bisecting fixing commit since f1583cb1be35c23df60b1c39e3e7e6704d749d0b building syzkaller on d236a457274375e5273ac4e958722659929c469f testing commit f1583cb1be35c23df60b1c39e3e7e6704d749d0b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b5d030fad2b29b4cea2b7dfdb28a2032f387540eab76a89a135b4e04cc8968fe all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer testing current HEAD a4849f6000e29235a2707f22e39da6b897bb9543 testing commit a4849f6000e29235a2707f22e39da6b897bb9543 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 48f545c6482fee4f403d8a46178add713e0ab6a742a3028ebd94040f35db46a6 all runs: crashed: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer revisions tested: 2, total time: 21m21.121599551s (build: 13m12.23886249s, test: 7m32.586922084s) the crash still happens on HEAD commit msg: Merge tag 'drm-fixes-2021-11-26' of git://anongit.freedesktop.org/drm/drm crash: KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer ================================================================== BUG: KASAN: vmalloc-out-of-bounds in memcpy include/linux/fortify-string.h:225 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2545 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0xca9/0x42a0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2626 Write of size 640 at addr ffffc9000c029fe0 by task vivid-001-vid-c/9377 CPU: 0 PID: 9377 Comm: vivid-001-vid-c Not tainted 5.16.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xf/0x320 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x39/0x60 mm/kasan/shadow.c:66 memcpy include/linux/fortify-string.h:225 [inline] tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2545 [inline] tpg_fill_plane_buffer+0xca9/0x42a0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2626 vivid_fillbuff+0x1821/0x4530 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:469 vivid_thread_vid_cap_tick+0xadd/0x1f90 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:729 vivid_thread_vid_cap+0x4f3/0xa40 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:868 kthread+0x3ab/0x480 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Memory state around the buggy address: ffffc9000c029f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000c029f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000c02a000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc9000c02a080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc9000c02a100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================