Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, lizhi.xu@windriver.com,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline
Date: Wed, 15 Nov 2023 17:24:06 -0800	[thread overview]
Message-ID: <0000000000003afd1c060a3ae082@google.com> (raw)
In-Reply-To: <20231116005155.2180143-1-lizhi.xu@windriver.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
divide error in drm_mode_debug_printmodeline

divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5480 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-16039-gac347a0655db-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x129/0x530 drivers/gpu/drm/drm_modes.c:60
Code: 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 48 0f af e8 44 89 f0 48 69 c8 e8 03 00 00 48 89 e8 48 d1 e8 48 01 c8 89 e9 31 d2 <48> f7 f1 49 89 c0 eb 0f e8 aa 07 66 fc eb 05 e8 a3 07 66 fc 45 31
RSP: 0018:ffffc9000566f8d0 EFLAGS: 00010246
RAX: 000000008001f400 RBX: ffff88802787f400 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000100000000 R08: ffffffff8528ba49 R09: 0000000000000000
R10: ffffc9000566f8a0 R11: fffff52000acdf17 R12: 0000000000000080
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff88802787f416
FS:  00007f4ac5a236c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ac4d980c0 CR3: 0000000072607000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 drm_mode_setcrtc+0x83b/0x1880 drivers/gpu/drm/drm_crtc.c:794
 drm_ioctl_kernel+0x362/0x500 drivers/gpu/drm/drm_ioctl.c:792
 drm_ioctl+0x636/0xb00 drivers/gpu/drm/drm_ioctl.c:895
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xf8/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f4ac4c7cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4ac5a230c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4ac4d9bf80 RCX: 00007f4ac4c7cae9
RDX: 0000000020000180 RSI: 00000000c06864a2 RDI: 0000000000000003
RBP: 00007f4ac4cc847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f4ac4d9bf80 R15: 00007ffc9a805758
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x129/0x530 drivers/gpu/drm/drm_modes.c:60
Code: 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 48 0f af e8 44 89 f0 48 69 c8 e8 03 00 00 48 89 e8 48 d1 e8 48 01 c8 89 e9 31 d2 <48> f7 f1 49 89 c0 eb 0f e8 aa 07 66 fc eb 05 e8 a3 07 66 fc 45 31
RSP: 0018:ffffc9000566f8d0 EFLAGS: 00010246
RAX: 000000008001f400 RBX: ffff88802787f400 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000100000000 R08: ffffffff8528ba49 R09: 0000000000000000
R10: ffffc9000566f8a0 R11: fffff52000acdf17 R12: 0000000000000080
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff88802787f416
FS:  00007f4ac5a236c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd5ec1c008 CR3: 0000000072607000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	66 83 f8 02          	cmp    $0x2,%ax
   4:	b9 01 00 00 00       	mov    $0x1,%ecx
   9:	0f 43 c8             	cmovae %eax,%ecx
   c:	0f b7 c1             	movzwl %cx,%eax
   f:	48 0f af e8          	imul   %rax,%rbp
  13:	44 89 f0             	mov    %r14d,%eax
  16:	48 69 c8 e8 03 00 00 	imul   $0x3e8,%rax,%rcx
  1d:	48 89 e8             	mov    %rbp,%rax
  20:	48 d1 e8             	shr    %rax
  23:	48 01 c8             	add    %rcx,%rax
  26:	89 e9                	mov    %ebp,%ecx
  28:	31 d2                	xor    %edx,%edx
* 2a:	48 f7 f1             	div    %rcx <-- trapping instruction
  2d:	49 89 c0             	mov    %rax,%r8
  30:	eb 0f                	jmp    0x41
  32:	e8 aa 07 66 fc       	call   0xfc6607e1
  37:	eb 05                	jmp    0x3e
  39:	e8 a3 07 66 fc       	call   0xfc6607e1
  3e:	45                   	rex.RB
  3f:	31                   	.byte 0x31


Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=104993e0e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=111d4b97680000

next      parent reply	other threads:[~2023-11-16  1:24 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20231116005155.2180143-1-lizhi.xu@windriver.com>
2023-11-16  1:24 ` syzbot [this message]
     [not found] <tencent_ED66D63C7D36FA97CA372E4AFA744777FB09@qq.com>
2023-11-20 14:41 ` [syzbot] [dri?] divide error in drm_mode_debug_printmodeline syzbot
     [not found] <tencent_6AFFDDB999194F950DA525D88D9C126B5D07@qq.com>
2023-11-20 14:20 ` syzbot
     [not found] <tencent_0A6DB773A6D6B36B037E496063AC044D5705@qq.com>
2023-11-20 14:00 ` syzbot
     [not found] <tencent_85864D49802EF66EDA0CBA67C346E592F406@qq.com>
2023-11-19  1:59 ` syzbot
     [not found] <tencent_E563A5A44C176E777386C7D365A365497C05@qq.com>
2023-11-18 12:23 ` syzbot
     [not found] <tencent_C06FDC2D996D409534E8DEEC96CC7079B20A@qq.com>
2023-11-18 11:02 ` syzbot
     [not found] <tencent_065CC990AEDDAEEA8CB0A7C806E012E74606@qq.com>
2023-11-18  7:18 ` syzbot
     [not found] <tencent_72961A37384AFC744F774366863D91364409@qq.com>
2023-11-18  5:13 ` syzbot
     [not found] <CAGuQ_7jmT0_GAYyGHZc1JVfi0P_e4Rum2nLXVZjnsS2EOVo0kA@mail.gmail.com>
2023-11-16  4:02 ` syzbot
     [not found] <CAGuQ_7hOGTm_gfXh5zvVovyKCz1Y0f-hkQ8WmzRfh5SuLvHx4g@mail.gmail.com>
2023-11-16  3:12 ` syzbot
2023-11-15  9:34 syzbot
2025-01-18 18:25 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000003afd1c060a3ae082@google.com \
    --to=syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lizhi.xu@windriver.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.