BUG: unable to handle kernel paging request in vga16fb

BUG: unable to handle kernel paging request in vga16fb_imageblit (2)
Status: upstream: reported on 2020/05/08 07:07
Reported-by: syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com
First crash: 96d, last: 10d

similar bugs (3):
Kernel	Title	Count	Last	Reported	Patched	Status
linux-4.19	BUG: unable to handle kernel paging request in vga16fb_imageblit	4	128d	224d	0/1	auto-closed as invalid on 2020/07/31 03:49
upstream	BUG: unable to handle kernel paging request in vga16fb_imageblit	1	226d	224d	0/17	auto-closed as invalid on 2020/04/23 17:11
linux-4.14	BUG: unable to handle kernel paging request in vga16fb_imageblit	2	66d	114d	0/1	upstream: reported on 2020/04/16 00:46

Sample crash report:

BUG: unable to handle page fault for address: ffff8880fffe7000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD c401067 P4D c401067 PUD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 11939 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1168 [inline]
RIP: 0010:vga16fb_imageblit+0xbc2/0x1cd0 drivers/video/fbdev/vga16fb.c:1260
Code: 4b 89 e8 11 cb dc fd ff 15 c3 f0 74 05 48 8b 04 24 48 8d 58 14 48 89 d8 48 c1 e8 03 42 8a 04 28 84 c0 0f 85 6f 10 00 00 8a 03 <41> 88 06 0f ae e8 41 8a 06 b0 05 ba ce 03 00 00 ee 48 c7 c3 e8 c6
RSP: 0018:ffffc9000cb0f478 EFLAGS: 00010246
RAX: 1ffff92001961e00 RBX: ffffc9000cb0f664 RCX: 1ffff11043116e40
RDX: 00000000000003cf RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000007 R08: ffffffff83d6d3b6 R09: 0000000000000000
R10: 0000000000000002 R11: ffff888092ad6480 R12: ffff8880a34c4000
R13: dffffc0000000000 R14: ffff8880fffe7000 R15: 00000000fff47000
FS:  00007f1b12390700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880fffe7000 CR3: 0000000096cf2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 bit_putcs+0x17ac/0x1bf0 drivers/video/fbdev/core/bitblit.c:105
 fbcon_putcs+0x790/0xaf0 drivers/video/fbdev/core/fbcon.c:1362
 fbcon_redraw_move+0x1d2/0x260 drivers/video/fbdev/core/fbcon.c:1742
 ypan_down_redraw drivers/video/fbdev/core/fbcon.c:1607 [inline]
 fbcon_scroll+0x2076/0x6150 drivers/video/fbdev/core/fbcon.c:2057
 con_scroll+0x517/0x7b0 drivers/tty/vt/vt.c:637
 csi_L drivers/tty/vt/vt.c:2008 [inline]
 do_con_trol drivers/tty/vt/vt.c:2407 [inline]
 do_con_write+0x6dd4/0xf2d0 drivers/tty/vt/vt.c:2829
 con_write+0x20/0x40 drivers/tty/vt/vt.c:3165
 process_output_block drivers/tty/n_tty.c:595 [inline]
 n_tty_write+0xcbf/0x1170 drivers/tty/n_tty.c:2333
 do_tty_write drivers/tty/tty_io.c:962 [inline]
 tty_write+0x593/0x940 drivers/tty/tty_io.c:1046
 vfs_write+0x2dd/0xc70 fs/read_write.c:576
 ksys_write+0x11b/0x220 fs/read_write.c:631
 do_syscall_64+0x73/0xe0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45c369
Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f1b1238fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000037080 RCX: 000000000045c369
RDX: 0000000000001006 RSI: 0000000020001440 RDI: 0000000000000004
RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007ffd4582773f R14: 00007f1b123909c0 R15: 000000000078bf0c
Modules linked in:
CR2: ffff8880fffe7000
---[ end trace 5fef7d95b4e7ffb2 ]---
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1168 [inline]
RIP: 0010:vga16fb_imageblit+0xbc2/0x1cd0 drivers/video/fbdev/vga16fb.c:1260
Code: 4b 89 e8 11 cb dc fd ff 15 c3 f0 74 05 48 8b 04 24 48 8d 58 14 48 89 d8 48 c1 e8 03 42 8a 04 28 84 c0 0f 85 6f 10 00 00 8a 03 <41> 88 06 0f ae e8 41 8a 06 b0 05 ba ce 03 00 00 ee 48 c7 c3 e8 c6
RSP: 0018:ffffc9000cb0f478 EFLAGS: 00010246
RAX: 1ffff92001961e00 RBX: ffffc9000cb0f664 RCX: 1ffff11043116e40
RDX: 00000000000003cf RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000007 R08: ffffffff83d6d3b6 R09: 0000000000000000
R10: 0000000000000002 R11: ffff888092ad6480 R12: ffff8880a34c4000
R13: dffffc0000000000 R14: ffff8880fffe7000 R15: 00000000fff47000
FS:  00007f1b12390700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880fffe7000 CR3: 0000000096cf2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (9):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-upstream-kasan-gce-smack-root	2020/07/28 21:21	upstream	92ed3019	cb93dc6a	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/07/06 18:16	upstream	7cc2a8ea	51095195	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/07/03 06:50	upstream	cd77006e	bed10395	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/28 01:53	upstream	1590a2e1	ffec44b5	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/27 23:32	upstream	1590a2e1	ffec44b5	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/27 20:09	upstream	1590a2e1	ffec44b5	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/24 11:38	upstream	7ae77150	54566aff	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-root	2020/05/04 01:37	upstream	262f7a6b	58ae5e18	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-linux-next-kasan-gce-root	2020/07/07 01:48	linux-next	9e50b94b	51095195	.config	log	report	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org