[syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    ac347a0655db Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=101ba588e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11252f97680000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10fd2498e80000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8fcb90d89768/disk-ac347a06.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/360d9341a71c/vmlinux-ac347a06.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a370aa406c63/bzImage-ac347a06.xz

The issue was bisected to:

commit ea40d7857d5250e5400f38c69ef9e17321e9c4a2
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date:   Fri Oct 9 23:21:56 2020 +0000

    drm/vkms: fbdev emulation support

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1058223f680000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=1258223f680000
console output: https://syzkaller.appspot.com/x/log.txt?x=1458223f680000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com
Fixes: ea40d7857d52 ("drm/vkms: fbdev emulation support")

divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5068 Comm: syz-executor357 Not tainted 6.6.0-syzkaller-16039-gac347a0655db #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x118/0x4e0 drivers/gpu/drm/drm_modes.c:60
Code: 00 41 0f b7 07 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 0f af e8 44 89 f0 48 69 c8 e8 03 00 00 89 e8 d1 e8 48 01 c8 31 d2 <48> f7 f5 49 89 c6 eb 0c e8 fb 07 66 fc eb 05 e8 f4 07 66 fc 48 89
RSP: 0018:ffffc9000391f8d0 EFLAGS: 00010246
RAX: 000000000001f400 RBX: ffff888025045000 RCX: 000000000001f400
RDX: 0000000000000000 RSI: 0000000000008000 RDI: ffff888025045018
RBP: 0000000000000000 R08: ffffffff8528b9af R09: 0000000000000000
R10: ffffc9000391f8a0 R11: fffff52000723f17 R12: 0000000000000080
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff888025045016
FS:  0000555556932380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005fdeb8 CR3: 000000007fcff000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 drm_mode_setcrtc+0x83b/0x1880 drivers/gpu/drm/drm_crtc.c:794
 drm_ioctl_kernel+0x362/0x500 drivers/gpu/drm/drm_ioctl.c:792
 drm_ioctl+0x636/0xb00 drivers/gpu/drm/drm_ioctl.c:895
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xf8/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f6c63dd6729
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcde0dd0e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffcde0dd2b8 RCX: 00007f6c63dd6729
RDX: 0000000020000180 RSI: 00000000c06864a2 RDI: 0000000000000003
RBP: 00007f6c63e49610 R08: 00000000fffff4e6 R09: 00007ffcde0dd2b8
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffcde0dd2a8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x118/0x4e0 drivers/gpu/drm/drm_modes.c:60
Code: 00 41 0f b7 07 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 0f af e8 44 89 f0 48 69 c8 e8 03 00 00 89 e8 d1 e8 48 01 c8 31 d2 <48> f7 f5 49 89 c6 eb 0c e8 fb 07 66 fc eb 05 e8 f4 07 66 fc 48 89
RSP: 0018:ffffc9000391f8d0 EFLAGS: 00010246
RAX: 000000000001f400 RBX: ffff888025045000 RCX: 000000000001f400
RDX: 0000000000000000 RSI: 0000000000008000 RDI: ffff888025045018
RBP: 0000000000000000 R08: ffffffff8528b9af R09: 0000000000000000
R10: ffffc9000391f8a0 R11: fffff52000723f17 R12: 0000000000000080
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff888025045016
FS:  0000555556932380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000064392c CR3: 000000007fcff000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	00 41 0f             	add    %al,0xf(%rcx)
   3:	b7 07                	mov    $0x7,%bh
   5:	66 83 f8 02          	cmp    $0x2,%ax
   9:	b9 01 00 00 00       	mov    $0x1,%ecx
   e:	0f 43 c8             	cmovae %eax,%ecx
  11:	0f b7 c1             	movzwl %cx,%eax
  14:	0f af e8             	imul   %eax,%ebp
  17:	44 89 f0             	mov    %r14d,%eax
  1a:	48 69 c8 e8 03 00 00 	imul   $0x3e8,%rax,%rcx
  21:	89 e8                	mov    %ebp,%eax
  23:	d1 e8                	shr    %eax
  25:	48 01 c8             	add    %rcx,%rax
  28:	31 d2                	xor    %edx,%edx
* 2a:	48 f7 f5             	div    %rbp <-- trapping instruction
  2d:	49 89 c6             	mov    %rax,%r14
  30:	eb 0c                	jmp    0x3e
  32:	e8 fb 07 66 fc       	call   0xfc660832
  37:	eb 05                	jmp    0x3e
  39:	e8 f4 07 66 fc       	call   0xfc660832
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
divide error in drm_mode_debug_printmodeline

divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5480 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-16039-gac347a0655db-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x129/0x530 drivers/gpu/drm/drm_modes.c:60
Code: 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 48 0f af e8 44 89 f0 48 69 c8 e8 03 00 00 48 89 e8 48 d1 e8 48 01 c8 89 e9 31 d2 <48> f7 f1 49 89 c0 eb 0f e8 aa 07 66 fc eb 05 e8 a3 07 66 fc 45 31
RSP: 0018:ffffc9000566f8d0 EFLAGS: 00010246
RAX: 000000008001f400 RBX: ffff88802787f400 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000100000000 R08: ffffffff8528ba49 R09: 0000000000000000
R10: ffffc9000566f8a0 R11: fffff52000acdf17 R12: 0000000000000080
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff88802787f416
FS:  00007f4ac5a236c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ac4d980c0 CR3: 0000000072607000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 drm_mode_setcrtc+0x83b/0x1880 drivers/gpu/drm/drm_crtc.c:794
 drm_ioctl_kernel+0x362/0x500 drivers/gpu/drm/drm_ioctl.c:792
 drm_ioctl+0x636/0xb00 drivers/gpu/drm/drm_ioctl.c:895
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xf8/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f4ac4c7cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4ac5a230c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4ac4d9bf80 RCX: 00007f4ac4c7cae9
RDX: 0000000020000180 RSI: 00000000c06864a2 RDI: 0000000000000003
RBP: 00007f4ac4cc847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f4ac4d9bf80 R15: 00007ffc9a805758
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1303 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x129/0x530 drivers/gpu/drm/drm_modes.c:60
Code: 66 83 f8 02 b9 01 00 00 00 0f 43 c8 0f b7 c1 48 0f af e8 44 89 f0 48 69 c8 e8 03 00 00 48 89 e8 48 d1 e8 48 01 c8 89 e9 31 d2 <48> f7 f1 49 89 c0 eb 0f e8 aa 07 66 fc eb 05 e8 a3 07 66 fc 45 31
RSP: 0018:ffffc9000566f8d0 EFLAGS: 00010246
RAX: 000000008001f400 RBX: ffff88802787f400 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000100000000 R08: ffffffff8528ba49 R09: 0000000000000000
R10: ffffc9000566f8a0 R11: fffff52000acdf17 R12: 0000000000000080
R13: dffffc0000000000 R14: 0000000000000080 R15: ffff88802787f416
FS:  00007f4ac5a236c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd5ec1c008 CR3: 0000000072607000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	66 83 f8 02          	cmp    $0x2,%ax
   4:	b9 01 00 00 00       	mov    $0x1,%ecx
   9:	0f 43 c8             	cmovae %eax,%ecx
   c:	0f b7 c1             	movzwl %cx,%eax
   f:	48 0f af e8          	imul   %rax,%rbp
  13:	44 89 f0             	mov    %r14d,%eax
  16:	48 69 c8 e8 03 00 00 	imul   $0x3e8,%rax,%rcx
  1d:	48 89 e8             	mov    %rbp,%rax
  20:	48 d1 e8             	shr    %rax
  23:	48 01 c8             	add    %rcx,%rax
  26:	89 e9                	mov    %ebp,%ecx
  28:	31 d2                	xor    %edx,%edx
* 2a:	48 f7 f1             	div    %rcx <-- trapping instruction
  2d:	49 89 c0             	mov    %rax,%r8
  30:	eb 0f                	jmp    0x41
  32:	e8 aa 07 66 fc       	call   0xfc6607e1
  37:	eb 05                	jmp    0x3e
  39:	e8 a3 07 66 fc       	call   0xfc6607e1
  3e:	45                   	rex.RB
  3f:	31                   	.byte 0x31


Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=104993e0e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=111d4b97680000

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

drivers/gpu/drm/drm_modes.c:1323:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1350:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1422:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1441:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1460:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1475:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1490:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1503:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1510:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1517:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1535:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1578:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1601:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1622:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1631:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1674:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1705:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1730:1: error: function definition is not allowed here
drivers/gpu/drm/drm_modes.c:1787:1: error: function definition is not allowed here


Tested on:

commit:         c42d9eee Merge tag 'hardening-v6.7-rc2' of git://git.k..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=104e9338e80000

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

gured (established 65536 bind 65536)
[    4.698580][    T1] MPTCP token hash table entries: 8192 (order: 7, 720896 bytes, vmalloc)
[    4.706186][    T1] UDP hash table entries: 4096 (order: 7, 655360 bytes, vmalloc)
[    4.712412][    T1] UDP-Lite hash table entries: 4096 (order: 7, 655360 bytes, vmalloc)
[    4.716658][    T1] NET: Registered PF_UNIX/PF_LOCAL protocol family
[    4.722357][    T1] RPC: Registered named UNIX socket transport module.
[    4.724212][    T1] RPC: Registered udp transport module.
[    4.725069][    T1] RPC: Registered tcp transport module.
[    4.727091][    T1] RPC: Registered tcp-with-tls transport module.
[    4.729048][    T1] RPC: Registered tcp NFSv4.1 backchannel transport module.
[    4.737515][    T1] NET: Registered PF_XDP protocol family
[    4.739697][    T1] pci_bus 0000:00: resource 4 [io  0x0000-0x0cf7 window]
[    4.741876][    T1] pci_bus 0000:00: resource 5 [io  0x0d00-0xffff window]
[    4.743898][    T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[    4.745227][    T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[    4.748706][    T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[    4.750117][    T1] PCI: CLS 0 bytes, default 64
[    4.759463][    T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[    4.761040][    T1] software IO TLB: mapped [mem 0x00000000b5800000-0x00000000b9800000] (64MB)
[    4.762515][    T1] ACPI: bus type thunderbolt registered
[    4.770381][   T60] kworker/u4:2 (60) used greatest stack depth: 26296 bytes left
[    4.773156][    T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[    4.798952][    T1] kvm_amd: CPU 0 isn't AMD or Hygon
[    4.800516][    T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6cbb9648, max_idle_ns: 440795209148 ns
[    4.802622][    T1] clocksource: Switched to clocksource tsc
[    4.834894][   T74] kworker/u4:4 (74) used greatest stack depth: 25160 bytes left
[    6.218409][    T1] Initialise system trusted keyrings
[    6.225315][    T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[    6.234279][    T1] DLM installed
[    6.238005][    T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    6.244851][    T1] NFS: Registering the id_resolver key type
