[drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [drm:udl_init] *ERROR* Selecting channel failed [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [drm] Initialized udl on minor 2 udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 udl 1-1:0.0: [drm] Cannot find any crtc or sizes general protection fault, probably for non-canonical address 0xdffffc0000000028: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000140-0x0000000000000147] CPU: 1 PID: 2439 Comm: kworker/1:2 Not tainted 6.3.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:drm_crtc_next_vblank_start+0xa9/0x260 drivers/gpu/drm/drm_vblank.c:1003 Code: a4 01 00 00 48 69 db 38 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 03 9d 38 03 00 00 4c 8d ab 44 01 00 00 4c 89 ea 48 c1 ea 03 <0f> b6 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 RSP: 0018:ffffc9000b6bec28 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88801d0e0408 RDX: 0000000000000028 RSI: ffffc9000b6becb0 RDI: ffff8880209a0338 RBP: ffff8880209a10d8 R08: ffff8880209a0dc8 R09: ffff8880209a0dc8 R10: ffff8880209a00a0 R11: 0000000000000012 R12: ffffc9000b6becb0 R13: 0000000000000144 R14: dffffc0000000000 R15: ffff88801d0e0400 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0330cd0378 CR3: 00000000754aa000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: set_fence_deadline drivers/gpu/drm/drm_atomic_helper.c:1531 [inline] drm_atomic_helper_wait_for_fences+0x169/0x630 drivers/gpu/drm/drm_atomic_helper.c:1578 drm_atomic_helper_commit drivers/gpu/drm/drm_atomic_helper.c:2007 [inline] drm_atomic_helper_commit+0x161/0x2a0 drivers/gpu/drm/drm_atomic_helper.c:1979 drm_atomic_commit+0x1ce/0x2b0 drivers/gpu/drm/drm_atomic.c:1443 drm_client_modeset_commit_atomic+0x54a/0x690 drivers/gpu/drm/drm_client_modeset.c:1045 drm_client_modeset_commit_locked+0x12d/0x4c0 drivers/gpu/drm/drm_client_modeset.c:1148 drm_client_modeset_commit+0x3b/0x60 drivers/gpu/drm/drm_client_modeset.c:1174 drm_fb_helper_single_fb_probe drivers/gpu/drm/drm_fb_helper.c:1963 [inline] __drm_fb_helper_initial_config_and_unlock+0xec3/0x1450 drivers/gpu/drm/drm_fb_helper.c:2153 drm_fbdev_client_hotplug+0x15e/0x210 drivers/gpu/drm/drm_fbdev_generic.c:384 drm_fbdev_generic_setup+0xf5/0x350 drivers/gpu/drm/drm_fbdev_generic.c:450 udl_usb_probe+0xd9/0x120 drivers/gpu/drm/udl/udl_drv.c:120 usb_probe_interface+0x26c/0x820 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:552 [inline] really_probe+0x1c7/0xb20 drivers/base/dd.c:631 __driver_probe_device+0x186/0x460 drivers/base/dd.c:768 driver_probe_device+0x44/0x110 drivers/base/dd.c:798 __device_attach_driver+0x14e/0x270 drivers/base/dd.c:926 bus_for_each_drv+0x102/0x190 drivers/base/bus.c:457 __device_attach+0x19e/0x3d0 drivers/base/dd.c:998 bus_probe_device+0x12b/0x170 drivers/base/bus.c:532 device_add+0xee4/0x1930 drivers/base/core.c:3589 usb_set_configuration+0xabc/0x1a20 drivers/usb/core/message.c:2171 usb_generic_driver_probe+0x88/0xd0 drivers/usb/core/generic.c:238 usb_probe_device+0x98/0x240 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:552 [inline] really_probe+0x1c7/0xb20 drivers/base/dd.c:631 __driver_probe_device+0x186/0x460 drivers/base/dd.c:768 driver_probe_device+0x44/0x110 drivers/base/dd.c:798 __device_attach_driver+0x14e/0x270 drivers/base/dd.c:926 bus_for_each_drv+0x102/0x190 drivers/base/bus.c:457 __device_attach+0x19e/0x3d0 drivers/base/dd.c:998 bus_probe_device+0x12b/0x170 drivers/base/bus.c:532 device_add+0xee4/0x1930 drivers/base/core.c:3589 usb_new_device+0xc6e/0x1930 drivers/usb/core/hub.c:2575 hub_port_connect drivers/usb/core/hub.c:5407 [inline] hub_port_connect_change drivers/usb/core/hub.c:5551 [inline] port_event drivers/usb/core/hub.c:5711 [inline] hub_event+0x24cc/0x4240 drivers/usb/core/hub.c:5793 process_one_work+0x865/0x14b0 kernel/workqueue.c:2390 worker_thread+0x59c/0xec0 kernel/workqueue.c:2537 kthread+0x298/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:drm_crtc_next_vblank_start+0xa9/0x260 drivers/gpu/drm/drm_vblank.c:1003 Code: a4 01 00 00 48 69 db 38 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 03 9d 38 03 00 00 4c 8d ab 44 01 00 00 4c 89 ea 48 c1 ea 03 <0f> b6 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 RSP: 0018:ffffc9000b6bec28 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88801d0e0408 RDX: 0000000000000028 RSI: ffffc9000b6becb0 RDI: ffff8880209a0338 RBP: ffff8880209a10d8 R08: ffff8880209a0dc8 R09: ffff8880209a0dc8 R10: ffff8880209a00a0 R11: 0000000000000012 R12: ffffc9000b6becb0 R13: 0000000000000144 R14: dffffc0000000000 R15: ffff88801d0e0400 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0330cd0378 CR3: 00000000211bc000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 00 00 add %al,(%rax) 2: 48 69 db 38 02 00 00 imul $0x238,%rbx,%rbx 9: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 10: fc ff df 13: 49 03 9d 38 03 00 00 add 0x338(%r13),%rbx 1a: 4c 8d ab 44 01 00 00 lea 0x144(%rbx),%r13 21: 4c 89 ea mov %r13,%rdx 24: 48 c1 ea 03 shr $0x3,%rdx * 28: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction 2c: 4c 89 e8 mov %r13,%rax 2f: 83 e0 07 and $0x7,%eax 32: 83 c0 03 add $0x3,%eax 35: 38 d0 cmp %dl,%al 37: 7c 08 jl 0x41 39: 84 d2 test %dl,%dl 3b: 0f .byte 0xf 3c: 85 .byte 0x85 3d: 24 .byte 0x24