Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp4465298rwb;
        Tue, 16 Aug 2022 23:44:11 -0700 (PDT)
X-Google-Smtp-Source: AA6agR5N54xXdeAw0tvZH0wvjfJNUCNV1KrbgnHIlNv0nT/J+G1LwQKWAPLST+e9rO1RlhGGsjCB
X-Received: by 2002:a17:90b:1d44:b0:1f7:6f05:639e with SMTP id ok4-20020a17090b1d4400b001f76f05639emr2283139pjb.99.1660718650908;
        Tue, 16 Aug 2022 23:44:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1660718650; cv=none;
        d=google.com; s=arc-20160816;
        b=qGRSQZi7vNkZCgyJp/jOEd7WX4p5mDLacJ0sQQAY0e83QOd445sqDyn0Z2pgu3ZPq3
         ZAIz1MaGwtd6scrC6qptPl4oxefAACybFCQUr31XS5VI4wwZMOM7rM5Qgq3+1HbinQox
         RNZyjcSZjYep6ZUx8JoS6HD+UlM/h4MmaBAk7wNNXBFsuLIZAoceEecNDGYObV0TKelK
         J4MkS96jXXCPce3EoMtOoX/bMiUYCwPkOXVsTByUMxX5zzVtXyLrPKUjiQIMJr2epKPr
         cXZtEwM42lbNvwCS5Dwi8DBx68SHRN1jT1Awk2zJW3/6jyeIrqfKGOE+KQ6EJs3MMLiu
         KkLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:references:mime-version
         :message-id:in-reply-to:date:dkim-signature;
        bh=Xa1Am8o4teQaaL9RutMPnLbxqHkDGkecVOS2SmaoyIs=;
        b=T9bwTBS5s9YpRIysxnfrNYmxHpickrcTPRMtVPVyMvkdhN1pnQW/P12wNa0UkAIU0D
         NuqRz8NqU9rn9APdqOQMTGNYlI7Cu7JJlilvStKP7YZNLz0Kz4mJeEoQqO9HTzdwvnIJ
         4nxZLwJpjHpooDy55NIBw4nA+s8s1D7I01IU36zbba4SWTu90DJe/0QY5WRiGgX10f/q
         tgQDlQChAU6piokzqVxD4gbJmkeEb4wrMZk9q6CnLH8C1ilt3ftyQsdmrDF/ZVTG8Y2R
         vKsaBg13VHqaICDG+A44g/xU2lvQ+nXu9KF2U6aeCjTnvaSnEbXNLLdF/kURkkj3/+vn
         fWWg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="s/1uTUYy";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id il11-20020a17090b164b00b001f4fc60c4dcsi1313141pjb.6.2022.08.16.23.43.59;
        Tue, 16 Aug 2022 23:44:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="s/1uTUYy";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238872AbiHQGOR (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Wed, 17 Aug 2022 02:14:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60602 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238865AbiHQGOP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Aug 2022 02:14:15 -0400
Received: from mail-ed1-x549.google.com (mail-ed1-x549.google.com [IPv6:2a00:1450:4864:20::549])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF1FF50071
        for <linux-kernel@vger.kernel.org>; Tue, 16 Aug 2022 23:14:14 -0700 (PDT)
Received: by mail-ed1-x549.google.com with SMTP id r12-20020a05640251cc00b00440647ec649so8226674edd.21
        for <linux-kernel@vger.kernel.org>; Tue, 16 Aug 2022 23:14:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:from:to:cc;
        bh=Xa1Am8o4teQaaL9RutMPnLbxqHkDGkecVOS2SmaoyIs=;
        b=s/1uTUYyEaFlNWqfnApEYsQdesm4fvMpnKQOdzNeq15EnC9twMzAmYS27DYIEpoQNV
         ONiulQIKOyEaJN7vwBiVA52A3T4fcNXzcO2EhlNUv27SahrpI8qf2TkmB06MCRaqefwF
         /yeummP9sXq7fbGE66YggRyUl+gsDQWhxLKEisD400L//ndUoKIQVHn5cqERyZdfGqzW
         MxIJmnSbDnDTsusWT3OxOGRFuDKrQGwlnv+xVRnPv6dCaBuTy0G5ycxfUPP9Z6vnw8Dw