[    6.246129][    T1] Key type id_resolver registered
[    6.247316][    T1] Key type id_legacy registered
[    6.248729][    T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[    6.250443][    T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[    6.258315][    T1] Key type cifs.spnego registered
[    6.259636][    T1] Key type cifs.idmap registered
[    6.260830][    T1] ntfs: driver 2.1.32 [Flags: R/W].
[    6.261994][    T1] ntfs3: Max link count 4000
[    6.262684][    T1] ntfs3: Enabled Linux POSIX ACLs support
[    6.263806][    T1] ntfs3: Read-only LZX/Xpress compression included
[    6.265613][    T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[    6.268103][    T1] jffs2: version 2.2. (NAND) (SUMMARY)  © 2001-2006 Red Hat, Inc.
[    6.271702][    T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[    6.273229][    T1] QNX4 filesystem 0.2.3 registered.
[    6.275322][    T1] qnx6: QNX6 filesystem 1.0.0 registered.
[    6.277012][    T1] fuse: init (API version 7.39)
[    6.281606][    T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[    6.284051][    T1] orangefs_init: module version upstream loaded
[    6.285490][    T1] JFS: nTxBlock = 8192, nTxLock = 65536
[    6.313750][    T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[    6.319015][    T1] 9p: Installing v9fs 9p2000 file system support
[    6.320322][    T1] NILFS version 2 loaded
[    6.321452][    T1] befs: version: 0.9.3
[    6.322601][    T1] ocfs2: Registered cluster interface o2cb
[    6.324174][    T1] ocfs2: Registered cluster interface user
[    6.325892][    T1] OCFS2 User DLM kernel interface loaded
[    6.341871][    T1] gfs2: GFS2 installed
[    6.353461][    T1] ceph: loaded (mds proto 32)
[    6.379550][    T1] NET: Registered PF_ALG protocol family
[    6.381038][    T1] xor: automatically using best checksumming function   avx       
[    6.382602][    T1] async_tx: api initialized (async)
[    6.383352][    T1] Key type asymmetric registered
[    6.384356][    T1] Asymmetric key parser 'x509' registered
[    6.385383][    T1] Asymmetric key parser 'pkcs8' registered
[    6.386451][    T1] Key type pkcs7_test registered
[    6.387489][    T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239)
[    6.389957][    T1] io scheduler mq-deadline registered
[    6.390822][    T1] io scheduler kyber registered
[    6.391899][    T1] io scheduler bfq registered
[    6.402210][    T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[    6.416990][    T1] ACPI: button: Power Button [PWRF]
[    6.420110][    T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[    6.423549][    T1] ACPI: button: Sleep Button [SLPF]
[    6.437563][    T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[    6.464441][    T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[    6.467125][    T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[    6.493366][    T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[    6.494395][    T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[    6.520948][    T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[    6.522290][    T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[    6.542518][    T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[    6.681895][  T276] kworker/u4:4 (276) used greatest stack depth: 25000 bytes left
[    7.183861][    T1] N_HDLC line discipline registered with maxframe=4096
[    7.185565][    T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[    7.191098][    T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[    7.206122][    T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[    7.222125][    T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[    7.234572][    T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[    7.262180][    T1] Non-volatile memory driver v1.3
