bisecting cause commit starting from 1127b219ce9481c84edad9711626d856127d5e51
building syzkaller on d5a3ae1f760e7cb2cd5a721d9645ae22eae114fe
testing commit 1127b219ce9481c84edad9711626d856127d5e51 with gcc (GCC) 8.1.0
kernel signature: a40f90ccbcf46c5885b3635d63d473d51ace27b6ff612ebc84c774e2cdf5660e
run #0: crashed: WARNING in timer_wait_running
run #1: crashed: WARNING in timer_wait_running
run #2: OK
run #3: crashed: WARNING in timer_wait_running
run #4: crashed: WARNING in timer_wait_running
run #5: crashed: WARNING in timer_wait_running
run #6: crashed: WARNING in timer_wait_running
run #7: OK
run #8: OK
run #9: OK
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: 46cd77aaaa2138980dd4770ac86fe2a3aaf2b8669ef16615c6c167d738c9db04
all runs: OK
# git bisect start 1127b219ce9481c84edad9711626d856127d5e51 bcf876870b95592b52519ed4aafcf9d95999bc9c
Bisecting: 6098 revisions left to test after this (roughly 13 steps)
[47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0
kernel signature: be39ee38655987ea0d5247d436ba471cc0132a93508b72624b61fe11e72e588b
all runs: OK
# git bisect good 47ec5303d73ea344e84f46660fff693c57641386
Bisecting: 2968 revisions left to test after this (roughly 12 steps)
[fa73e212318a3277ae1f304febbc617c75d4d2db] Merge tag 'media/v5.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit fa73e212318a3277ae1f304febbc617c75d4d2db with gcc (GCC) 8.1.0
kernel signature: 1f7875c551012f243584938ed451db0b41df705ebbe16cc3e063fc675bf07b5c
all runs: OK
# git bisect good fa73e212318a3277ae1f304febbc617c75d4d2db
Bisecting: 1466 revisions left to test after this (roughly 11 steps)
[ea6ec774372740b024a6c27caac0d0af8960ea15] Merge tag 'drm-next-2020-08-12' of git://anongit.freedesktop.org/drm/drm
testing commit ea6ec774372740b024a6c27caac0d0af8960ea15 with gcc (GCC) 8.1.0
kernel signature: c060c08f9e4b76cfbfa862a1485584dd41a4760b3e8b659ba4b0cd4bfe830038
all runs: boot failed: WARNING in mem_cgroup_css_alloc
# git bisect skip ea6ec774372740b024a6c27caac0d0af8960ea15
Bisecting: 1466 revisions left to test after this (roughly 11 steps)
[25fd529c34d063d1bef23742f2e8f8341c639dc3] sparse: group the defines by functionality
testing commit 25fd529c34d063d1bef23742f2e8f8341c639dc3 with gcc (GCC) 8.1.0
kernel signature: 6ccae08998309ae548ecfa9b02ed551e2826c6251feecde90de56890244531cb
all runs: boot failed: WARNING in mem_cgroup_css_alloc
# git bisect skip 25fd529c34d063d1bef23742f2e8f8341c639dc3
Bisecting: 1466 revisions left to test after this (roughly 11 steps)
[a5b90f2db8e0ef6504695cbd36a65fd8296338ee] virtio_config: rewrite using _Generic
testing commit a5b90f2db8e0ef6504695cbd36a65fd8296338ee with gcc (GCC) 8.1.0
kernel signature: 0ce3b57da3d0367faee8cf7b0b2ceb6e23f81ee0bbe314e8cabb4e517c6d1e5e
all runs: OK
# git bisect good a5b90f2db8e0ef6504695cbd36a65fd8296338ee
Bisecting: 1466 revisions left to test after this (roughly 11 steps)
[d49f7d7376d0c0daf8680984a37bd07581ac7d38] arm64: Move handling of erratum 1418040 into C code
