Running $uname -a Linux linux-h8g6 4.9.0-rc1-2-syzkaller #1 SMP PREEMPT Mon Oct 17 19:37:55 UTC 2016 (55c3dd5) x86_64 x86_64 x86_64 GNU/Linux with enabled UBSAN (built by GCC 7.0) in qemu, I reached following error: [ 48.723720] UBSAN: Undefined behaviour in ../drivers/gpu/drm/drm_modes.c:325:49 [ 48.726943] signed integer overflow: [ 48.728503] 2240 * 1000000 cannot be represented in type 'int'
Backtrace: [ 48.730135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 [ 48.730138] ffff88005cb3edb8 ffffffff83f982ea 0000000041b58ab3 ffffffff853754ab [ 48.730144] ffffffff83f981de ffff88005cb3ede0 ffff88005cb3ed80 0000000000000000 [ 48.730149] ffffffffc12855e0 ffff88005cb3eeb8 00000000000f4240 ffff88005cb30001 [ 48.730154] Call Trace: [ 48.730161] [<ffffffff83f982ea>] dump_stack+0x10c/0x192 [ 48.730165] [<ffffffff83f981de>] ? _atomic_dec_and_lock+0x12e/0x12e [ 48.730173] [<ffffffff8407262a>] ubsan_epilogue+0x12/0x8f [ 48.730177] [<ffffffff84074165>] handle_overflow+0x23d/0x297 [ 48.730182] [<ffffffff84073f28>] ? __ubsan_handle_negate_overflow+0x1bd/0x1bd [ 48.730187] [<ffffffff84d666ce>] ? mutex_unlock+0xe/0x10 [ 48.730207] [<ffffffffc11e34f8>] ? drm_mode_object_get_reg+0x1b8/0x240 [drm] [ 48.730221] [<ffffffffc11e3340>] ? drm_mode_object_unreference+0x1a0/0x1a0 [drm] [ 48.730226] [<ffffffff83832ff9>] ? kmem_cache_alloc_trace+0x149/0x4b0 [ 48.730231] [<ffffffff8407424b>] __ubsan_handle_mul_overflow+0x2a/0x3f [ 48.730245] [<ffffffffc11a22c0>] drm_cvt_mode+0xa50/0x1090 [drm] [ 48.730254] [<ffffffffc15ed8b3>] qxl_conn_get_modes+0x343/0xce0 [qxl] [ 48.730261] [<ffffffffc15ed570>] ? qxl_crtc_cursor_move+0x5d0/0x5d0 [qxl] [ 48.730265] [<ffffffff844e2116>] ? driver_register+0x1d6/0x410 [ 48.730271] [<ffffffffc110808d>] ? qxl_init+0x8d/0x1000 [qxl] [ 48.730275] [<ffffffff83002327>] ? do_one_initcall+0xc7/0x2d0 [ 48.730284] [<ffffffffc151a89a>] ? drm_kms_helper_poll_enable_locked+0x28a/0x450 [drm_kms_helper] [ 48.730292] [<ffffffffc151b791>] drm_helper_probe_single_connector_modes+0xa71/0x1560 [drm_kms_helper] [ 48.730301] [<ffffffffc155c6f3>] drm_fb_helper_initial_config+0x2e3/0x1700 [drm_kms_helper] [ 48.730306] [<ffffffff84d664d0>] ? __mutex_unlock_slowpath+0x240/0x430 [ 48.730314] [<ffffffffc155c410>] ? drm_fb_helper_set_par+0x160/0x160 [drm_kms_helper] [ 48.730322] [<ffffffffc1557f87>] ? drm_fb_helper_add_one_connector+0x237/0x4b0 [drm_kms_helper] [ 48.730330] [<ffffffffc155826f>] ? drm_fb_helper_single_add_all_connectors+0x6f/0x4c0 [drm_kms_helper] [ 48.730337] [<ffffffffc15fc523>] qxl_fbdev_init+0x273/0x320 [qxl] [ 48.730343] [<ffffffffc15fc2b0>] ? qxl_get_handle_for_primary_fb+0xf0/0xf0 [qxl] [ 48.730346] [<ffffffff84d666ce>] ? mutex_unlock+0xe/0x10 [ 48.730361] [<ffffffffc11dcbc2>] ? drm_connector_register+0x72/0x220 [drm] [ 48.730367] [<ffffffffc15f718a>] qxl_modeset_init+0x66a/0x970 [qxl] [ 48.730373] [<ffffffffc15ebcf0>] ? qxl_driver_unload+0x440/0x440 [qxl] [ 48.730379] [<ffffffffc15ebdfe>] qxl_driver_load+0x10e/0x1b0 [qxl] [ 48.730392] [<ffffffffc118033d>] drm_dev_register+0x12d/0x230 [drm] [ 48.730405] [<ffffffffc1189485>] drm_get_pci_dev+0x235/0x9d0 [drm] [ 48.730419] [<ffffffffc1189250>] ? drm_pci_agp_destroy+0x120/0x120 [drm] [ 48.730424] [<ffffffff833558ea>] ? trace_hardirqs_on_caller+0x3da/0x6c0 [ 48.730428] [<ffffffff83355bdd>] ? trace_hardirqs_on+0xd/0x10 [ 48.730434] [<ffffffffc15e8860>] ? qxl_pm_suspend+0x90/0x90 [qxl] [ 48.730439] [<ffffffffc15e88ba>] qxl_pci_probe+0x5a/0xb0 [qxl] [ 48.730444] [<ffffffff840e59cc>] local_pci_probe+0xfc/0x1f0 [ 48.730448] [<ffffffff840ea8e5>] pci_device_probe+0x215/0x3a0 [ 48.730453] [<ffffffff840ea6d0>] ? pci_device_remove+0x2f0/0x2f0 [ 