Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 3 UID: 0 PID: 9836 Comm: syz.2.1167 Not tainted 6.13.0-syzkaller-08291-g805ba04cb7cc #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:fb_videomode_to_var+0x28/0x610 drivers/video/fbdev/core/modedb.c:905
Code: 90 90 f3 0f 1e fa 41 54 55 48 89 f5 53 48 89 fb e8 cd a6 b7 fc 48 8d 7d 0c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 c1
RSP: 0018:ffffc900062b77f0 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: ffffc900062b78b0 RCX: ffffc90026061000
RDX: 0000000000000001 RSI: ffffffff85013493 RDI: 000000000000000c
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: ffffc900062b78b0 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff888045775800 R14: 0000000000000003 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88802b700000(0063) knlGS:00000000f5076b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f7358754 CR3: 0000000048126000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:924
 fbcon_switch+0x437/0x14f0 drivers/video/fbdev/core/fbcon.c:2117
 redraw_screen+0x2bf/0x760 drivers/tty/vt/vt.c:957
 vc_do_resize+0xe7d/0x10f0 drivers/tty/vt/vt.c:1272
 vt_ioctl+0x2b63/0x2fd0 drivers/tty/vt/vt_ioctl.c:926
 vt_compat_ioctl+0x239/0x4e0 drivers/tty/vt/vt_ioctl.c:1108
 tty_compat_ioctl+0x2ee/0x4d0 drivers/tty/tty_io.c:2981
 __do_compat_sys_ioctl+0x1cb/0x2c0 fs/ioctl.c:1004
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f507655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000005609
RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:fb_videomode_to_var+0x28/0x610 drivers/video/fbdev/core/modedb.c:905
Code: 90 90 f3 0f 1e fa 41 54 55 48 89 f5 53 48 89 fb e8 cd a6 b7 fc 48 8d 7d 0c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 c1
RSP: 0018:ffffc900062b77f0 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: ffffc900062b78b0 RCX: ffffc90026061000
RDX: 0000000000000001 RSI: ffffffff85013493 RDI: 000000000000000c
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: ffffc900062b78b0 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff888045775800 R14: 0000000000000003 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88802b700000(0063) knlGS:00000000f5076b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f7358754 CR3: 0000000048126000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	f3 0f 1e fa          	endbr64
   6:	41 54                	push   %r12
   8:	55                   	push   %rbp
   9:	48 89 f5             	mov    %rsi,%rbp
   c:	53                   	push   %rbx
   d:	48 89 fb             	mov    %rdi,%rbx
  10:	e8 cd a6 b7 fc       	call   0xfcb7a6e2
  15:	48 8d 7d 0c          	lea    0xc(%rbp),%rdi
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 14 02          	movzbl (%rdx,%rax,1),%edx <-- trapping instruction
  2e:	48 89 f8             	mov    %rdi,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 03             	add    $0x3,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 08                	jl     0x43
  3b:	84 d2                	test   %dl,%dl
  3d:	0f                   	.byte 0xf
  3e:	85 c1                	test   %eax,%ecx