syzbot

Oops: general protection fault, probably for non-canonical address 0xdffffc000000044c: 0000 [#1] SMP KASAN PTI
KASAN: probably user-memory-access in range [0x0000000000002260-0x0000000000002267]
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: events_unbound flush_to_ldisc
RIP: 0010:n_tty_receive_buf_common+0x166/0x12f0 drivers/tty/n_tty.c:1702
Code: e9 03 48 89 8c 24 a0 00 00 00 48 81 c3 e8 03 00 00 31 ed 4c 89 7c 24 38 48 89 5c 24 70 48 89 6c 24 28 48 8b 84 24 08 01 00 00 <42> 80 3c 28 00 74 0d 48 8b bc 24 f8 00 00 00 e8 46 73 20 fd 4c 89
RSP: 0018:ffffc90000127850 EFLAGS: 00010246
RAX: 000000000000044c RBX: ffff888040b4e3e8 RCX: 000000000000000b
RDX: 1ffff11008169c6a RSI: 000000000000000b RDI: ffff888040b4e5c8
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000024ef8 R12: ffff888031f1bde0
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888040b4e6a0
FS:  0000000000000000(0000) GS:ffff888126bc9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000028e030 CR3: 0000000036dd2000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
 receive_buf drivers/tty/tty_buffer.c:445 [inline]
 flush_to_ldisc+0x24a/0x6e0 drivers/tty/tty_buffer.c:495
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:n_tty_receive_buf_common+0x166/0x12f0 drivers/tty/n_tty.c:1702
Code: e9 03 48 89 8c 24 a0 00 00 00 48 81 c3 e8 03 00 00 31 ed 4c 89 7c 24 38 48 89 5c 24 70 48 89 6c 24 28 48 8b 84 24 08 01 00 00 <42> 80 3c 28 00 74 0d 48 8b bc 24 f8 00 00 00 e8 46 73 20 fd 4c 89
RSP: 0018:ffffc90000127850 EFLAGS: 00010246
RAX: 000000000000044c RBX: ffff888040b4e3e8 RCX: 000000000000000b
RDX: 1ffff11008169c6a RSI: 000000000000000b RDI: ffff888040b4e5c8
RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000024ef8 R12: ffff888031f1bde0
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888040b4e6a0
FS:  0000000000000000(0000) GS:ffff888126bc9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb6571f9d58 CR3: 0000000023058000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e9 03 48 89 8c       	jmp    0x8c894808
   5:	24 a0                	and    $0xa0,%al
   7:	00 00                	add    %al,(%rax)
   9:	00 48 81             	add    %cl,-0x7f(%rax)
   c:	c3                   	ret
   d:	e8 03 00 00 31       	call   0x31000015
  12:	ed                   	in     (%dx),%eax
  13:	4c 89 7c 24 38       	mov    %r15,0x38(%rsp)
  18:	48 89 5c 24 70       	mov    %rbx,0x70(%rsp)
  1d:	48 89 6c 24 28       	mov    %rbp,0x28(%rsp)
  22:	48 8b 84 24 08 01 00 	mov    0x108(%rsp),%rax
  29:	00
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 0d                	je     0x3e
  31:	48 8b bc 24 f8 00 00 	mov    0xf8(%rsp),%rdi
  38:	00
  39:	e8 46 73 20 fd       	call   0xfd207384
  3e:	4c                   	rex.WR
  3f:	89                   	.byte 0x89