48.730458] [<ffffffff844dce13>] ? driver_sysfs_add+0x133/0x310 [ 48.730462] [<ffffffff840ea6d0>] ? pci_device_remove+0x2f0/0x2f0 [ 48.730466] [<ffffffff844dea08>] driver_probe_device+0x288/0xfa0 [ 48.730469] [<ffffffff844df720>] ? driver_probe_device+0xfa0/0xfa0 [ 48.730473] [<ffffffff844df893>] __driver_attach+0x173/0x280 [ 48.730477] [<ffffffff844d757a>] bus_for_each_dev+0x15a/0x1f0 [ 48.730481] [<ffffffff844d7420>] ? subsys_dev_iter_init+0x110/0x110 [ 48.730486] [<ffffffff844dd347>] driver_attach+0x47/0x70 [ 48.730491] [<ffffffff844dbeb7>] bus_add_driver+0x547/0x890 [ 48.730495] [<ffffffff844e2116>] driver_register+0x1d6/0x410 [ 48.730498] [<ffffffff83366092>] ? __raw_spin_lock_init+0x32/0x120 [ 48.730503] [<ffffffff840e4576>] __pci_register_driver+0x1a6/0x250 [ 48.730507] [<ffffffff840e43d0>] ? pci_pm_runtime_idle+0x1b0/0x1b0 [ 48.730511] [<ffffffff830021de>] ? initcall_blacklisted+0x14e/0x1d0 [ 48.730515] [<ffffffff83002090>] ? try_to_run_init_process+0x50/0x50 [ 48.730518] [<ffffffffc1108000>] ? 0xffffffffc1108000 [ 48.730531] [<ffffffffc118a07e>] drm_pci_init+0x45e/0x5d0 [drm] [ 48.730536] [<ffffffff84d6fb39>] ? retint_kernel+0x2d/0x2d [ 48.730549] [<ffffffffc1189c20>] ? drm_get_pci_dev+0x9d0/0x9d0 [drm] [ 48.730553] [<ffffffff8300501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 48.730556] [<ffffffffc1108000>] ? 0xffffffffc1108000 [ 48.730561] [<ffffffffc110808d>] qxl_init+0x8d/0x1000 [qxl] [ 48.730565] [<ffffffff83002327>] do_one_initcall+0xc7/0x2d0 [ 48.730569] [<ffffffff83002260>] ? initcall_blacklisted+0x1d0/0x1d0 [ 48.730573] [<ffffffff83fdce8b>] ? memset_erms+0xb/0x10 [ 48.730578] [<ffffffff8383ba05>] ? kasan_unpoison_shadow+0x35/0x50 [ 48.730582] [<ffffffff8383ba9f>] ? __asan_register_globals+0x7f/0xa0 [ 48.730587] [<ffffffff836a54f3>] do_init_module+0x272/0x64d [ 48.730591] [<ffffffff836a5281>] ? kzalloc.constprop.34+0x10/0x10 [ 48.730596] [<ffffffff83457848>] load_module+0x3528/0x5ae0 [ 48.730600] [<ffffffff83449820>] ? m_show+0x540/0x540 [ 48.730607] [<ffffffff83454320>] ? layout_and_allocate+0x48e0/0x48e0 [ 48.730612] [<ffffffff838da9e0>] ? read_code+0x50/0x50 [ 48.730616] [<ffffffff8393be3c>] ? __fget_light+0x18c/0x270 [ 48.730621] [<ffffffff838db436>] ? kernel_read_file_from_fd+0x76/0x90 [ 48.730625] [<ffffffff8345a18b>] SYSC_finit_module+0x18b/0x1b0 [ 48.730629] [<ffffffff8345a000>] ? SYSC_init_module+0x200/0x200 [ 48.730633] [<ffffffff834dc1ce>] ? __audit_syscall_entry+0x34e/0x5d0 [ 48.730638] [<ffffffff83009e76>] ? do_syscall_64+0x56/0x520 [ 48.730642] [<ffffffff8345a1c0>] ? SyS_init_module+0x10/0x10 [ 48.730646] [<ffffffff8345a1ce>] SyS_finit_module+0xe/0x10 [ 48.730650] [<ffffffff83009fce>] do_syscall_64+0x1ae/0x520 [ 48.730654] [<ffffffff84d6f1cd>] entry_SYSCALL64_slow_path+0x25/0x25 [ 48.730657] ================================================================================
commit 8a5bbf327aa16025c78491266a6425807c7fbee0 Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Fri Oct 21 15:15:40 2016 +0100 drm: Use u64 for intermediate dotclock calculations We have reached the era where monitor bandwidths now exceed 31bits in frequency calculations, though as we stored them in kHz units we are safe from overflow in the modelines for some time. [ 48.723720] UBSAN: Undefined behaviour in ../drivers/gpu/drm/drm_modes.c:325:49 [ 48.726943] signed integer overflow: [ 48.728503] 2240 * 1000000 cannot be represented in type 'int' Reported-by: Martin Liška <marxin.liska@gmail.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98372 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/20161021141540.26837-1-chris@chris-wilson.co.uk
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.