Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3268298ybb;
        Mon, 6 Apr 2020 05:42:32 -0700 (PDT)
X-Google-Smtp-Source: APiQypK5WPvyoIITqfaTA6JyaWePSvQY40f+NEPBDvsqga/QsZoL5Z8h+/NBBx141n7PVYj3/PBB
X-Received: by 2002:a9d:30c7:: with SMTP id r7mr17129227otg.289.1586176952562;
        Mon, 06 Apr 2020 05:42:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1586176952; cv=none;
        d=google.com; s=arc-20160816;
        b=qsoy3mFW3JEiDSNskkqBOq0QCI57qxbtwl8vmkp8xRq4KppahQlwvhRO/c5iDEd9Q9
         LZ8a/nZqxHXavefmNvIYc3b8whOzlHhLM6b2bNOPPQUPhq0hSPumIpeR5hPX4uglXlpr
         Sp4WhC4e2qW6mVevKrWWWcCniGlI83MTSmVEf91QkZ/L6Jrzqfwef5TxpZyODvYjVUjE
         Klo3nxoklm3AJPNxoiovstolXoc5HsE8y+4IZcC4LVGCCYoqnUEQG2D8bkUHWKM4DrnL
         7laXxeEfTkxhL83iY6Jz9zOIFoSg10i4tWvXkD/S0DZrbB9hYzUGQJ6vZcMb4lwVzC7a
         QxZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=sr72t4r7lxhc/Q3B1vivttix8afMzynpg5rTdMjQSoY=;
        b=y3m965XPDAaon6RvqEEqieas8Pd7je0ZJauOooTSZwsZ8zp/gi7hwVhi2qAMX8LKkQ
         NTcW2XWbXtjKdTbE1g2cObH6GfDoPvlIXqhgWhuK01MHVo+c1BZhyK3RwQjYwAckkqcq
         itN1zdjYez2BP05dTMxPgOcdvvkzNEWvwLHWWlnoP/RS9kWgyk9jdhGc9F81SKANKd5J
         rCLxKA+A6Yq4LhUMB7SDWguSG6llSlun8ADQqxog04HRWEubwbMpNhWkUM/+JGQOmR/9
         /LD2QKtjd00b/b9pmirolZ+Sr+r/MNgyQXOZPxZ1DQaCySp6zRHciyWZwdxv4hlK0PeS
         Mt3g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ffwll.ch header.s=google header.b=entol2rH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f3si8076787ooi.41.2020.04.06.05.42.20;
        Mon, 06 Apr 2020 05:42:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ffwll.ch header.s=google header.b=entol2rH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728060AbgDFMle (ORCPT <rfc822;sunnyliangjy@gmail.com>
        + 99 others); Mon, 6 Apr 2020 08:41:34 -0400
Received: from mail-ot1-f67.google.com ([209.85.210.67]:40896 "EHLO
        mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728052AbgDFMld (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Apr 2020 08:41:33 -0400
Received: by mail-ot1-f67.google.com with SMTP id r19so15098390otn.7
        for <linux-kernel@vger.kernel.org>; Mon, 06 Apr 2020 05:41:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ffwll.ch; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=sr72t4r7lxhc/Q3B1vivttix8afMzynpg5rTdMjQSoY=;
        b=entol2rHnqykEsDN6YkZxSuwSctDqAnKsid7hRR+PoqC5lMipLmtfJhXeba6wjsCWm
         rfaehblGx+Me4JYjbyW4WDcJeNAIw072KujfJUYa5Ld5UR+7o3ji9LNAJu4QZHm7mDfm
         U9KG1jjMrh/5skPTpZMtN9W1LtYTC7V9W6cd4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=sr72t4r7lxhc/Q3B1vivttix8afMzynpg5rTdMjQSoY=;
        b=c8tz9TN+bQflHr5CZ0aL4iFG8bLtuIei2/Ikc0KVHXPdwNTGb1SmsG5w/X6UhuJDLf
         mF0dgyeyJ1YLP49p8ybLwM6C06ccpeQ3eTTFbrWHuJTWZzR8PukUaX8QqZJApCwOvvfU
         qAMzEPuWpC0jxLwY0FBRFqoXFbnZB6NpIKUhQcUdb+ydLmvIHBa0ZeCqdqzJ4hgqP/W8
         Ce0B5wT6mS+ZdTHEu+pYHNX6LbOFXRTk0CxNtREhdQcguvsNIoZBoOkiO8gbhv+RroAu
         9/NXJSvB9phUfJEUlYpH4oj4pGNs6fds4l5T1taxjt5Nc7Y7gWWCEQxh5QCfqq9agsIc
         Js4A==