[    7.282424][    T1] Linux agpgart interface v0.103
[    7.296450][    T1] ACPI: bus type drm_connector registered
[    7.307285][    T1] [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[    7.319716][    T1] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
[    7.323524][    T1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[    7.325256][    T1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[    7.325646][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5-dirty #0
[    7.325646][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[    7.325646][    T1] RIP: 0010:drm_mode_vrefresh+0x9e/0x360
[    7.325646][    T1] Code: e8 d7 d9 65 fc 45 85 f6 74 73 4c 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 f8 01 00 00 41 8b 04 24 89 44 24 04 44 0f af f5 <41> 0f b6 45 00 84 c0 0f 85 fd 01 00 00 44 89 34 25 00 00 00 00 4d
[    7.325646][    T1] RSP: 0000:ffffc90000067050 EFLAGS: 00010202
[    7.325646][    T1] RAX: 0000000000007b0c RBX: 0000000000000000 RCX: ffff888141668000
[    7.325646][    T1] RDX: ffff888141668000 RSI: 00000000000001bd RDI: 0000000000000000
[    7.325646][    T1] RBP: 0000000000000340 R08: ffffffff8528eb99 R09: 0000000000000000
[    7.325646][    T1] R10: ffffc90000067060 R11: fffff5200000ce0f R12: ffffffff8bce3120
[    7.325646][    T1] R13: dffffc0000000000 R14: 000000000005a640 R15: ffffffff8bce312e
[    7.325646][    T1] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[    7.325646][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    7.325646][    T1] CR2: ffff88823ffff000 CR3: 000000000d730000 CR4: 00000000003506f0
[    7.325646][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    7.325646][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    7.325646][    T1] Call Trace:
[    7.325646][    T1]  <TASK>
[    7.325646][    T1]  ? __die_body+0x8b/0xe0
[    7.325646][    T1]  ? die_addr+0xc9/0x100
[    7.325646][    T1]  ? exc_general_protection+0x3c2/0x5b0
[    7.325646][    T1]  ? asm_exc_general_protection+0x26/0x30
[    7.325646][    T1]  ? drm_mode_vrefresh+0x79/0x360
[    7.325646][    T1]  ? drm_mode_vrefresh+0x9e/0x360
[    7.325646][    T1]  drm_add_modes_noedid+0xb5/0x230
[    7.325646][    T1]  vkms_conn_get_modes+0x20/0x40
[    7.325646][    T1]  drm_helper_probe_single_connector_modes+0x7d9/0x11f0
[    7.325646][    T1]  ? drm_helper_probe_detect+0x4e0/0x4e0
[    7.325646][    T1]  ? drm_client_modeset_probe+0x32c/0x4790
[    7.325646][    T1]  ? rcu_is_watching+0x15/0xb0
[    7.325646][    T1]  ? __kmalloc+0xe6/0x230
[    7.325646][    T1]  ? drm_connector_list_iter_end+0xb5/0xd0
[    7.325646][    T1]  drm_client_modeset_probe+0x433/0x4790
[    7.325646][    T1]  ? verify_lock_unused+0x140/0x140
[    7.325646][    T1]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[    7.325646][    T1]  ? lockdep_hardirqs_on+0x98/0x140
[    7.325646][    T1]  ? drm_client_modeset_release+0x300/0x300
[    7.325646][    T1]  ? __mutex_trylock_common+0x182/0x2e0
[    7.325646][    T1]  ? __might_sleep+0xc0/0xc0
[    7.325646][    T1]  ? trace_raw_output_contention_end+0xd0/0xd0
[    7.325646][    T1]  ? __mutex_trylock_common+0x182/0x2e0
[    7.325646][    T1]  __drm_fb_helper_initial_config_and_unlock+0x112/0x1e20
[    7.325646][    T1]  ? __mutex_lock+0x2ee/0xd60
[    7.325646][    T1]  ? rcu_is_watching+0x15/0xb0
[    7.325646][    T1]  ? trace_contention_end+0x3c/0xf0
[    7.325646][    T1]  ? __mutex_lock+0x2ee/0xd60
[    7.325646][    T1]  ? drm_fb_helper_initial_config+0x35/0x50
[    7.325646][    T1]  ? drm_fb_helper_initial_config+0x50/0x50
