bisecting cause commit starting from c61a56ababa404961fa769a2b24229f18e461961 building syzkaller on bb79c6ab16216318dba744c5f5871b7807616293 testing commit c61a56ababa404961fa769a2b24229f18e461961 with gcc (GCC) 8.1.0 kernel signature: 27633662408982007fcae4e9476ac10a25f7025b run #0: crashed: WARNING in md_ioctl run #1: crashed: WARNING in md_ioctl run #2: crashed: WARNING in md_ioctl run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: fa4703e3871edc824cb559a381984d5f8e4862e7 all runs: OK # git bisect start c61a56ababa404961fa769a2b24229f18e461961 0adb32858b0bddf4ada5f364a84ed60b196dbcda Bisecting: 6923 revisions left to test after this (roughly 13 steps) [9abf8acea297b4c65f5fa3206e2b8e468e730e84] Merge tag 'tty-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 9abf8acea297b4c65f5fa3206e2b8e468e730e84 with gcc (GCC) 8.1.0 kernel signature: dc2057752e4c64dc08b59d4f011ec34695a4f278 run #0: crashed: WARNING in md_ioctl run #1: crashed: WARNING in md_ioctl run #2: crashed: WARNING in md_ioctl run #3: crashed: WARNING in md_ioctl run #4: crashed: WARNING in md_ioctl run #5: crashed: WARNING in md_ioctl run #6: crashed: WARNING in md_ioctl run #7: OK run #8: OK run #9: OK # git bisect bad 9abf8acea297b4c65f5fa3206e2b8e468e730e84 Bisecting: 3485 revisions left to test after this (roughly 12 steps) [bb2407a7219760926760f0448fddf00d625e5aec] Merge tag 'docs-4.17' of git://git.lwn.net/linux testing commit bb2407a7219760926760f0448fddf00d625e5aec with gcc (GCC) 8.1.0 kernel signature: da8cbee38f6af62cb34e4c6f40f49850ee6ca40d run #0: crashed: WARNING in md_ioctl run #1: crashed: WARNING in md_ioctl run #2: crashed: WARNING in md_ioctl run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad bb2407a7219760926760f0448fddf00d625e5aec Bisecting: 1469 revisions left to test after this (roughly 11 steps) [1c7095d2836baafd84e596dd34ba1a1293a4faa9] Merge airlied/drm-next into drm-misc-next testing commit 1c7095d2836baafd84e596dd34ba1a1293a4faa9 with gcc (GCC) 8.1.0 kernel signature: 6562c6423cc3f70fec100b669dc5aa34cfe67497 run #0: crashed: WARNING in md_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 1c7095d2836baafd84e596dd34ba1a1293a4faa9 Bisecting: 760 revisions left to test after this (roughly 10 steps) [65ad7cac3866f5fa80dcef3e5048a839046d6a46] drm/amd/pp: Refine powerplay instance testing commit 65ad7cac3866f5fa80dcef3e5048a839046d6a46 with gcc (GCC) 8.1.0 kernel signature: 1b9f696761713e7d0b78171221388b8ccad9a22f run #0: crashed: WARNING in md_ioctl run #1: crashed: WARNING in md_ioctl run #2: crashed: WARNING in md_ioctl run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 65ad7cac3866f5fa80dcef3e5048a839046d6a46 Bisecting: 379 revisions left to test after this (roughly 9 steps) [5c2ff9a60d2123df1e4ccee363541dd17916ddea] drm/amdgpu: always allocate a PASIDs for each VM v2 testing commit 5c2ff9a60d2123df1e4ccee363541dd17916ddea with gcc (GCC) 8.1.0 kernel signature: cc54ea4493923c4a3dceb2936869330c7f811c03 run #0: crashed: WARNING in md_ioctl run #1: crashed: WARNING in md_ioctl run #2: crashed: WARNING in md_ioctl run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5c2ff9a60d2123df1e4ccee363541dd17916ddea Bisecting: 219 revisions left to test after this (roughly 8 steps) [f0308d76906a5b65ec4fcc3b133394caa9f00638] Merge tag 'drm-intel-next-2018-02-07' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit