BUG: unable to handle kernel paging request in vga16fb

BUG: unable to handle kernel paging request in vga16fb_imageblit (2)
Status: upstream: reported on 2020/05/08 07:07
Reported-by: syzbot+1f29e126cf461c4de3b3@syzkaller.appspotmail.com
First crash: 170d, last: 9d21h

similar bugs (3):
Kernel	Title	Count	Last	Reported	Patched	Status
linux-4.19	BUG: unable to handle kernel paging request in vga16fb_imageblit	4	202d	298d	0/1	auto-closed as invalid on 2020/07/31 03:49
upstream	BUG: unable to handle kernel paging request in vga16fb_imageblit	1	300d	299d	0/17	auto-closed as invalid on 2020/04/23 17:11
linux-4.14	BUG: unable to handle kernel paging request in vga16fb_imageblit	3	23d	188d	0/1	upstream: reported on 2020/04/16 00:46

Sample crash report:

BUG: unable to handle page fault for address: ffff888001000028
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD e201067 P4D e201067 PUD e202067 PMD 80000000010001e1 
Oops: 0003 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12747 Comm: syz-executor.4 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1176 [inline]
RIP: 0010:vga16fb_imageblit+0xbe9/0x2210 drivers/video/fbdev/vga16fb.c:1260
Code: 83 c5 01 48 89 f8 48 89 f9 48 83 c3 01 48 c1 e8 03 83 e1 07 42 0f b6 04 20 38 c8 7f 08 84 c0 0f 85 27 0f 00 00 41 0f b6 45 ff <88> 02 44 89 f6 31 ff 44 29 ee e8 88 37 86 fd 49 39 ed 75 b6 4c 89
RSP: 0018:ffffc90008def7e8 EFLAGS: 00010246
RAX: 0000000000000018 RBX: ffff888001000029 RCX: 0000000000000000
RDX: ffff888001000028 RSI: ffffffff83f003a8 RDI: ffff8880a2e78e60
RBP: ffff8880a2e78e62 R08: 0000000000001872 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880a2e78e61 R14: 00000000a2e78e62 R15: 0000000000000008
FS:  00007f09d62a3700(0000) GS:ffff8880ae400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000028 CR3: 0000000010e76000 CR4: 00000000001526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 bit_putcs_unaligned drivers/video/fbdev/core/bitblit.c:139 [inline]
 bit_putcs+0x6e1/0xd20 drivers/video/fbdev/core/bitblit.c:188
 fbcon_putcs+0x35a/0x450 drivers/video/fbdev/core/fbcon.c:1308
 con_flush drivers/tty/vt/vt.c:2575 [inline]
 vc_con_write_normal drivers/tty/vt/vt.c:2803 [inline]
 do_con_write+0xfab/0x1dd0 drivers/tty/vt/vt.c:2910
 con_write+0x22/0xb0 drivers/tty/vt/vt.c:3250
 process_output_block drivers/tty/n_tty.c:595 [inline]
 n_tty_write+0x3ce/0xf80 drivers/tty/n_tty.c:2333
 do_tty_write drivers/tty/tty_io.c:962 [inline]
 tty_write+0x4d9/0x870 drivers/tty/tty_io.c:1046
 vfs_write+0x2b0/0x730 fs/read_write.c:584
 ksys_write+0x12d/0x250 fs/read_write.c:639
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45de29
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f09d62a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000003a600 RCX: 000000000045de29
RDX: 0000000000001006 RSI: 0000000020001440 RDI: 0000000000000004
RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffcf47e152f R14: 00007f09d62a39c0 R15: 000000000118bf2c
Modules linked in:
CR2: ffff888001000028
---[ end trace dfcc33bc848676de ]---
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1176 [inline]
RIP: 0010:vga16fb_imageblit+0xbe9/0x2210 drivers/video/fbdev/vga16fb.c:1260
Code: 83 c5 01 48 89 f8 48 89 f9 48 83 c3 01 48 c1 e8 03 83 e1 07 42 0f b6 04 20 38 c8 7f 08 84 c0 0f 85 27 0f 00 00 41 0f b6 45 ff <88> 02 44 89 f6 31 ff 44 29 ee e8 88 37 86 fd 49 39 ed 75 b6 4c 89
RSP: 0018:ffffc90008def7e8 EFLAGS: 00010246
RAX: 0000000000000018 RBX: ffff888001000029 RCX: 0000000000000000
RDX: ffff888001000028 RSI: ffffffff83f003a8 RDI: ffff8880a2e78e60
RBP: ffff8880a2e78e62 R08: 0000000000001872 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880a2e78e61 R14: 00000000a2e78e62 R15: 0000000000000008
FS:  00007f09d62a3700(0000) GS:ffff8880ae400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000028 CR3: 0000000010e76000 CR4: 00000000001526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (13):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Maintainers
ci-upstream-kasan-gce-selinux-root	2020/10/07 01:56	upstream	c85fb28b	1880b4a9	.config	log	report	info	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, gregkh@linuxfoundation.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org, penguin-kernel@i-love.sakura.ne.jp
ci-upstream-kasan-gce-smack-root	2020/10/02 18:04	upstream	472e5b05	4969d6ca	.config	log	report	info	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, gregkh@linuxfoundation.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org, penguin-kernel@i-love.sakura.ne.jp
ci-upstream-kasan-gce-selinux-root	2020/09/30 07:08	upstream	ccc1d052	5abc3f1a	.config	log	report	info	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, gregkh@linuxfoundation.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org, penguin-kernel@i-love.sakura.ne.jp
ci-upstream-kasan-gce-smack-root	2020/07/28 21:21	upstream	92ed3019	cb93dc6a	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-selinux-root	2020/07/06 18:16	upstream	7cc2a8ea	51095195	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/07/03 06:50	upstream	cd77006e	bed10395	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/28 01:53	upstream	1590a2e1	ffec44b5	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/27 23:32	upstream	1590a2e1	ffec44b5	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/27 20:09	upstream	1590a2e1	ffec44b5	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce	2020/06/24 11:38	upstream	7ae77150	54566aff	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-root	2020/05/04 01:37	upstream	262f7a6b	58ae5e18	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org
ci-upstream-kasan-gce-386	2020/10/11 12:54	upstream	da690031	4a77ae0b	.config	log	report	info	b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, gregkh@linuxfoundation.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org, penguin-kernel@i-love.sakura.ne.jp
ci-upstream-linux-next-kasan-gce-root	2020/07/07 01:48	linux-next	9e50b94b	51095195	.config	log	report		b.zolnierkie@samsung.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, jani.nikula@intel.com, linux-fbdev@vger.kernel.org, linux-kernel@vger.kernel.org