[    7.325646][    T1]  ? drm_client_register+0x4e/0x210
[    7.325646][    T1]  ? mutex_lock_nested+0x20/0x20
[    7.325646][    T1]  ? drm_prime_init_file_private+0x39/0x40
[    7.325646][    T1]  drm_fbdev_generic_client_hotplug+0x166/0x210
[    7.325646][    T1]  drm_client_register+0x17e/0x210
[    7.325646][    T1]  vkms_init+0x5f1/0x730
[    7.325646][    T1]  ? vgem_init+0x290/0x290
[    7.325646][    T1]  ? vgem_init+0x290/0x290
[    7.325646][    T1]  do_one_initcall+0x234/0x800
[    7.325646][    T1]  ? vgem_init+0x290/0x290
[    7.325646][    T1]  ? IS_ERR_OR_NULL+0x20/0x20
[    7.325646][    T1]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[    7.325646][    T1]  ? parameq+0x220/0x220
[    7.325646][    T1]  ? slab_post_alloc_hook+0x6c/0x3c0
[    7.325646][    T1]  ? do_initcalls+0x1c/0x80
[    7.325646][    T1]  ? rcu_is_watching+0x15/0xb0
[    7.325646][    T1]  do_initcall_level+0x157/0x210
[    7.325646][    T1]  do_initcalls+0x3f/0x80
[    7.325646][    T1]  kernel_init_freeable+0x429/0x5c0
[    7.325646][    T1]  ? obsolete_checksetup+0x200/0x200
[    7.325646][    T1]  ? print_irqtrace_events+0x220/0x220
[    7.325646][    T1]  ? rest_init+0x300/0x300
[    7.325646][    T1]  ? rest_init+0x300/0x300
[    7.325646][    T1]  ? rest_init+0x300/0x300
[    7.325646][    T1]  kernel_init+0x1d/0x2a0
[    7.325646][    T1]  ret_from_fork+0x48/0x80
[    7.325646][    T1]  ? rest_init+0x300/0x300
[    7.325646][    T1]  ret_from_fork_asm+0x11/0x20
[    7.325646][    T1]  </TASK>
[    7.325646][    T1] Modules linked in:
[    7.439276][    T1] ---[ end trace 0000000000000000 ]---
[    7.440497][    T1] RIP: 0010:drm_mode_vrefresh+0x9e/0x360
[    7.441446][    T1] Code: e8 d7 d9 65 fc 45 85 f6 74 73 4c 89 e0 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 f8 01 00 00 41 8b 04 24 89 44 24 04 44 0f af f5 <41> 0f b6 45 00 84 c0 0f 85 fd 01 00 00 44 89 34 25 00 00 00 00 4d
[    7.444309][    T1] RSP: 0000:ffffc90000067050 EFLAGS: 00010202
[    7.445225][    T1] RAX: 0000000000007b0c RBX: 0000000000000000 RCX: ffff888141668000
[    7.446748][    T1] RDX: ffff888141668000 RSI: 00000000000001bd RDI: 0000000000000000
[    7.448285][    T1] RBP: 0000000000000340 R08: ffffffff8528eb99 R09: 0000000000000000
[    7.450542][    T1] R10: ffffc90000067060 R11: fffff5200000ce0f R12: ffffffff8bce3120
[    7.451988][    T1] R13: dffffc0000000000 R14: 000000000005a640 R15: ffffffff8bce312e
[    7.453626][    T1] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[    7.454940][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    7.456230][    T1] CR2: ffff88823ffff000 CR3: 000000000d730000 CR4: 00000000003506f0
[    7.457734][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    7.459189][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    7.460386][    T1] Kernel panic - not syncing: Fatal exception
[    7.461513][    T1] Kernel Offset: disabled
[    7.462264][    T1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build76428843=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at 6d6dbf8ab
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6d6dbf8ab21a52df701946afac2a86f93a88fdc8 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231111-003831'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6d6dbf8ab21a52df701946afac2a86f93a88fdc8 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231111-003831'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6d6dbf8ab21a52df701946afac2a86f93a88fdc8 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231111-003831'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"6d6dbf8ab21a52df701946afac2a86f93a88fdc8\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1266c2b8e80000


