KASAN splat in vmwgfx driver

[Chuck Lever III]

For a kernel development project I'm working on, I'm using
Linux in a VMware guest. After kernel v5.16.2, I noticed
this KASAN splat:

Mar 15 14:50:39 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: vgaarb: 
deactivate vga console
Mar 15 14:50:39 oracle-102.nfsv4.dev kernel: Console: switching to colour dummy 
device 80x25
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: [TTM] Zone  kernel: Available 
graphics memory: 2027952 KiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] FIFO at 
0x00000000fe000000 size is 8192 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] VRAM at 
0x00000000e8000000 size is 131072 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Running 
on SVGA version 2.
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] DMA map 
mode: Caching DMA mappings.
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Legacy 
memory limits: VRAM = 4096 kB, FIFO = 256 kB, surface = 0 kB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] MOB 
limits: max mob size = 1048576 kB, max mob pages = 2097152
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] 
Capabilities: rect copy, cursor, cursor bypass, cursor bypass 2, 8bit e>
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] 
Capabilities2: grow otable, intra surface copy, dx2, gb memsize 2, scre>
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Max GMR 
ids is 64
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Max 
number of GMR pages is 65536
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Maximum 
display memory size is 262144 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Screen 
Target display unit initialized
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Fifo 
max 0x00040000 min 0x00001000 cap 0x0000077f
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: 
==================================================================
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: BUG: KASAN: slab-out-of-bounds in 
vmw_query_move_notify+0x206/0x230 [vmwgfx]
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: Read of size 8 at addr 
ffff88813101a1c8 by task systemd-udevd/405

Bisected to f6be23264bba ("drm/vmwgfx: Introduce a new placement for MOB page 
tables")

I don't see an obvious fix for this issue in the stream of
subsequent commits.


--
Chuck Lever