WARNING: at drm_crtc_wait_one_vblank, CPU: kworker/NUM:NUM/NUM

[sanan . hasanou]

Good day, dear maintainers,

We found a bug using a modified version of syzkaller.

Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=173DLEAEPKPhhR1TcqofdnkLpdoK7PMFl>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!

Best regards,
Sanan Hasanov

------------[ cut here ]------------
bochs-drm 0000:00:02.0: [drm] vblank wait timed out on crtc 0
WARNING: at drm_crtc_wait_one_vblank+0x33a/0x4f0 drivers/gpu/drm/drm_vblank.c:1320, CPU#0: kworker/0:1/10
Modules linked in:
CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 7.0.0-rc1 #1 PREEMPT(full) 
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events drm_fb_helper_damage_work
RIP: 0010:drm_crtc_wait_one_vblank+0x4a3/0x4f0 drivers/gpu/drm/drm_vblank.c:1320
Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 bf ba f8 fc 4d 8b 7d 00 4c 89 e7 48 8b 74 24 18 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 7c 24 28 44 89 f6 e8 9b f6 ff ff b8 92 ff ff
RSP: 0018:ffffc900000af9a0 EFLAGS: 00010246
RAX: 1ffff110029ee41a RBX: 1ffff92000015f3c RCX: 0000000000000000
RDX: ffff888014b9b220 RSI: ffffffff8c4a0d60 RDI: ffffffff906b4414
RBP: ffffc900000afaa8 R08: ffff88801d533833 R09: 1ffff11003aa6706
R10: dffffc0000000000 R11: ffffed1003aa6707 R12: ffffffff906b4414
R13: ffff888014f720d0 R14: 0000000000000000 R15: ffff888014b9b220
FS:  0000000000000000(0000) GS:ffff8880d98df000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888012801000 CR3: 000000000e6ff000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 drm_client_modeset_wait_for_vblank+0xc7/0xe0 drivers/gpu/drm/drm_client_modeset.c:1330
 drm_fb_helper_fb_dirty drivers/gpu/drm/drm_fb_helper.c:236 [inline]
 drm_fb_helper_damage_work+0x116/0x720 drivers/gpu/drm/drm_fb_helper.c:274
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0x811/0xf10 kernel/workqueue.c:3358
 worker_thread+0x9c1/0xeb0 kernel/workqueue.c:3439
 kthread+0x3c1/0x4d0 kernel/kthread.c:467
 ret_from_fork+0x608/0xc40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
   7:	fc ff df
   a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1)
   e:	74 08                	je     0x18
  10:	4c 89 ef             	mov    %r13,%rdi
  13:	e8 bf ba f8 fc       	call   0xfcf8bad7
  18:	4d 8b 7d 00          	mov    0x0(%r13),%r15
  1c:	4c 89 e7             	mov    %r12,%rdi
  1f:	48 8b 74 24 18       	mov    0x18(%rsp),%rsi
  24:	4c 89 fa             	mov    %r15,%rdx
  27:	44 89 f1             	mov    %r14d,%ecx
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	48 8b 7c 24 28       	mov    0x28(%rsp),%rdi
  34:	44 89 f6             	mov    %r14d,%esi
  37:	e8 9b f6 ff ff       	call   0xfffff6d7
  3c:	b8                   	.byte 0xb8
  3d:	92                   	xchg   %eax,%edx
  3e:	ff                   	(bad)
  3f:	ff                   	.byte 0xff

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>