BUG: unable to handle kernel paging request in vga16fb

BUG: unable to handle kernel paging request in vga16fb_imageblit (2)
Status: upstream: reported on 2020/05/08 07:07
Reported-by: syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com
First crash: 346d, last: 14d

similar bugs (4):
Kernel	Title	Count	Last	Reported	Patched	Status
linux-4.19	BUG: unable to handle kernel paging request in vga16fb_imageblit	4	378d	474d	0/1	auto-closed as invalid on 2020/07/31 03:49
upstream	BUG: unable to handle kernel paging request in vga16fb_imageblit	1	476d	475d	0/22	auto-closed as invalid on 2020/04/23 17:11
linux-4.19	BUG: unable to handle kernel paging request in vga16fb_imageblit (2)	7	15d	164d	0/1	upstream: reported on 2020/11/01 15:15
linux-4.14	BUG: unable to handle kernel paging request in vga16fb_imageblit	7	84d	364d	0/1	upstream: reported on 2020/04/16 00:46

Sample crash report:

BUG: unable to handle page fault for address: ffff888001000000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD 10201067 P4D 10201067 PUD 10202067 PMD 80000000010001e1 
Oops: 0003 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 1 Comm: systemd Not tainted 5.12.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1176 [inline]
RIP: 0010:vga16fb_imageblit+0xbe9/0x2210 drivers/video/fbdev/vga16fb.c:1260
Code: 83 c5 01 48 89 f8 48 89 f9 48 83 c3 01 48 c1 e8 03 83 e1 07 42 0f b6 04 20 38 c8 7f 08 84 c0 0f 85 27 0f 00 00 41 0f b6 45 ff <88> 02 44 89 f6 31 ff 44 29 ee e8 18 c4 77 fd 49 39 ed 75 b6 4c 89
RSP: 0018:ffffc90000c67570 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888001000001 RCX: 0000000000000000
RDX: ffff888001000000 RSI: ffffffff83fc34a8 RDI: ffff888143454b00
RBP: ffff888143454b40 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff83fc34e8 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff888143454b01 R14: 0000000043454b40 R15: 0000000000000003
FS:  00007f868ddab500(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000000 CR3: 0000000022115000 CR4: 0000000000350ee0
Call Trace:
 bit_putcs_unaligned drivers/video/fbdev/core/bitblit.c:139 [inline]
 bit_putcs+0x6e1/0xd20 drivers/video/fbdev/core/bitblit.c:188
 fbcon_putcs+0x35a/0x450 drivers/video/fbdev/core/fbcon.c:1296
 do_update_region+0x399/0x630 drivers/tty/vt/vt.c:676
 redraw_screen+0x61f/0x740 drivers/tty/vt/vt.c:1035
 fbcon_blank+0x8c5/0xc30 drivers/video/fbdev/core/fbcon.c:2204
 do_unblank_screen+0x25b/0x470 drivers/tty/vt/vt.c:4405
 vt_kdsetmode drivers/tty/vt/vt_ioctl.c:276 [inline]
 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:381 [inline]
 vt_ioctl+0x1ab3/0x27f0 drivers/tty/vt/vt_ioctl.c:713
 tty_ioctl+0xed8/0x1710 drivers/tty/tty_io.c:2801
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl fs/ioctl.c:739 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f868c37a017
Code: 00 00 00 48 8b 05 81 7e 2b 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 7e 2b 00 f7 d8 64 89 01 48
RSP: 002b:00007ffc06c53118 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 00007f868c37a017
RDX: 0000000000000000 RSI: 0000000000004b3a RDI: 0000000000000013
RBP: 0000000000000001 R08: 00007ffc06c53110 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000001 R14: 0000000000000000 R15: 000055a8eb667ef0
Modules linked in:
CR2: ffff888001000000
---[ end trace bdf3bb7ccb1a18d9 ]---
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1176 [inline]
RIP: 0010:vga16fb_imageblit+0xbe9/0x2210 drivers/video/fbdev/vga16fb.c:1260
Code: 83 c5 01 48 89 f8 48 89 f9 48 83 c3 01 48 c1 e8 03 83 e1 07 42 0f b6 04 20 38 c8 7f 08 84 c0 0f 85 27 0f 00 00 41 0f b6 45 ff <88> 02 44 89 f6 31 ff 44 29 ee e8 18 c4 77 fd 49 39 ed 75 b6 4c 89
RSP: 0018:ffffc90000c67570 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888001000001 RCX: 0000000000000000
RDX: ffff888001000000 RSI: ffffffff83fc34a8 RDI: ffff888143454b00
RBP: ffff888143454b40 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff83fc34e8 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff888143454b01 R14: 0000000043454b40 R15: 0000000000000003
FS:  00007f868ddab500(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000000 CR3: 0000000022115000 CR4: 0000000000350ee0