         XiMmWQtzqjM7hXitZzNVNFnrMdeE/E2XvAKW/O257aO7bzFySiL/TErWqyTrtHttYnlB
         qbFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:references:mime-version:message-id:in-reply-to
         :date:x-gm-message-state:from:to:cc;
        bh=Xa1Am8o4teQaaL9RutMPnLbxqHkDGkecVOS2SmaoyIs=;
        b=i0970s4Jr/5NnoayhTPJSPZKdXZ3H+zrFf4jATCwMhdaE6QA4sfsKzfNAVXZnyH3Ee
         zXmkMv6q29LcrngkVlg4Pjp8VTSVxwIsR35Pq4g5AquKSuPISkN+lh9tF11PpNRRjzFg
         cSWRlLTU3GZvZDz96RnFBzye2nwXR4iW83sFnFXdTgwcsv0sroa1usgBWMv44tsec5xb
         FPdEKvrDBFS6ob8zNW0o4loW2ze9tWrfvLW4B/lLRiPxIxx+WpM+JGRG2WYJB90swTrS
         7L39dLKGUp4PWT8GFxZ3V+VbzEM7eI0Ez6GuaHQ3aUmVfYwi9M9P2tdK/0U7ezNqmn/i
         GaAw==
X-Gm-Message-State: ACgBeo15+LEslL9759rAueeqEjh51WKAWL0LqygryLUovFj0Xza/mTW9
        euTtgB/dvZOy2D/Hda5C/7pgBr4b1Kue
X-Received: from dvyukov-desk.muc.corp.google.com ([2a00:79e0:9c:201:6b03:2ace:af3d:2660])
 (user=dvyukov job=sendgmr) by 2002:a17:907:608f:b0:734:b422:42f4 with SMTP id
 ht15-20020a170907608f00b00734b42242f4mr14937896ejc.491.1660716853316; Tue, 16
 Aug 2022 23:14:13 -0700 (PDT)
Date:   Wed, 17 Aug 2022 08:13:59 +0200
In-Reply-To: <20220815170444-mutt-send-email-mst@kernel.org>
Message-Id: <20220817061359.200970-1-dvyukov@google.com>
Mime-Version: 1.0
References: <20220815170444-mutt-send-email-mst@kernel.org>
X-Mailer: git-send-email 2.37.1.595.g718a3a8f04-goog
Subject: Re: upstream kernel crashes
From:   Dmitry Vyukov <dvyukov@google.com>
To:     mst@redhat.com
Cc:     James.Bottomley@hansenpartnership.com, andres@anarazel.de,
        axboe@kernel.dk, c@redhat.com, davem@davemloft.net,
        edumazet@google.com, gregkh@linuxfoundation.org,
        jasowang@redhat.com, kuba@kernel.org, linux-kernel@vger.kernel.org,
        linux@roeck-us.net, martin.petersen@oracle.com,
        netdev@vger.kernel.org, pabeni@redhat.com,
        torvalds@linux-foundation.org,
        virtualization@lists.linux-foundation.org,
        xuanzhuo@linux.alibaba.com, kasan-dev@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 15 Aug 2022 17:32:06 -0400, Michael wrote:
> So if you pass the size parameter for a legacy device it will
> try to make the ring smaller and that is not legal with
> legacy at all. But the driver treats legacy and modern
> the same, it allocates a smaller queue anyway.
>
> Lo and behold, I pass disable-modern=on to qemu and it happily
> corrupts memory exactly the same as GCP does.

Ouch!

I understand that the host does the actual corruption,
but could you think of any additional debug checking in the guest
that would caught this in future? Potentially only when KASAN
is enabled which can verify validity of memory ranges.
Some kind of additional layer of sanity checking.

This caused a bit of a havoc for syzbot with almost 100 unique
crash signatures, so would be useful to catch such issues more
reliably in future.

Thanks