Tested on:

commit:         c42d9eee Merge tag 'hardening-v6.7-rc2' of git://git.k..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=b5bf1661f609e7f0
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1459d067680000

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
divide error in drm_mode_debug_printmodeline

mode: ffff888140bc9490, ht: 1344, vt: 806, c: 65000, vsc: 0, den: 1083264, num: 65000, drm_mode_vrefresh
mode: ffff88807c374000, ht: 128, vt: 32768, c: 128, vsc: 1024, den: 4294967296, num: 128, drm_mode_vrefresh
divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5448 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller-00142-g888cf78c29e2-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1305 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x308/0x5d0 drivers/gpu/drm/drm_modes.c:60
Code: b4 8c 4c 8b 7c 24 30 41 57 55 e8 53 c9 e7 05 48 83 c4 18 44 89 f8 48 69 c8 e8 03 00 00 48 89 e8 48 d1 e8 48 01 c8 89 e9 31 d2 <48> f7 f1 49 89 c0 e9 81 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c
RSP: 0018:ffffc90004e1f8d0 EFLAGS: 00010246
RAX: 000000008001f400 RBX: ffff88807c374000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000100000000 R08: ffffffff81711cfc R09: 1ffff920009c3e6c
R10: dffffc0000000000 R11: fffff520009c3e6d R12: dffffc0000000000
R13: 0000000000000080 R14: 1ffff1100f86e801 R15: 0000000000000080
FS:  00007fb08687c6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb085b980c0 CR3: 000000007eb58000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 drm_mode_setcrtc+0x83b/0x1880 drivers/gpu/drm/drm_crtc.c:794
 drm_ioctl_kernel+0x349/0x4f0 drivers/gpu/drm/drm_ioctl.c:789
 drm_ioctl+0x636/0xb00 drivers/gpu/drm/drm_ioctl.c:892
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xf8/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb085a7cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb08687c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fb085b9bf80 RCX: 00007fb085a7cae9
RDX: 0000000020000180 RSI: 00000000c06864a2 RDI: 0000000000000003
RBP: 00007fb085ac847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fb085b9bf80 R15: 00007ffe452acab8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:drm_mode_vrefresh drivers/gpu/drm/drm_modes.c:1305 [inline]
RIP: 0010:drm_mode_debug_printmodeline+0x308/0x5d0 drivers/gpu/drm/drm_modes.c:60
Code: b4 8c 4c 8b 7c 24 30 41 57 55 e8 53 c9 e7 05 48 83 c4 18 44 89 f8 48 69 c8 e8 03 00 00 48 89 e8 48 d1 e8 48 01 c8 89 e9 31 d2 <48> f7 f1 49 89 c0 e9 81 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c
RSP: 0018:ffffc90004e1f8d0 EFLAGS: 00010246
RAX: 000000008001f400 RBX: ffff88807c374000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000100000000 R08: ffffffff81711cfc R09: 1ffff920009c3e6c
R10: dffffc0000000000 R11: fffff520009c3e6d R12: dffffc0000000000
R13: 0000000000000080 R14: 1ffff1100f86e801 R15: 0000000000000080
FS:  00007fb08687c6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc82ccfc378 CR3: 000000007eb58000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	b4 8c                	mov    $0x8c,%ah
   2:	4c 8b 7c 24 30       	mov    0x30(%rsp),%r15
   7:	41 57                	push   %r15
   9:	55                   	push   %rbp
   a:	e8 53 c9 e7 05       	call   0x5e7c962
   f:	48 83 c4 18          	add    $0x18,%rsp
  13:	44 89 f8             	mov    %r15d,%eax
  16:	48 69 c8 e8 03 00 00 	imul   $0x3e8,%rax,%rcx
  1d:	48 89 e8             	mov    %rbp,%rax
  20:	48 d1 e8             	shr    %rax
  23:	48 01 c8             	add    %rcx,%rax
  26:	89 e9                	mov    %ebp,%ecx
  28:	31 d2                	xor    %edx,%edx
* 2a:	48 f7 f1             	div    %rcx <-- trapping instruction
  2d:	49 89 c0             	mov    %rax,%r8
  30:	e9 81 fd ff ff       	jmp    0xfffffdb6
  35:	89 e9                	mov    %ebp,%ecx
  37:	80 e1 07             	and    $0x7,%cl
  3a:	fe c1                	inc    %cl
  3c:	38 c1                	cmp    %al,%cl
  3e:	0f                   	.byte 0xf
  3f:	8c                   	.byte 0x8c


Tested on:

commit:         888cf78c Merge tag 'iommu-fix-v6.6-rc7' of git://git.k..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=146669b8e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f0d47f0e0359e88e
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10890c77680000

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com

Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10163458e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11b06fb7680000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com

Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16548fb7680000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=146fe350e80000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com

Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=17f6c268e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=16363458e80000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com

Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=14b3cdd4e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1529b384e80000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com

Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16b7cdd4e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1001c400e80000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in vkms_get_vblank_timestamp

