Good day, dear maintainers, We found a bug using a modified version of syzkaller.
Kernel Branch: 7.0-rc1 Kernel Config: <https://drive.google.com/open?id=173DLEAEPKPhhR1TcqofdnkLpdoK7PMFl> Unfortunately, we don't have any reproducer for this bug yet. Thank you! Best regards, Sanan Hasanov ------------[ cut here ]------------ bochs-drm 0000:00:02.0: [drm] vblank wait timed out on crtc 0 WARNING: at drm_crtc_wait_one_vblank+0x33a/0x4f0 drivers/gpu/drm/drm_vblank.c:1320, CPU#0: kworker/0:1/10 Modules linked in: CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 7.0.0-rc1 #1 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Workqueue: events drm_fb_helper_damage_work RIP: 0010:drm_crtc_wait_one_vblank+0x4a3/0x4f0 drivers/gpu/drm/drm_vblank.c:1320 Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 bf ba f8 fc 4d 8b 7d 00 4c 89 e7 48 8b 74 24 18 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 7c 24 28 44 89 f6 e8 9b f6 ff ff b8 92 ff ff RSP: 0018:ffffc900000af9a0 EFLAGS: 00010246 RAX: 1ffff110029ee41a RBX: 1ffff92000015f3c RCX: 0000000000000000 RDX: ffff888014b9b220 RSI: ffffffff8c4a0d60 RDI: ffffffff906b4414 RBP: ffffc900000afaa8 R08: ffff88801d533833 R09: 1ffff11003aa6706 R10: dffffc0000000000 R11: ffffed1003aa6707 R12: ffffffff906b4414 R13: ffff888014f720d0 R14: 0000000000000000 R15: ffff888014b9b220 FS: 0000000000000000(0000) GS:ffff8880d98df000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff888012801000 CR3: 000000000e6ff000 CR4: 00000000000006f0 Call Trace: <TASK> drm_client_modeset_wait_for_vblank+0xc7/0xe0 drivers/gpu/drm/drm_client_modeset.c:1330 drm_fb_helper_fb_dirty drivers/gpu/drm/drm_fb_helper.c:236 [inline] drm_fb_helper_damage_work+0x116/0x720 drivers/gpu/drm/drm_fb_helper.c:274 process_one_work kernel/workqueue.c:3275 [inline] process_scheduled_works+0x811/0xf10 kernel/workqueue.c:3358 worker_thread+0x9c1/0xeb0 kernel/workqueue.c:3439 kthread+0x3c1/0x4d0 kernel/kthread.c:467 ret_from_fork+0x608/0xc40 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245 </TASK> ---------------- Code disassembly (best guess): 0: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 7: fc ff df a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) e: 74 08 je 0x18 10: 4c 89 ef mov %r13,%rdi 13: e8 bf ba f8 fc call 0xfcf8bad7 18: 4d 8b 7d 00 mov 0x0(%r13),%r15 1c: 4c 89 e7 mov %r12,%rdi 1f: 48 8b 74 24 18 mov 0x18(%rsp),%rsi 24: 4c 89 fa mov %r15,%rdx 27: 44 89 f1 mov %r14d,%ecx * 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: 48 8b 7c 24 28 mov 0x28(%rsp),%rdi 34: 44 89 f6 mov %r14d,%esi 37: e8 9b f6 ff ff call 0xfffff6d7 3c: b8 .byte 0xb8 3d: 92 xchg %eax,%edx 3e: ff (bad) 3f: ff .byte 0xff <<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
