BUG: unable to handle page fault for address: ffffc9000368d000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 12400067 P4D 12400067 PUD 16621067 PMD 1cc4c067 PTE 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 24753 Comm: vivid-000-vid-c Not tainted 6.3.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
RIP: 0010:memcpy_erms+0xa/0x10 arch/x86/lib/memcpy_64.S:56
Code: f3 0f 1e fa eb 1a 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 90 66 0f 1f 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 00 66 0f 1f 00 48 89 f8 48 83 fa 20 0f 82 86 00 00
RSP: 0018:ffffc900036df910 EFLAGS: 00010293
RAX: ffffc9000368cea0 RBX: ffffc900075b9000 RCX: 0000000000000008
RDX: 0000000000000168 RSI: ffffc900075b9160 RDI: ffffc9000368d000
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc900075b9000 R14: ffff888022f17b00 R15: 0000000000000168
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000368d000 CR3: 000000000c571000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2582 [inline]
tpg_fill_plane_buffer+0x1afe/0x3e00 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2670
vivid_fillbuff+0x1aa8/0x41f0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470
vivid_thread_vid_cap_tick+0x832/0x2370 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:729
vivid_thread_vid_cap+0x631/0xc30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:872
kthread+0x2e8/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Modules linked in:
CR2: ffffc9000368d000
---[ end trace 0000000000000000 ]---
RIP: 0010:memcpy_erms+0xa/0x10 arch/x86/lib/memcpy_64.S:56
Code: f3 0f 1e fa eb 1a 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 90 66 0f 1f 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 00 66 0f 1f 00 48 89 f8 48 83 fa 20 0f 82 86 00 00
RSP: 0018:ffffc900036df910 EFLAGS: 00010293
RAX: ffffc9000368cea0 RBX: ffffc900075b9000 RCX: 0000000000000008
RDX: 0000000000000168 RSI: ffffc900075b9160 RDI: ffffc9000368d000
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc900075b9000 R14: ffff888022f17b00 R15: 0000000000000168
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000368d000 CR3: 000000000c571000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: f3 0f 1e fa endbr64
4: eb 1a jmp 0x20
6: 0f 1f 00 nopl (%rax)
9: 48 89 f8 mov %rdi,%rax
c: 48 89 d1 mov %rdx,%rcx
f: 48 c1 e9 03 shr $0x3,%rcx
13: 83 e2 07 and $0x7,%edx
16: f3 48 a5 rep movsq %ds:(%rsi),%es:(%rdi)
19: 89 d1 mov %edx,%ecx
1b: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi)
1d: c3 retq
1e: 66 90 xchg %ax,%ax
20: 66 0f 1f 00 nopw (%rax)
24: 48 89 f8 mov %rdi,%rax
27: 48 89 d1 mov %rdx,%rcx
* 2a: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
2c: c3 retq
2d: 0f 1f 00 nopl (%rax)
30: 66 0f 1f 00 nopw (%rax)
34: 48 89 f8 mov %rdi,%rax
37: 48 83 fa 20 cmp $0x20,%rdx
3b: 0f .byte 0xf
3c: 82 (bad)
3d: 86 00 xchg %al,(%rax)