testing commit d49f7d7376d0c0daf8680984a37bd07581ac7d38 with gcc (GCC) 8.1.0
kernel signature: 7d172656978a086a8e4bca32c5e2ca0dbf686966b9ef95c79bb17198e76b8916
run #0: crashed: WARNING in timer_wait_running
run #1: crashed: WARNING in timer_wait_running
run #2: crashed: WARNING in timer_wait_running
run #3: crashed: WARNING in timer_wait_running
run #4: crashed: WARNING in timer_wait_running
run #5: crashed: WARNING in timer_wait_running
run #6: crashed: WARNING in timer_wait_running
run #7: OK
run #8: crashed: WARNING in timer_wait_running
run #9: OK
# git bisect bad d49f7d7376d0c0daf8680984a37bd07581ac7d38
Bisecting: 1152 revisions left to test after this (roughly 10 steps)
[952ace797c17d06e50ad2a738babd27159b8d7cc] Merge tag 'iommu-updates-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
testing commit 952ace797c17d06e50ad2a738babd27159b8d7cc with gcc (GCC) 8.1.0
kernel signature: 390aaf92cc84e553043c669545294f9b7cd4b9788b4061130ab5787e876a5393
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: crashed: WARNING in timer_wait_running
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 952ace797c17d06e50ad2a738babd27159b8d7cc
Bisecting: 570 revisions left to test after this (roughly 9 steps)
[9420f1ce01869409d78901c3e036b2c437cbc6b8] Merge tag 'pinctrl-v5.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
testing commit 9420f1ce01869409d78901c3e036b2c437cbc6b8 with gcc (GCC) 8.1.0
kernel signature: 9ce1c6f7d07c85691fc6cb721a1a0cc2fd4c8f52c3d25bd13c40677c137f8b3f
all runs: OK
# git bisect good 9420f1ce01869409d78901c3e036b2c437cbc6b8
Bisecting: 351 revisions left to test after this (roughly 8 steps)
[ed3854ff994b35cc11658d43d01a421bd5088d23] Merge tag 'ktest-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest
testing commit ed3854ff994b35cc11658d43d01a421bd5088d23 with gcc (GCC) 8.1.0
kernel signature: acc8e6c542b9e5a1fb1ddb27feb7f3d56f4a53b92bc881eb151f0bb235956515
all runs: OK
# git bisect good ed3854ff994b35cc11658d43d01a421bd5088d23
Bisecting: 179 revisions left to test after this (roughly 8 steps)
[dded87afdacf8fe129fe13fe61d0a21e2afff3f6] Merge tag 'rpmsg-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc
testing commit dded87afdacf8fe129fe13fe61d0a21e2afff3f6 with gcc (GCC) 8.1.0
kernel signature: 84d21fbdb3c0b875dc2f66c43c0797e36612988658e41fb8e970d993da9e0ac3
all runs: OK
# git bisect good dded87afdacf8fe129fe13fe61d0a21e2afff3f6
Bisecting: 81 revisions left to test after this (roughly 7 steps)
[96f970feeb47003a8eba967f188bba4e75875c7a] Merge tag 'backlight-next-5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight
testing commit 96f970feeb47003a8eba967f188bba4e75875c7a with gcc (GCC) 8.1.0
kernel signature: 5d45186dcb96468b9d1ac51c579744e0bb37d684dd120ad238c3d3ccdcea945a
all runs: OK
# git bisect good 96f970feeb47003a8eba967f188bba4e75875c7a
Bisecting: 57 revisions left to test after this (roughly 5 steps)