X-Gm-Message-State: AGi0PuaEP1lbMe3Wm2bf+9aZYk7frPJouQBDLoDnGWmqBcB5Ksy2BA4v
        uAPcJusI8nZoCxh6EJmwcBy5jKyDA9zDjqujACbftQ==
X-Received: by 2002:a9d:6e8f:: with SMTP id a15mr18136881otr.188.1586176891766;
 Mon, 06 Apr 2020 05:41:31 -0700 (PDT)
MIME-Version: 1.0
References: <00000000000091056b05a2999f1e@google.com> <CACT4Y+b4RcgG_GrcpaghmqhX47zUVsAcGGd6vb6MYJT=6gf89g@mail.gmail.com>
 <20200406080612.v5ubxvyliuso6v5h@sirius.home.kraxel.org>
In-Reply-To: <20200406080612.v5ubxvyliuso6v5h@sirius.home.kraxel.org>
From:   Daniel Vetter <daniel@ffwll.ch>
Date:   Mon, 6 Apr 2020 14:41:20 +0200
Message-ID: <CAKMK7uE9uQ_YCXfDOH9zQBu_ffoz546hqRd1R_r1+L-T072Lew@mail.gmail.com>
Subject: Re: upstream boot error: KASAN: slab-out-of-bounds Write in virtio_gpu_object_create
To:     Gerd Hoffmann <kraxel@redhat.com>
Cc:     Dmitry Vyukov <dvyukov@google.com>,
        syzbot <syzbot+d3a7951ed361037407db@syzkaller.appspotmail.com>,
        David Airlie <airlied@linux.ie>,
        DRI <dri-devel@lists.freedesktop.org>,
        "open list:VIRTIO CORE, NET..." 
        <virtualization@lists.linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Apr 6, 2020 at 10:06 AM Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Mon, Apr 06, 2020 at 09:07:44AM +0200, Dmitry Vyukov wrote:
> > On Mon, Apr 6, 2020 at 8:46 AM syzbot
> > <syzbot+d3a7951ed361037407db@syzkaller.appspotmail.com> wrote:
> > >
> > > Hello,
> > >
> > > syzbot found the following crash on:
> > >
> > > HEAD commit:    ffc1c20c Merge tag 'for-5.7/dm-changes' of git://git.kerne..
> > > git tree:       upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=1690471fe00000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=d6a1e2f9a9986236
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=d3a7951ed361037407db
> > > compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> > >
> > > Unfortunately, I don't have any reproducer for this crash yet.
> > >
> > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > Reported-by: syzbot+d3a7951ed361037407db@syzkaller.appspotmail.com
> >
> >
> > +drivers/gpu/drm/virtio/virtgpu_object.c maintainers
> > Now we have both mainline and linux-next boot broken (linux-next is
> > broken for the past 40 days).
> > No testing of new code happens.
> >
> > >  virtio_gpu_object_shmem_init drivers/gpu/drm/virtio/virtgpu_object.c:151 [inline]
> > >  virtio_gpu_object_create+0x9f3/0xaa0 drivers/gpu/drm/virtio/virtgpu_object.c:230
>
> Ah, that one.
>
> broken patch: f651c8b05542 ("drm/virtio: factor out the sg_table from virtio_gpu_object")
> fixed by: 0666a8d7f6a4 ("drm/virtio: fix OOB in virtio_gpu_object_create")
>
> Both are in drm-misc-next.  I suspect the fix was added after
> drm-misc-next was closed for the 5.7 merge window and thus should
> have been submitted to drm-misc-next-fixes instead.
>
> So, what to do now?  Should I cherry-pick 0666a8d7f6a4 into
> drm-misc-next-fixes?  Or should it go into drm-misc-fixes instead?

Yup cherry-pick it over, with -x, to drm-misc-next-fixes.
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch