bisecting fixing commit since f1583cb1be35c23df60b1c39e3e7e6704d749d0b
building syzkaller on d236a457274375e5273ac4e958722659929c469f
testing commit f1583cb1be35c23df60b1c39e3e7e6704d749d0b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b5d030fad2b29b4cea2b7dfdb28a2032f387540eab76a89a135b4e04cc8968fe
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
testing current HEAD f6274b06e326d8471cdfb52595f989a90f5e888f
testing commit f6274b06e326d8471cdfb52595f989a90f5e888f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d6097f7f97f68792bb18a3985d9c4f4b710b2ced208e867544bee92d015705fd
all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
revisions tested: 2, total time: 21m18.282799727s (build: 13m16.806595758s, test: 7m32.146576891s)
the crash still happens on HEAD
commit msg: Merge tag 'linux-kselftest-fixes-5.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
crash: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in memcpy include/linux/fortify-string.h:191 [inline]
BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2545 [inline]
BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0xca9/0x42a0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2626
Write of size 640 at addr ffffc90004268fe0 by task vivid-001-vid-c/11876

CPU: 0 PID: 11876 Comm: vivid-001-vid-c Not tainted 5.15.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 print_address_description.constprop.0.cold+0xf/0x309 mm/kasan/report.c:256
 __kasan_report mm/kasan/report.c:442 [inline]
 kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
 memcpy+0x39/0x60 mm/kasan/shadow.c:66
 memcpy include/linux/fortify-string.h:191 [inline]
 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2545 [inline]
 tpg_fill_plane_buffer+0xca9/0x42a0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2626
 vivid_fillbuff+0x1821/0x4520 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:469
 vivid_thread_vid_cap_tick+0xadd/0x1f90 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:729
 vivid_thread_vid_cap+0x4f5/0xa40 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:868
 kthread+0x38b/0x460 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295


Memory state around the buggy address:
 ffffc90004268f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90004268f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90004269000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                   ^
 ffffc90004269080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90004269100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================