004 R09: ffffffff9494a504 R10: 00000000000009ef R11: 0000000000000002 R12: 00000000000009ef R13: ffff88801f5b0c30 R14: 0000000000000010 R15: ffff88801f62b158 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000059ad6000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __start_tx+0x3e9/0x4a0 drivers/tty/serial/8250/8250_port.c:1534 serial8250_start_tx+0x363/0x530 drivers/tty/serial/8250/8250_port.c:1643 serial_port_runtime_suspend+0x27c/0x350 drivers/tty/serial/serial_port.c:65 __rpm_callback+0xc5/0x4c0 drivers/base/power/runtime.c:394 rpm_callback+0x192/0x1d0 drivers/base/power/runtime.c:448 rpm_suspend+0x2e7/0x1200 drivers/base/power/runtime.c:672 pm_runtime_work+0x134/0x150 drivers/base/power/runtime.c:976 process_one_work+0x9a9/0x1ac0 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:serial8250_tx_chars+0x3c7/0x8b0 drivers/tty/serial/8250/8250_port.c:1799 Code: 02 00 00 e8 bb 8c 93 fc 48 8b 44 24 30 80 38 00 0f 85 21 04 00 00 4d 03 a5 a0 03 00 00 4c 89 e0 4c 89 e2 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08 84 c0 0f 85 af 03 00 00 48 8b 44 24 18 41 RSP: 0000:ffffc900037bfa18 EFLAGS: 00010002 RAX: 000000000000013d RBX: ffffffff9494a3e0 RCX: ffffffff9494a68c RDX: 0000000000000007 RSI: ffffffff84fa3595 RDI: ffffffff9494a690 RBP: dffffc0000000000 R08: 0000000000000004 R09: ffffffff9494a504 R10: 00000000000009ef R11: 0000000000000002 R12: 00000000000009ef R13: ffff88801f5b0c30 R14: 0000000000000010 R15: ffff88801f62b158 FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000059ad6000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 02 00 add (%rax),%al 2: 00 e8 add %ch,%al 4: bb 8c 93 fc 48 mov $0x48fc938c,%ebx 9: 8b 44 24 30 mov 0x30(%rsp),%eax d: 80 38 00 cmpb $0x0,(%rax) 10: 0f 85 21 04 00 00 jne 0x437 16: 4d 03 a5 a0 03 00 00 add 0x3a0(%r13),%r12 1d: 4c 89 e0 mov %r12,%rax 20: 4c 89 e2 mov %r12,%rdx 23: 48 c1 e8 03 shr $0x3,%rax 27: 83 e2 07 and $0x7,%edx * 2a: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax <-- trapping instruction 2e: 38 d0 cmp %dl,%al 30: 7f 08 jg 0x3a 32: 84 c0 test %al,%al 34: 0f 85 af 03 00 00 jne 0x3e9 3a: 48 8b 44 24 18 mov 0x18(%rsp),%rax 3f: 41 rex.B