bisecting fixing commit since 46cf053efec6a3a5f343fead837777efe8252a46
building syzkaller on be5c2c81971442d623dd1b265dabf4644ceeb35b
testing commit 46cf053efec6a3a5f343fead837777efe8252a46 with gcc (GCC) 8.1.0
kernel signature: 787007bcf55c9e43a4d548ec35e78a69d7360774b1ad62d170c1aa05d84094f9
all runs: crashed: KASAN: global-out-of-bounds Read in precalculate_color
testing current HEAD ae46d2aa6a7fbe8ca0946f24b061b6ccdc6c3f25
testing commit ae46d2aa6a7fbe8ca0946f24b061b6ccdc6c3f25 with gcc (GCC) 8.1.0
kernel signature: 85d8d8a6b749e1c2cbad0573e5fe60ad59dd334fec4795001a662f123a0a053b
all runs: crashed: KASAN: global-out-of-bounds Read in precalculate_color
revisions tested: 2, total time: 19m26.269327937s (build: 12m1.415404363s, test: 6m31.168700367s)
the crash still happens on HEAD
commit msg: mm/gup: Let __get_user_pages_locked() return -EINTR for fatal signal
crash: KASAN: global-out-of-bounds Read in precalculate_color
==================================================================
BUG: KASAN: global-out-of-bounds in precalculate_color+0x1d50/0x22f0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:942
Read of size 1 at addr ffffffff882d4359 by task vivid-000-vid-c/7997

CPU: 0 PID: 7997 Comm: vivid-000-vid-c Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x12d/0x187 lib/dump_stack.c:118
 print_address_description.constprop.8.cold.10+0x58/0x31d mm/kasan/report.c:382
 __kasan_report.cold.11+0x37/0x4e mm/kasan/report.c:511
 kasan_report+0x38/0x50 mm/kasan/common.c:625
 __asan_report_load1_noabort+0x14/0x20 mm/kasan/generic_report.c:143
 precalculate_color+0x1d50/0x22f0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:942
 tpg_precalculate_colors drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:1093 [inline]
 tpg_recalc+0x3fc/0x2460 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2118
 tpg_calc_text_basep+0x97/0x2a0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2136
 vivid_fillbuff+0x1856/0x41c0 drivers/media/platform/vivid/vivid-kthread-cap.c:466
 vivid_thread_vid_cap_tick+0xb33/0x1e10 drivers/media/platform/vivid/vivid-kthread-cap.c:727
 vivid_thread_vid_cap+0x50f/0x9e0 drivers/media/platform/vivid/vivid-kthread-cap.c:866
 kthread+0x354/0x420 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

The buggy address belongs to the variable:
 rc_dev_rw_protocol_attr_grp+0x119/0x8a0

Memory state around the buggy address:
 ffffffff882d4200: 00 fa fa fa fa fa fa fa 00 00 00 00 00 fa fa fa
 ffffffff882d4280: fa fa fa fa 00 00 03 fa fa fa fa fa 00 06 fa fa
>ffffffff882d4300: fa fa fa fa 00 04 fa fa fa fa fa fa 07 fa fa fa
                                                    ^
 ffffffff882d4380: fa fa fa fa 00 00 01 fa fa fa fa fa 00 02 fa fa
 ffffffff882d4400: fa fa fa fa 06 fa fa fa fa fa fa fa 00 fa fa fa
==================================================================