f0308d76906a5b65ec4fcc3b133394caa9f00638 with gcc (GCC) 8.1.0 kernel signature: d485d6c759989b9dc18f5ee6481e1c5f8b1a7124 run #0: crashed: WARNING in md_ioctl run #1: crashed: WARNING in md_ioctl run #2: crashed: WARNING in md_ioctl run #3: crashed: WARNING in md_ioctl run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f0308d76906a5b65ec4fcc3b133394caa9f00638 Bisecting: 79 revisions left to test after this (roughly 6 steps) [10bde236eff901407bdbcad2e605edaf7ba23bdb] drm/i915: Per-engine scratch VMA is mandatory testing commit 10bde236eff901407bdbcad2e605edaf7ba23bdb with gcc (GCC) 8.1.0 kernel signature: 44cf711fa3dadff7491f48143bc9c74bc75461fe all runs: OK # git bisect good 10bde236eff901407bdbcad2e605edaf7ba23bdb Bisecting: 39 revisions left to test after this (roughly 5 steps) [5b364bec5cbfd6c23505952a40150b053ec551d1] drm/i915: Flush ggtt writes through the old fenced vma before changing fences testing commit 5b364bec5cbfd6c23505952a40150b053ec551d1 with gcc (GCC) 8.1.0 kernel signature: 7920561d74927fc1f3c371795e21ddd82843ed4a all runs: OK # git bisect good 5b364bec5cbfd6c23505952a40150b053ec551d1 Bisecting: 19 revisions left to test after this (roughly 4 steps) [d67c0ac19f9a3d900fbdf84924cb4d3aea934310] drm/i915: reduce indent in pch detection testing commit d67c0ac19f9a3d900fbdf84924cb4d3aea934310 with gcc (GCC) 8.1.0 kernel signature: d305fd0379a25e986003d61c6bcfa2415f63046e all runs: OK # git bisect good d67c0ac19f9a3d900fbdf84924cb4d3aea934310 Bisecting: 9 revisions left to test after this (roughly 3 steps) [a8b66f2c2f3e03b70a5e72cb5034f8aff669bf34] drm/i915/selftests: Flush old resets between engines testing commit a8b66f2c2f3e03b70a5e72cb5034f8aff669bf34 with gcc (GCC) 8.1.0 kernel signature: 81808f7ca9bbcdd14df2b81d27b21eb5921c6309 all runs: OK # git bisect good a8b66f2c2f3e03b70a5e72cb5034f8aff669bf34 Bisecting: 4 revisions left to test after this (roughly 2 steps) [2f265fad9756a40c09e3f4dcc62d5d7fa73a9fb2] drm/i915/cmdparser: Check reg_table_count before derefencing. testing commit 2f265fad9756a40c09e3f4dcc62d5d7fa73a9fb2 with gcc (GCC) 8.1.0 kernel signature: dd1425ebdd06b09618396fa0c4d03cc73ac25fe1 all runs: OK # git bisect good 2f265fad9756a40c09e3f4dcc62d5d7fa73a9fb2 Bisecting: 2 revisions left to test after this (roughly 1 step) [4b6ce6810a5dc0af387a238e8c852e0d3822381f] drm/i915/cnl: WaPipeControlBefore3DStateSamplePattern testing commit 4b6ce6810a5dc0af387a238e8c852e0d3822381f with gcc (GCC) 8.1.0 kernel signature: dcd195d7399b77c117ace710a5eeb8023bcee03b run #0: crashed: WARNING in md_ioctl run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4b6ce6810a5dc0af387a238e8c852e0d3822381f Bisecting: 0 revisions left to test after this (roughly 0 steps) [3aec7f871c65eb5f76b4125fda432593c834a6f2] drm/i915/cmdparser: Do not check past the cmd length. testing commit 3aec7f871c65eb5f76b4125fda432593c834a6f2 with gcc (GCC) 8.1.0 kernel signature: f2ada4388e3b7318fce75da5f12530a34a11d225 all runs: OK # git bisect good 3aec7f871c65eb5f76b4125fda432593c834a6f2 4b6ce6810a5dc0af387a238e8c852e0d3822381f is the first bad commit commit 4b6ce6810a5dc0af387a238e8c852e0d3822381f Author: Rafael Antognolli Date: Mon Feb 5 15:33:30 2018 -0800 drm/i915/cnl: WaPipeControlBefore3DStateSamplePattern This workaround should prevent a bug that can be hit on a context restore. To avoid the