[cbe94c6e1a7d11050050c4d5b89bb278c163e8d6] iommu/amd: Move Kconfig and Makefile bits down into amd directory
testing commit cbe94c6e1a7d11050050c4d5b89bb278c163e8d6 with gcc (GCC) 8.1.0
kernel signature: 6397fec5a30ee9a44fe34a21755faf21f34f437eb6b420df9e2817b6cf3eddca
all runs: OK
# git bisect good cbe94c6e1a7d11050050c4d5b89bb278c163e8d6
Bisecting: 43 revisions left to test after this (roughly 5 steps)
[e86d1aa8b60f7ea18d36f50296d7d20eb2852e7e] iommu/arm-smmu: Move Arm SMMU drivers into their own subdirectory
testing commit e86d1aa8b60f7ea18d36f50296d7d20eb2852e7e with gcc (GCC) 8.1.0
kernel signature: c55edfb65ff8cc779c2b86a8d339ccddc5bee0439a4fe5df7a4fd6944aa8c536
all runs: OK
# git bisect good e86d1aa8b60f7ea18d36f50296d7d20eb2852e7e
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[b1012ca8dc4f9b1a1fe8e2cb1590dd6d43ea3849] iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu
testing commit b1012ca8dc4f9b1a1fe8e2cb1590dd6d43ea3849 with gcc (GCC) 8.1.0
kernel signature: ab1ef180649fbef292cdb2e5e21d0ce626c64125e4f384e8828bad59852f0763
run #0: OK
run #1: OK
run #2: OK
run #3: crashed: WARNING in timer_wait_running
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b1012ca8dc4f9b1a1fe8e2cb1590dd6d43ea3849
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[1ff00279655d95ae9c285c39878aedf9ff008d25] iommu/vt-d: Warn on out-of-range invalidation address
testing commit 1ff00279655d95ae9c285c39878aedf9ff008d25 with gcc (GCC) 8.1.0
kernel signature: 433eed0b21714bfe51fcfc1200f0f2f94d7e18f8fd89d043809dafcbe11d13c6
all runs: OK
# git bisect good 1ff00279655d95ae9c285c39878aedf9ff008d25
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[19abcf70c2b16834a607db515b26a32b233c79eb] iommu/vt-d: Add a helper to get svm and sdev for pasid
testing commit 19abcf70c2b16834a607db515b26a32b233c79eb with gcc (GCC) 8.1.0
kernel signature: 05a703247e3c314b825619f8e11a3227746ed514f431c4a23ec54c6bca7074bf
all runs: OK
# git bisect good 19abcf70c2b16834a607db515b26a32b233c79eb
Bisecting: 1 revision left to test after this (roughly 1 step)
[8b73712115ebd603b75876f7d96d59e41d9107ad] iommu/vt-d: Add page response ops support
testing commit 8b73712115ebd603b75876f7d96d59e41d9107ad with gcc (GCC) 8.1.0
kernel signature: 8fc31f31e092d83137bd8635b7d9d301a389475d90d777a00b1b34882c9e667a
all runs: OK
# git bisect good 8b73712115ebd603b75876f7d96d59e41d9107ad
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[02f3effddfd04f3f08a24d23a82d1c1c6d89b777] iommu/vt-d: Rename intel-pasid.h to pasid.h
testing commit 02f3effddfd04f3f08a24d23a82d1c1c6d89b777 with gcc (GCC) 8.1.0
kernel signature: 9a951174644328e17802fd7d3bf49869e841d9067c85898b9bc66fc6909fa394
all runs: OK
# git bisect good 02f3effddfd04f3f08a24d23a82d1c1c6d89b777
b1012ca8dc4f9b1a1fe8e2cb1590dd6d43ea3849 is the first bad commit
commit b1012ca8dc4f9b1a1fe8e2cb1590dd6d43ea3849
Author: Lu Baolu <baolu.lu@linux.intel.com>
Date:   Thu Jul 23 09:34:37 2020 +0800

    iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu
    
    The VT-d spec requires (10.4.4 Global Command Register, TE field) that:
    
    Hardware implementations supporting DMA draining must drain any in-flight
    DMA read/write requests queued within the Root-Complex before completing
    the translation enable command and reflecting the status of the command
    through the TES field in the Global Status register.
    
    Unfortunately, some integrated graphic devices fail to do so after some
    kind of power state transition. As the result, the system might stuck in
    iommu_disable_translation(), waiting for the completion of TE transition.
    
    This provides a quirk list for those devices and skips TE disabling if
    the qurik hits.
    
    Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=208363
    Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=206571
    Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
    Tested-by: Koba Ko <koba.ko@canonical.com>
    Tested-by: Jun Miao <jun.miao@windriver.com>
    Cc: Ashok Raj <ashok.raj@intel.com>
    Cc: stable@vger.kernel.org
    Link: https://lore.kernel.org/r/20200723013437.2268-1-baolu.lu@linux.intel.com
    Signed-off-by: Joerg Roedel <jroedel@suse.de>

 drivers/iommu/intel/dmar.c  |  1 +
 drivers/iommu/intel/iommu.c | 27 +++++++++++++++++++++++++++
 include/linux/dmar.h        |  1 +
 include/linux/intel-iommu.h |  2 ++
 4 files changed, 31 insertions(+)
culprit signature: ab1ef180649fbef292cdb2e5e21d0ce626c64125e4f384e8828bad59852f0763
parent  signature: 9a951174644328e17802fd7d3bf49869e841d9067c85898b9bc66fc6909fa394
revisions tested: 20, total time: 5h10m18.047918677s (build: 1h34m45.426613863s, test: 3h33m46.773310977s)
first bad commit: b1012ca8dc4f9b1a1fe8e2cb1590dd6d43ea3849 iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu
recipients (to): ["baolu.lu@linux.intel.com" "jroedel@suse.de" "jun.miao@windriver.com" "koba.ko@canonical.com"]
recipients (cc): []
crash: WARNING in timer_wait_running
------------[ cut here ]------------
WARNING: CPU: 0 PID: 7968 at kernel/time/posix-timers.c:849 rcu_read_lock include/linux/rcupdate.h:635 [inline]
WARNING: CPU: 0 PID: 7968 at kernel/time/posix-timers.c:849 timer_wait_running+0x10f/0x120 kernel/time/posix-timers.c:846
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 7968 Comm: syz-executor243 Not tainted 5.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xb3/0xec lib/dump_stack.c:118
 panic+0x115/0x2fa kernel/panic.c:231
 __warn.cold.13+0x20/0x25 kernel/panic.c:600
 report_bug+0xc0/0xf0 lib/bug.c:198
 handle_bug+0x35/0x90 arch/x86/kernel/traps.c:235
 exc_invalid_op+0x13/0x60 arch/x86/kernel/traps.c:255
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:563
RIP: 0010:timer_wait_running+0x10f/0x120 kernel/time/posix-timers.c:849
Code: 0f 85 6a ff ff ff 48 c7 c2 68 b4 e2 83 be 7c 02 00 00 48 c7 c7 a8 b1 e2 83 c6 05 eb ec 34 03 01 e8 59 fc fb ff e9 46 ff ff ff <0f> 0b e9 5d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 41 54 55 53 48
RSP: 0018:ffffc900020ffe38 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88810dc583a8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000ffffffff
RBP: ffffc900020ffe58 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff8362e480 R14: ffffc900020ffe70 R15: 0000000000000000
 do_timer_settime+0xc1/0x120 kernel/time/posix-timers.c:929
 __do_sys_timer_settime32 kernel/time/posix-timers.c:974 [inline]
 __se_sys_timer_settime32 kernel/time/posix-timers.c:961 [inline]
 __ia32_sys_timer_settime32+0x69/0xd0 kernel/time/posix-timers.c:961
 do_syscall_32_irqs_on+0x3f/0x60 arch/x86/entry/common.c:403
 __do_fast_syscall_32 arch/x86/entry/common.c:448 [inline]
 do_fast_syscall_32+0x7f/0x120 arch/x86/entry/common.c:474
 entry_SYSENTER_compat+0x6d/0x7c arch/x86/entry/entry_64_compat.S:138
RIP: 0023:0xf7f4e569
Code: Bad RIP value.
RSP: 002b:00000000f7f4914c EFLAGS: 00000296 ORIG_RAX: 0000000000000104
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000020000300 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..