bisecting fixing commit since 53bd76690e27f37c9df221a651a52cea04214da9
building syzkaller on 6c236867ce33c0c16b102e02a08226d7eb9b2046
testing commit 53bd76690e27f37c9df221a651a52cea04214da9
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: a507013432b4afe395df54ff7b6c55f6b674012907918aa939dcfdcc0a5cf3bf
all runs: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
testing current HEAD e23d55af0e1fca9be5c99f0c37d48b289f4d6489
testing commit e23d55af0e1fca9be5c99f0c37d48b289f4d6489
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 3cc80f63154d7e139111daf9a263052a54ecc5ed7f3797320e25f4dd6256df6c
all runs: crashed: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
revisions tested: 2, total time: 26m14.633695338s (build: 19m1.552589438s, test: 6m51.738890025s)
the crash still happens on HEAD
commit msg: Linux 4.19.205
crash: BUG: unable to handle kernel paging request in tpg_fill_plane_buffer
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: unable to handle kernel paging request at ffffc900085fc000
PGD 13be40067 P4D 13be40067 PUD 23b831067 PMD b3f76067 PTE 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 11841 Comm: vivid-002-vid-c Not tainted 4.19.205-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:55
Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff88807f1977e0 EFLAGS: 00010246
RAX: ffffc900085fbfe0 RBX: 0000000000000280 RCX: 0000000000000260
RDX: 0000000000000280 RSI: ffffc900026d3020 RDI: ffffc900085fc000
RBP: ffff88807f197800 R08: fffff520010bf84c R09: fffff520010bf84c
R10: fffff520010bf84b R11: ffffc900085fc25f R12: ffffc900085fbfe0
R13: ffffc900026d3000 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900085fc000 CR3: 00000000b2a8b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 memcpy include/linux/string.h:377 [inline]
 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2365 [inline]
 tpg_fill_plane_buffer+0xb25/0x3270 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2446
 vivid_fillbuff+0x178c/0x75e0 drivers/media/platform/vivid/vivid-kthread-cap.c:473
 vivid_thread_vid_cap_tick drivers/media/platform/vivid/vivid-kthread-cap.c:707 [inline]
 vivid_thread_vid_cap drivers/media/platform/vivid/vivid-kthread-cap.c:809 [inline]
 vivid_thread_vid_cap+0x808/0x1f80 drivers/media/platform/vivid/vivid-kthread-cap.c:740
 kthread+0x347/0x410 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Modules linked in:
CR2: ffffc900085fc000
---[ end trace 3923d7c599bde24e ]---
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:55
Code: 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
RSP: 0018:ffff88807f1977e0 EFLAGS: 00010246
RAX: ffffc900085fbfe0 RBX: 0000000000000280 RCX: 0000000000000260
RDX: 0000000000000280 RSI: ffffc900026d3020 RDI: ffffc900085fc000
RBP: ffff88807f197800 R08: fffff520010bf84c R09: fffff520010bf84c
R10: fffff520010bf84b R11: ffffc900085fc25f R12: ffffc900085fbfe0
R13: ffffc900026d3000 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900085fc000 CR3: 00000000b2a8b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	eb 1e                	jmp    0x24
   6:	0f 1f 00             	nopl   (%rax)
   9:	48 89 f8             	mov    %rdi,%rax
   c:	48 89 d1             	mov    %rdx,%rcx
   f:	48 c1 e9 03          	shr    $0x3,%rcx
  13:	83 e2 07             	and    $0x7,%edx
  16:	f3 48 a5             	rep movsq %ds:(%rsi),%es:(%rdi)
  19:	89 d1                	mov    %edx,%ecx
  1b:	f3 a4                	rep movsb %ds:(%rsi),%es:(%rdi)
  1d:	c3                   	retq
  1e:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  24:	48 89 f8             	mov    %rdi,%rax
  27:	48 89 d1             	mov    %rdx,%rcx
* 2a:	f3 a4                	rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
  2c:	c3                   	retq
  2d:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  34:	48 89 f8             	mov    %rdi,%rax
  37:	48 83 fa 20          	cmp    $0x20,%rdx
  3b:	72 7e                	jb     0xbb
  3d:	40 38 fe             	cmp    %dil,%sil