bisecting fixing commit since cbfa1702aaf69b2311ea1b35e04f113c48368c67
building syzkaller on fa79ed2ae1c546ca48519cfcd80d43b51b502750
testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.4.1 20210217
kernel signature: 19f8ae31fc9fcc97c4a38e1988947bd3edcef1af3ad69f900ce90a5477973d01
all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit
testing current HEAD 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79
testing commit 3242aa3a635c0958671ee1e4b0958dcc7c4e5c79 with gcc (GCC) 8.4.1 20210217
kernel signature: c5eb1b1278691495b79ea25c25189094762155994d2058c01aa9a329cd274000
all runs: crashed: BUG: unable to handle kernel paging request in cfb_imageblit
revisions tested: 2, total time: 23m26.824148791s (build: 15m52.740415339s, test: 6m35.904355577s)
the crash still happens on HEAD
commit msg: Linux 4.14.222
crash: BUG: unable to handle kernel paging request in cfb_imageblit
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: unable to handle kernel paging request at ffff888001000000
IP: __writel arch/x86/include/asm/io.h:71 [inline]
IP: slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline]
IP: cfb_imageblit+0x741/0xec0 drivers/video/fbdev/core/cfbimgblt.c:302
PGD a548067 P4D a548067 PUD a549067 PMD 80000000010001e1 
Oops: 0003 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 8001 Comm: syz-executor.1 Not tainted 4.14.222-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8881d7ed6200 task.stack: ffff8881c5e28000
RIP: 0010:__writel arch/x86/include/asm/io.h:71 [inline]
RIP: 0010:slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline]
RIP: 0010:cfb_imageblit+0x741/0xec0 drivers/video/fbdev/core/cfbimgblt.c:302
RSP: 0018:ffff8881c5e2f580 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 000000000000001c RCX: 000000000000001c
RDX: ffff888001000000 RSI: 0000000000000007 RDI: ffff888001000004
RBP: ffff8881c5e2f638 R08: dffffc0000000000 R09: 0000000000000004
R10: 0000000000000000 R11: 000000000000001c R12: 0000000000000000
R13: ffff8881ef2cd6d0 R14: 0000000000000000 R15: 0000000000077000
FS:  00007fe92855d700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000000 CR3: 00000001dabd9004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1208 [inline]
 vga16fb_imageblit+0x620/0x2380 drivers/video/fbdev/vga16fb.c:1261
 bit_putcs_unaligned drivers/video/fbdev/core/bitblit.c:139 [inline]
 bit_putcs+0x872/0xca0 drivers/video/fbdev/core/bitblit.c:188
 fbcon_putcs+0x302/0x5f0 drivers/video/fbdev/core/fbcon.c:1247
 con_flush drivers/tty/vt/vt.c:2206 [inline]
 do_con_write.part.13+0x690/0x19b0 drivers/tty/vt/vt.c:2410
 do_con_write drivers/tty/vt/vt.c:2225 [inline]
 con_write+0x1f/0x80 drivers/tty/vt/vt.c:2805
 process_output_block drivers/tty/n_tty.c:595 [inline]
 n_tty_write+0x498/0x1030 drivers/tty/n_tty.c:2333
 do_tty_write drivers/tty/tty_io.c:959 [inline]
 tty_write+0x342/0x770 drivers/tty/tty_io.c:1043
 __vfs_write+0xdb/0x840 fs/read_write.c:480
 vfs_write+0x150/0x4f0 fs/read_write.c:544
 SYSC_write fs/read_write.c:590 [inline]
 SyS_write+0x100/0x250 fs/read_write.c:582
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465809
RSP: 002b:00007fe92855d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000000055bf00 RCX: 0000000000465809
RDX: 0000000000001006 RSI: 0000000020001440 RDI: 0000000000000008
RBP: 00000000004af675 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055bf00
R13: 00007ffe158bc54f R14: 00007fe92855d300 R15: 0000000000022000
Code: c0 0f 85 91 03 00 00 41 0f b6 45 00 44 89 e1 d3 f8 89 d9 a8 01 44 89 d0 0f 45 c6 89 c7 d3 e7 41 09 ff 41 39 db 77 1f 48 8d 7a 04 <44> 89 3a 41 39 db 0f 84 51 02 00 00 b9 20 00 00 00 48 89 fa 29 
RIP: __writel arch/x86/include/asm/io.h:71 [inline] RSP: ffff8881c5e2f580
RIP: slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline] RSP: ffff8881c5e2f580
RIP: cfb_imageblit+0x741/0xec0 drivers/video/fbdev/core/cfbimgblt.c:302 RSP: ffff8881c5e2f580
CR2: ffff888001000000
---[ end trace 96406a9c212ac641 ]---