bisecting fixing commit since 53bd76690e27f37c9df221a651a52cea04214da9
building syzkaller on 6c236867ce33c0c16b102e02a08226d7eb9b2046
testing commit 53bd76690e27f37c9df221a651a52cea04214da9
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 71e618e736f5a6d633b97a250ae6582e3d32539588fb55e8dd497dc78cccc360
all runs: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
testing current HEAD c2276d585654e8d573366c29c565043ec36adf63
testing commit c2276d585654e8d573366c29c565043ec36adf63
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 24fb108b3dd46aeb4c5f56eb10c341c630c8c16d8c29293cc3253bfdc1fe4275
all runs: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
revisions tested: 2, total time: 32m1.29087269s (build: 24m10.358276742s, test: 7m11.852754714s)
the crash still happens on HEAD
commit msg: Linux 4.19.208
crash: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: unable to handle kernel paging request at ffffc90006c86000
PGD 13be40067 P4D 13be40067 PUD 23b831067 PMD b52ab067 PTE 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 14253 Comm: vivid-002-vid-c Not tainted 4.19.208-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:55
Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff88807f7d77e0 EFLAGS: 00010246
RAX: ffffc90006c85fe0 RBX: 0000000000000080 RCX: 0000000000000060
RDX: 0000000000000080 RSI: ffffc900026d3020 RDI: ffffc90006c86000
RBP: ffff88807f7d7800 R08: fffff52000d90c0c R09: fffff52000d90bfc
R10: fffff52000d90c0b R11: ffffc90006c8605f R12: ffffc90006c85fe0
R13: ffffc900026d3000 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90006c86000 CR3: 000000009591c000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 memcpy include/linux/string.h:377 [inline]
 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2365 [inline]
 tpg_fill_plane_buffer+0xb25/0x3270 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2446
 vivid_fillbuff+0x178c/0x75e0 drivers/media/platform/vivid/vivid-kthread-cap.c:473
 vivid_thread_vid_cap_tick drivers/media/platform/vivid/vivid-kthread-cap.c:707 [inline]
 vivid_thread_vid_cap drivers/media/platform/vivid/vivid-kthread-cap.c:809 [inline]
 vivid_thread_vid_cap+0x808/0x1f80 drivers/media/platform/vivid/vivid-kthread-cap.c:740
 kthread+0x347/0x410 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Modules linked in:
CR2: ffffc90006c86000
---[ end trace 1fa0513b6c5a7192 ]---
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:55
Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff88807f7d77e0 EFLAGS: 00010246
RAX: ffffc90006c85fe0 RBX: 0000000000000080 RCX: 0000000000000060
RDX: 0000000000000080 RSI: ffffc900026d3020 RDI: ffffc90006c86000
RBP: ffff88807f7d7800 R08: fffff52000d90c0c R09: fffff52000d90bfc
R10: fffff52000d90c0b R11: ffffc90006c8605f R12: ffffc90006c85fe0
R13: ffffc900026d3000 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90006c86000 CR3: 000000009591c000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	eb 1e                	jmp    0x24
   6:	0f 1f 00             	nopl   (%rax)
   9:	48 89 f8             	mov    %rdi,%rax
   c:	48 89 d1             	mov    %rdx,%rcx
   f:	48 c1 e9 03          	shr    $0x3,%rcx
  13:	83 e2 07             	and    $0x7,%edx
  16:	f3 48 a5             	rep movsq %ds:(%rsi),%es:(%rdi)
  19:	89 d1                	mov    %edx,%ecx
  1b:	f3 a4                	rep movsb %ds:(%rsi),%es:(%rdi)
  1d:	c3                   	retq
  1e:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  24:	48 89 f8             	mov    %rdi,%rax
  27:	48 89 d1             	mov    %rdx,%rcx
* 2a:	f3 a4                	rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
  2c:	c3                   	retq
  2d:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  34:	48 89 f8             	mov    %rdi,%rax
  37:	48 83 fa 20          	cmp    $0x20,%rdx
  3b:	72 7e                	jb     0xbb
  3d:	40 38 fe             	cmp    %dil,%sil