issue, we must emit a PIPE_CONTROL with CS stall (0x7a000004 0x00100000 0x00000000 0x00000000) followed by 12DW's of NOOP(0x0) in the indirect context batch buffer, to ensure the engine is idle prior to programming 3DSTATE_SAMPLE_PATTERN. It's also not clear whether we should add those extra dwords because of the workaround itself, or if that's just padding for the WA BB (and next commands could come right after the PIPE_CONTROL). We keep them for now. References: HSD#1939868 v2: More descriptive changelog and comments. v3: Explain that PIPE_CONTROL is actually 6 dwords, and that we advance 10 more dwords because of that. Signed-off-by: Rafael Antognolli Cc: Chris Wilson Acked-by: Chris Wilson Signed-off-by: Chris Wilson Link: https://patchwork.freedesktop.org/patch/msgid/20180205233330.14973-1-rafael.antognolli@intel.com :040000 040000 2949d9d19f238632dc6d55440bffa69b5ab69602 a0639c8ab319ff0d0e4da7032d2f67722c54769c M drivers kernel signature: dcd195d7399b77c117ace710a5eeb8023bcee03b previous signature: f2ada4388e3b7318fce75da5f12530a34a11d225 revisions tested: 15, total time: 4h3m0.706225764s (build: 1h14m57.687389154s, test: 2h43m55.433846185s) first bad commit: 4b6ce6810a5dc0af387a238e8c852e0d3822381f drm/i915/cnl: WaPipeControlBefore3DStateSamplePattern cc: ["airlied@linux.ie" "chris@chris-wilson.co.uk" "dri-devel@lists.freedesktop.org" "intel-gfx@lists.freedesktop.org" "jani.nikula@linux.intel.com" "joonas.lahtinen@linux.intel.com" "linux-kernel@vger.kernel.org" "rafael.antognolli@intel.com" "rodrigo.vivi@intel.com"] crash: WARNING in md_ioctl md: md0 stopped. md: md0 stopped. md: md0 stopped. md: md0 stopped. md: md0 stopped. WARNING: CPU: 1 PID: 4287 at drivers/md/md.c:7151 md_ioctl+0x2b4a/0x6400 drivers/md/md.c:7137 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 4287 Comm: syz-executor3 Not tainted 4.15.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x145/0x1e7 lib/dump_stack.c:53 panic+0x1a9/0x360 kernel/panic.c:183 __warn.cold.8+0x120/0x154 kernel/panic.c:547 report_bug+0x1a3/0x220 lib/bug.c:184 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1bc/0x470 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315 invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1085 RIP: 0010:md_ioctl+0x2b4a/0x6400 drivers/md/md.c:7151 RSP: 0018:ffff8801c855f560 EFLAGS: 00010202 RAX: ffff8801cac5f708 RBX: 1ffff100390abeb5 RCX: 1ffff1003958bee5 RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffffed00390abe90 RBP: ffff8801c855fb10 R08: 0000000000000932 R09: 000000000000222e R10: ffff8801c855fae8 R11: ffff8801cac5f700 R12: 0000000020000080 R13: ffff8801cac5f728 R14: ffff8801d62b58c0 R15: ffff8801cac5f8c8 __blkdev_driver_ioctl block/ioctl.c:303 [inline] blkdev_ioctl+0x866/0x1b10 block/ioctl.c:601 block_ioctl+0xd7/0x130 fs/block_dev.c:1860 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x186/0x15d0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x75/0x80 fs/ioctl.c:692 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x455ac9 RSP: 002b:00007f04dcf33c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f04dcf34700 RCX: 0000000000455ac9 RDX: 0000000020000080 RSI: 0000000000000932 RDI: 0000000000000003 RBP: 00007ffea3210160 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffea32100df R14: 00007f04dcf349c0 R15: 0000000000000001 Kernel Offset: disabled Rebooting in 86400 seconds..