On 10/2/25 04:40, Ville Syrjälä wrote:
On Wed, Oct 01, 2025 at 07:57:23PM -0700, Chintan Patel wrote:
When wait_event_timeout() in drm_wait_one_vblank() times out, the
current WARN can cause unnecessary kernel panics in environments
with panic_on_warn set (e.g. CI, fuzzing). These timeouts can happen
under scheduler pressure or from invalid userspace calls, so they are
not always a kernel bug.
"invalid userspace calls" should never reach this far.
That would be a kernel bug.
Replace the WARN with drm_dbg_kms() messages that provide useful
context (last and current vblank counters) without crashing the
system. Developers can still enable drm.debug to diagnose genuine
problems.
Reported-by: syzbot+147ba789658184f0c...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=147ba789658184f0ce04
Tested-by: syzbot+147ba789658184f0c...@syzkaller.appspotmail.com
Signed-off-by: Chintan Patel <chintanl...@gmail.com>
v2:
- Drop unnecessary in-code comment (suggested by Thomas Zimmermann)
- Remove else branch, only log timeout case
---
drivers/gpu/drm/drm_vblank.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_vblank.c b/drivers/gpu/drm/drm_vblank.c
index 46f59883183d..a94570668cba 100644
--- a/drivers/gpu/drm/drm_vblank.c
+++ b/drivers/gpu/drm/drm_vblank.c
@@ -1289,7 +1289,7 @@ void drm_wait_one_vblank(struct drm_device *dev, unsigned
int pipe)
{
struct drm_vblank_crtc *vblank = drm_vblank_crtc(dev, pipe);
int ret;
- u64 last;
+ u64 last, curr;
if (drm_WARN_ON(dev, pipe >= dev->num_crtcs))
return;
@@ -1305,7 +1305,12 @@ void drm_wait_one_vblank(struct drm_device *dev,
unsigned int pipe)
last != drm_vblank_count(dev, pipe),
msecs_to_jiffies(100));
- drm_WARN(dev, ret == 0, "vblank wait timed out on crtc %i\n", pipe);
+ curr = drm_vblank_count(dev, pipe);
+
+ if (ret == 0) {
+ drm_dbg_kms(dev, "WAIT_VBLANK: timeout crtc=%d, last=%llu,
curr=%llu\n",
+ pipe, last, curr);
It should at the very least be a drm_err(). Though the backtrace can
be useful in figuring out where the problem is coming from, so not
too happy about this change.
Thanks Ville for the feedback.I am still learning as I am new here!
You’re right, “invalid userspace calls” was a poor choice of wording —
I’ll drop that from the commit message. The main goal is to avoid
unnecessary panics in fuzzing/CI with panic_on_warn, while still
reporting the error clearly.
I’ll update the patch to use drm_err() instead of drm_dbg_kms(), and
drop the extra drm_vblank_count() call per Thomas’ earlier comment.
Best regards,
Chintan