------------[ cut here ]------------
WARNING: CPU: 0 PID: 25460 at drivers/gpu/drm/vkms/vkms_crtc.c:103 vkms_get_vblank_timestamp+0x1cd/0x210
Modules linked in:
CPU: 0 PID: 25460 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-16039-gac347a0655db-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:vkms_get_vblank_timestamp+0x1cd/0x210 drivers/gpu/drm/vkms/vkms_crtc.c:103
Code: 03 42 80 3c 28 00 74 08 48 89 ef e8 bd 71 3f fc 48 89 5d 00 b0 01 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 33 4f e3 fb <0f> 0b eb e6 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 7a fe ff ff 48 89
RSP: 0018:ffffc90003cc77c0 EFLAGS: 00010293
RAX: ffffffff85ab731d RBX: 00000042dda43dc6 RCX: ffff88807a465940
RDX: 0000000000000000 RSI: 00000042dda43dc6 RDI: 00000042dda43dc6
RBP: ffffc90003cc7960 R08: ffffffff85ab7289 R09: 0000000000000000
R10: ffffc900044e2000 R11: 0000000000000000 R12: 00000042dda43dc6
R13: 1ffff92000798f2c R14: 0000000000000000 R15: ffff88801c7d4000
FS:  00005555566d3480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8d999980c0 CR3: 0000000015f23000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 drm_crtc_get_last_vbltimestamp drivers/gpu/drm/drm_vblank.c:877 [inline]
 drm_crtc_next_vblank_start+0x229/0x460 drivers/gpu/drm/drm_vblank.c:1012
 set_fence_deadline drivers/gpu/drm/drm_atomic_helper.c:1555 [inline]
 drm_atomic_helper_wait_for_fences+0x277/0x8d0 drivers/gpu/drm/drm_atomic_helper.c:1602
 drm_atomic_helper_commit+0x627/0xbc0 drivers/gpu/drm/drm_atomic_helper.c:2031
 drm_atomic_commit+0x279/0x2c0 drivers/gpu/drm/drm_atomic.c:1513
 drm_client_modeset_commit_atomic+0x676/0x7d0 drivers/gpu/drm/drm_client_modeset.c:1051
 drm_client_modeset_commit_locked+0xe0/0x510 drivers/gpu/drm/drm_client_modeset.c:1154
 drm_client_modeset_commit+0x4a/0x70 drivers/gpu/drm/drm_client_modeset.c:1180
 __drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:251 [inline]
 drm_fb_helper_restore_fbdev_mode_unlocked drivers/gpu/drm/drm_fb_helper.c:278 [inline]
 drm_fb_helper_lastclose+0xb7/0x170 drivers/gpu/drm/drm_fb_helper.c:2005
 drm_fbdev_generic_client_restore+0x34/0x40 drivers/gpu/drm/drm_fbdev_generic.c:258
 drm_client_dev_restore+0x131/0x260 drivers/gpu/drm/drm_client.c:257
 drm_lastclose drivers/gpu/drm/drm_file.c:466 [inline]
 drm_release+0x4b2/0x660 drivers/gpu/drm/drm_file.c:497
 __fput+0x3cc/0xa10 fs/file_table.c:394
 __do_sys_close fs/open.c:1590 [inline]
 __se_sys_close+0x15f/0x220 fs/open.c:1575
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f8d9987b9da
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
RSP: 002b:00007ffc140485c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f8d9987b9da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000032 R08: 0000001b2e560000 R09: 00007f8d9999bf8c
R10: 00007ffc14048710 R11: 0000000000000293 R12: 00007f8d99400c20
R13: ffffffffffffffff R14: 00007f8d99400000 R15: 00000000000461cf
 </TASK>


Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1691a6f0e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=137920af680000

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+2e93e6fb36e6fdc56574@syzkaller.appspotmail.com

Tested on:

commit:         ac347a06 Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=134d89b8e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=150dd4af680000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [dri?] divide error in drm_mode_debug_printmodeline

[syzbot]

syzbot suspects this issue was fixed by commit:

commit 9398332f23fab10c5ec57c168b44e72997d6318e
Author: Ville Syrjälä <ville.syrjala@linux.intel.com>
Date:   Fri Nov 29 04:26:28 2024 +0000

    drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11797a18580000
start commit:   ac347a0655db Merge tag 'arm64-fixes' of git://git.kernel.o..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=88e7ba51eecd9cd6
dashboard link: https://syzkaller.appspot.com/bug?extid=2e93e6fb36e6fdc56574
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11252f97680000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10fd2498e80000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

For information about bisection process see: https://goo.gl/tpsmEJ#bisection