Crashes (22):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-upstream-kasan-gce-root	2021/03/31 15:42	upstream	5e46d1b7	6a81331a	.config	log	report	info	BUG: unable to handle kernel paging request in vga16fb_imageblit
ci-upstream-kasan-gce-root	2021/03/10 12:08	upstream	144c79ef	26967e35	.config	log	report	info	BUG: unable to handle kernel paging request in vga16fb_imageblit
ci-upstream-kasan-gce-selinux-root	2021/01/10 02:36	upstream	996e435f	2c1f2513	.config	log	report	info
ci-upstream-kasan-gce-root	2020/11/20 06:23	upstream	3494d588	0767f13f	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/10/07 01:56	upstream	c85fb28b	1880b4a9	.config	log	report	info
ci-upstream-kasan-gce-smack-root	2020/10/02 18:04	upstream	472e5b05	4969d6ca	.config	log	report	info
ci-upstream-kasan-gce-selinux-root	2020/09/30 07:08	upstream	ccc1d052	5abc3f1a	.config	log	report	info
ci-upstream-kasan-gce-smack-root	2020/07/28 21:21	upstream	92ed3019	cb93dc6a	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/06 18:16	upstream	7cc2a8ea	51095195	.config	log	report
ci-upstream-kasan-gce	2020/07/03 06:50	upstream	cd77006e	bed10395	.config	log	report
ci-upstream-kasan-gce	2020/06/28 01:53	upstream	1590a2e1	ffec44b5	.config	log	report
ci-upstream-kasan-gce	2020/06/27 23:32	upstream	1590a2e1	ffec44b5	.config	log	report
ci-upstream-kasan-gce	2020/06/27 20:09	upstream	1590a2e1	ffec44b5	.config	log	report
ci-upstream-kasan-gce	2020/06/24 11:38	upstream	7ae77150	54566aff	.config	log	report
ci-upstream-kasan-gce-root	2020/05/04 01:37	upstream	262f7a6b	58ae5e18	.config	log	report
ci-upstream-kasan-gce-386	2020/12/01 15:02	upstream	b6505459	07bfe8a5	.config	log	report	info
ci-upstream-kasan-gce-386	2020/11/30 16:14	upstream	b6505459	78d50c1d	.config	log	report	info
ci-upstream-kasan-gce-386	2020/11/27 18:14	upstream	85a2c56c	486f93ef	.config	log	report	info
ci-upstream-kasan-gce-386	2020/11/24 05:33	upstream	d5beb314	1ab681a4	.config	log	report	info
ci-upstream-kasan-gce-386	2020/10/11 12:54	upstream	da690031	4a77ae0b	.config	log	report	info
ci-upstream-linux-next-kasan-gce-root	2020/12/19 11:42	linux-next	0d52778b	04201c06	.config	log	report	info
ci-upstream-linux-next-kasan-gce-root	2020/07/07 01:48	linux-next	9e50b94b	51095195	.config	log	report