bisecting fixing commit since f1583cb1be35c23df60b1c39e3e7e6704d749d0b building syzkaller on d236a457274375e5273ac4e958722659929c469f testing commit f1583cb1be35c23df60b1c39e3e7e6704d749d0b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b5d030fad2b29b4cea2b7dfdb28a2032f387540eab76a89a135b4e04cc8968fe all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer testing current HEAD a08b41ab9e2e468647f78eb17c28e29b93006394 testing commit a08b41ab9e2e468647f78eb17c28e29b93006394 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3eb3fb4b8fccf7b7d5ce6cf2256a93cbf71ea6caa18139b031b86ac5b3595d53 all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer revisions tested: 2, total time: 21m14.393460238s (build: 14m15.584542519s, test: 6m16.546803587s) the crash still happens on HEAD commit msg: Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm crash: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer ================================================================== BUG: KASAN: vmalloc-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2545 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0xca9/0x42a0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2626 Write of size 640 at addr ffffc90003a42fe0 by task vivid-001-vid-c/4219 CPU: 0 PID: 4219 Comm: vivid-001-vid-c Not tainted 5.17.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x336 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x39/0x60 mm/kasan/shadow.c:66 memcpy include/linux/fortify-string.h:225 [inline] tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2545 [inline] tpg_fill_plane_buffer+0xca9/0x42a0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2626 vivid_fillbuff+0x1821/0x4530 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:469 vivid_thread_vid_cap_tick+0xadd/0x1f90 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:729 vivid_thread_vid_cap+0x4f3/0xa40 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:868 kthread+0x299/0x340 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Memory state around the buggy address: ffffc90003a42f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc90003a42f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc90003a43000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90003a43080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90003a43100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================