BUG: unable to handle page fault for address: fffff52000a8b000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 17ffed067 P4D 17ffed067 PUD 1c695067 PMD 265a0067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN NOPTI CPU: 1 UID: 0 PID: 842 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: events_power_efficient fb_flashcursor RIP: 0010:fb_write_offset drivers/video/fbdev/core/sysmem.h:30 [inline] RIP: 0010:fb_bitmap_2ppw drivers/video/fbdev/core/fb_imageblit.h:374 [inline] RIP: 0010:fb_bitmap_imageblit drivers/video/fbdev/core/fb_imageblit.h:462 [inline] RIP: 0010:fb_imageblit drivers/video/fbdev/core/fb_imageblit.h:492 [inline] RIP: 0010:sys_imageblit+0x1985/0x1e60 drivers/video/fbdev/core/sysimgblt.c:24 Code: e8 06 83 e0 03 49 8d 7c c5 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 27 03 00 00 4c 89 f2 48 8b 84 c4 28 01 00 00 48 c1 ea 03 <80> 3c 1a 00 0f 85 aa 00 00 00 49 89 06 8b 3c 24 83 c5 01 41 c1 e4 RSP: 0018:ffffc90004ea7828 EFLAGS: 00010a06 RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff84f28699 RDX: 1ffff92000a8b000 RSI: ffffffff84f28627 RDI: ffffc90004ea7950 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000000 R13: ffffc90004ea7950 R14: ffffc90005458000 R15: ffffc90005458000 FS: 0000000000000000(0000) GS:ffff8880d6b08000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff52000a8b000 CR3: 000000002e166000 CR4: 0000000000352ef0 Call Trace: drm_fbdev_shmem_defio_imageblit+0x20/0x130 drivers/gpu/drm/drm_fbdev_shmem.c:38 soft_cursor+0x524/0xa10 drivers/video/fbdev/core/softcursor.c:74 bit_cursor+0xe8c/0x17e0 drivers/video/fbdev/core/bitblit.c:395 fb_flashcursor drivers/video/fbdev/core/fbcon.c:401 [inline] fb_flashcursor+0x310/0x400 drivers/video/fbdev/core/fbcon.c:370 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263 process_scheduled_works kernel/workqueue.c:3346 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Modules linked in: CR2: fffff52000a8b000 ---[ end trace 0000000000000000 ]--- RIP: 0010:fb_write_offset drivers/video/fbdev/core/sysmem.h:30 [inline] RIP: 0010:fb_bitmap_2ppw drivers/video/fbdev/core/fb_imageblit.h:374 [inline] RIP: 0010:fb_bitmap_imageblit drivers/video/fbdev/core/fb_imageblit.h:462 [inline] RIP: 0010:fb_imageblit drivers/video/fbdev/core/fb_imageblit.h:492 [inline] RIP: 0010:sys_imageblit+0x1985/0x1e60 drivers/video/fbdev/core/sysimgblt.c:24 Code: e8 06 83 e0 03 49 8d 7c c5 00 48 89 fa 48 c1 ea 03 80 3c 1a 00 0f 85 27 03 00 00 4c 89 f2 48 8b 84 c4 28 01 00 00 48 c1 ea 03 <80> 3c 1a 00 0f 85 aa 00 00 00 49 89 06 8b 3c 24 83 c5 01 41 c1 e4 RSP: 0018:ffffc90004ea7828 EFLAGS: 00010a06 RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff84f28699 RDX: 1ffff92000a8b000 RSI: ffffffff84f28627 RDI: ffffc90004ea7950 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000000 R13: ffffc90004ea7950 R14: ffffc90005458000 R15: ffffc90005458000 FS: 0000000000000000(0000) GS:ffff8880d6b08000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff52000a8b000 CR3: 000000002e166000 CR4: 0000000000352ef0 ---------------- Code disassembly (best guess): 0: e8 06 83 e0 03 call 0x3e0830b 5: 49 8d 7c c5 00 lea 0x0(%r13,%rax,8),%rdi a: 48 89 fa mov %rdi,%rdx d: 48 c1 ea 03 shr $0x3,%rdx 11: 80 3c 1a 00 cmpb $0x0,(%rdx,%rbx,1) 15: 0f 85 27 03 00 00 jne 0x342 1b: 4c 89 f2 mov %r14,%rdx 1e: 48 8b 84 c4 28 01 00 mov 0x128(%rsp,%rax,8),%rax 25: 00 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 1a 00 cmpb $0x0,(%rdx,%rbx,1) <-- trapping instruction 2e: 0f 85 aa 00 00 00 jne 0xde 34: 49 89 06 mov %rax,(%r14) 37: 8b 3c 24 mov (%rsp),%edi 3a: 83 c5 01 add $0x1,%ebp 3d: 41 rex.B 3e: c1 .byte 0xc1 3f: e4 .byte 0xe4