BUG: unable to handle page fault for address: ffff888001000000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD d601067 P4D d601067 PUD d602067 PMD 80000000010001e1 
Oops: 0003 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4113 Comm: syz-executor.3 Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:bitfill_aligned+0x102/0x210
Code: d2 bf 07 00 00 00 41 f7 f4 89 c5 89 c6 41 89 c4 e8 e3 d1 b8 fd 83 fd 07 76 78 41 89 ef 4d 89 ec e8 f3 d5 b8 fd 49 8d 44 24 08 <49> 89 1c 24 49 8d 54 24 10 48 89 18 49 8d 44 24 18 48 89 1a 49 8d
RSP: 0018:ffffc90000b674d8 EFLAGS: 00010293
RAX: ffff888001000008 RBX: 0000000000000000 RCX: ffffffff83b8bf6e
RDX: ffff8881f20aa140 RSI: ffffffff83b8bf1d RDI: 0000000000000005
RBP: 0000000000000028 R08: 0000000000000a00 R09: 0000000000000040
R10: 0000000000000007 R11: 0000000000000000 R12: ffff888001000000
R13: ffff888000ffff00 R14: 0000000000000000 R15: 0000000000000008
FS:  00007fd920b736c0(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000000 CR3: 00000001d5c4e000 CR4: 0000000000340ee0
Call Trace:
 cfb_fillrect+0x41f/0x7c0
 vga16fb_fillrect+0x687/0x1940
 bit_clear_margins+0x2e3/0x4b0
 fbcon_clear_margins+0x1d7/0x240
 fbcon_switch+0xb88/0x1670
 redraw_screen+0x2ae/0x780
 fbcon_modechanged+0x571/0x710
 fbcon_update_vcs+0x3e/0x50
 fb_set_var+0xc1c/0xd70
 do_fb_ioctl+0x358/0x700
 fb_ioctl+0xdd/0x130
 ksys_ioctl+0x116/0x170
 __x64_sys_ioctl+0x6e/0xb0
 do_syscall_64+0x60/0xe0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fd9217f2f69
Code: Bad RIP value.
RSP: 002b:00007fd920b730c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd921920f80 RCX: 00007fd9217f2f69
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
RBP: 00007fd92183f4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fd921920f80 R15: 00007ffefc844998
Modules linked in:
CR2: ffff888001000000
---[ end trace 85b2423071ecb12e ]---
RIP: 0010:bitfill_aligned+0x102/0x210
Code: d2 bf 07 00 00 00 41 f7 f4 89 c5 89 c6 41 89 c4 e8 e3 d1 b8 fd 83 fd 07 76 78 41 89 ef 4d 89 ec e8 f3 d5 b8 fd 49 8d 44 24 08 <49> 89 1c 24 49 8d 54 24 10 48 89 18 49 8d 44 24 18 48 89 1a 49 8d
RSP: 0018:ffffc90000b674d8 EFLAGS: 00010293
RAX: ffff888001000008 RBX: 0000000000000000 RCX: ffffffff83b8bf6e
RDX: ffff8881f20aa140 RSI: ffffffff83b8bf1d RDI: 0000000000000005
RBP: 0000000000000028 R08: 0000000000000a00 R09: 0000000000000040
R10: 0000000000000007 R11: 0000000000000000 R12: ffff888001000000
R13: ffff888000ffff00 R14: 0000000000000000 R15: 0000000000000008
FS:  00007fd920b736c0(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000000 CR3: 00000001d5c4e000 CR4: 0000000000340ee0
----------------
Code disassembly (best guess):
   0:	d2 bf 07 00 00 00    	sarb   %cl,0x7(%rdi)
   6:	41 f7 f4             	div    %r12d
   9:	89 c5                	mov    %eax,%ebp
   b:	89 c6                	mov    %eax,%esi
   d:	41 89 c4             	mov    %eax,%r12d
  10:	e8 e3 d1 b8 fd       	call   0xfdb8d1f8
  15:	83 fd 07             	cmp    $0x7,%ebp
  18:	76 78                	jbe    0x92
  1a:	41 89 ef             	mov    %ebp,%r15d
  1d:	4d 89 ec             	mov    %r13,%r12
  20:	e8 f3 d5 b8 fd       	call   0xfdb8d618
  25:	49 8d 44 24 08       	lea    0x8(%r12),%rax
* 2a:	49 89 1c 24          	mov    %rbx,(%r12) <-- trapping instruction
  2e:	49 8d 54 24 10       	lea    0x10(%r12),%rdx
  33:	48 89 18             	mov    %rbx,(%rax)
  36:	49 8d 44 24 18       	lea    0x18(%r12),%rax
  3b:	48 89 1a             	mov    %rbx,(%rdx)
  3e:	49                   	rex.WB
  3f:	8d                   	.byte 0x8d
