bisecting cause commit starting from d5eeab8d7e269e8cfc53b915bccd7bd30485bcbf building syzkaller on e97b06d3cef9296e9d0e827c42bccdd36b555986 testing commit d5eeab8d7e269e8cfc53b915bccd7bd30485bcbf with gcc (GCC) 8.1.0 kernel signature: 2bbeb6b850048b1304063fe0d9dcff14c5a122e286be9a57781350649c542e99 all runs: crashed: WARNING in memtype_reserve testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: ee35416c5af02cc5238b441d45c0cf75954ff151b4688187eee9ba340fffb41b all runs: OK # git bisect start d5eeab8d7e269e8cfc53b915bccd7bd30485bcbf 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 6710 revisions left to test after this (roughly 13 steps) [f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0 kernel signature: f80831b28fc9b8f9346b629c72c6ac1e9b88335199d60c6c3bb3dee7a2deb58d all runs: OK # git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6 Bisecting: 3360 revisions left to test after this (roughly 12 steps) [828907ef25e0133f50c346ef5a3c79a707a9b100] Merge tag 'gpio-v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio testing commit 828907ef25e0133f50c346ef5a3c79a707a9b100 with gcc (GCC) 8.1.0 kernel signature: d53a2beef11cd514290332369fd9a7c6faf24af660434a5144b1e1f4c555bded all runs: OK # git bisect good 828907ef25e0133f50c346ef5a3c79a707a9b100 Bisecting: 1681 revisions left to test after this (roughly 11 steps) [172edde9604941f61d75bb3b4f88068204f8c086] Merge tag 'io_uring-5.7-2020-04-09' of git://git.kernel.dk/linux-block testing commit 172edde9604941f61d75bb3b4f88068204f8c086 with gcc (GCC) 8.1.0 kernel signature: ac2e6ec9051664f5f0afc2672129804cc78ef930c8bd08b00d9cb2b4ab1620b0 all runs: OK # git bisect good 172edde9604941f61d75bb3b4f88068204f8c086 Bisecting: 842 revisions left to test after this (roughly 10 steps) [b4f633221f0aeac102e463a4be46a643b2e3b819] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace testing commit b4f633221f0aeac102e463a4be46a643b2e3b819 with gcc (GCC) 8.1.0 kernel signature: d8965d462f8875647368f1d2d746fbdc42f4b5ed9e7e416eda8f94595244a8d4 all runs: OK # git bisect good b4f633221f0aeac102e463a4be46a643b2e3b819 Bisecting: 421 revisions left to test after this (roughly 9 steps) [75ec0ba2acf45cc31b5b59e00106a55494c62209] Merge tag 'linux-kselftest-5.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit 75ec0ba2acf45cc31b5b59e00106a55494c62209 with gcc (GCC) 8.1.0 kernel signature: 62c356527805dd7e834630d13587b2d61b495d086a5726098c19f5ca78c28672 all runs: OK # git bisect good 75ec0ba2acf45cc31b5b59e00106a55494c62209 Bisecting: 259 revisions left to test after this (roughly 8 steps) [b9388959ba507c7a48ac18e4aa3b63b8a910ed99] Merge tag 'tag-chrome-platform-fixes-for-v5.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux testing commit b9388959ba507c7a48ac18e4aa3b63b8a910ed99 with gcc (GCC) 8.1.0 kernel signature: 76638e034297a1e91df595372117110338c9ba93d6beca19233f06f27ffe05cb all runs: OK # git bisect good b9388959ba507c7a48ac18e4aa3b63b8a910ed99 Bisecting: 129 revisions left to test after this (roughly 7 steps) [996ed22c7a5251d76dcdfe5026ef8230e90066d9] arch/x86/kvm/svm/sev.c: change flag passed to GUP fast in sev_pin_memory() testing commit 996ed22c7a5251d76dcdfe5026ef8230e90066d9 with gcc (GCC) 8.1.0 kernel signature: bb0363d5424ac1030a3aeab99aa12d3630252934bcbc44cc05d6b7ab1672c411 all runs: OK # git bisect good 996ed22c7a5251d76dcdfe5026ef8230e90066d9 Bisecting: 69 revisions left to test after this (roughly 6 steps) [af38553c661207f96464e15f3506bf788daee474] Merge branch 'akpm' (patches from Andrew) testing commit af38553c661207f96464e15f3506bf788daee474 with gcc (GCC) 8.1.0 kernel signature: 317d1476c5e68ff4b02891d40131a55ca4440d503da883679753cf0cc27bf0f9 all runs: OK # git bisect good af38553c661207f96464e15f3506bf788daee474 Bisecting: 36 revisions left to test after this (roughly 5 steps) [e7a1c733fecd6bf71f87f74b36ab51bb3eafd8b3] Merge tag 'staging-5.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit e7a1c733fecd6bf71f87f74b36ab51bb3eafd8b3 with gcc (GCC) 8.1.0 kernel signature: 3c639da2b76dd4b9873c3a1cefa178e1e4d09b14977b858f74d4e6c249830544 all runs: crashed: WARNING in memtype_reserve # git bisect bad e7a1c733fecd6bf71f87f74b36ab51bb3eafd8b3 Bisecting: 18 revisions left to test after this (roughly 4 steps) [775a8e0316bd5443a0f3faf771b1bdfb8f8e8342] Merge tag 'drm-fixes-2020-05-08' of git://anongit.freedesktop.org/drm/drm testing commit 775a8e0316bd5443a0f3faf771b1bdfb8f8e8342 with gcc (GCC) 8.1.0 kernel signature: 5cfa1030109fab66ef999a87cd26a4a80a8d82f99e7ea2d580fcbe00a08fedb7 all runs: OK # git bisect good 775a8e0316bd5443a0f3faf771b1bdfb8f8e8342 Bisecting: 9 revisions left to test after this (roughly 3 steps) [084d7e78467534eedaf0d6c72086a6817023d839] Merge tag 'usb-serial-5.7-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus testing commit 084d7e78467534eedaf0d6c72086a6817023d839 with gcc (GCC) 8.1.0 kernel signature: 1cab5e57228b501ab2d638547ee6822b2bc5e13a3e5a3b16fe79d9ad1b0f0d74 all runs: crashed: WARNING in memtype_reserve # git bisect bad 084d7e78467534eedaf0d6c72086a6817023d839 Bisecting: 4 revisions left to test after this (roughly 2 steps) [e283f5e89f44a80ca536e4a12903c64e9e9a82e4] usb: typec: intel_pmc_mux: Fix the property names testing commit e283f5e89f44a80ca536e4a12903c64e9e9a82e4 with gcc (GCC) 8.1.0 kernel signature: 32135be59e7254c4a11cebd791b926c46bd76e89a16c618cb77031a09f03f1ee all runs: OK # git bisect good e283f5e89f44a80ca536e4a12903c64e9e9a82e4 Bisecting: 2 revisions left to test after this (roughly 1 step) [78d6de3cfbd342918d31cf68d0d2eda401338aef] USB: serial: qcserial: Add DW5816e support testing commit 78d6de3cfbd342918d31cf68d0d2eda401338aef with gcc (GCC) 8.1.0 kernel signature: aecde7a1f293bebe352ca69919dbee45bd52cab06e22c2eaf7824680bbf0eee9 all runs: OK # git bisect good 78d6de3cfbd342918d31cf68d0d2eda401338aef Bisecting: 0 revisions left to test after this (roughly 1 step) [7990be48ef4d87163940d6c04c349c93f0bd9ae7] usb: typec: mux: intel: Handle alt mode HPD_HIGH testing commit 7990be48ef4d87163940d6c04c349c93f0bd9ae7 with gcc (GCC) 8.1.0 kernel signature: de432469215036be5df4e304dcc3fbaa0ecdee7f7d442b73c55696161216f1e3 all runs: crashed: WARNING in memtype_reserve # git bisect bad 7990be48ef4d87163940d6c04c349c93f0bd9ae7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2bef9aed6f0e22391c8d4570749b1acc9bc3981e] usb: usbfs: correct kernel->user page attribute mismatch testing commit 2bef9aed6f0e22391c8d4570749b1acc9bc3981e with gcc (GCC) 8.1.0 kernel signature: 385fcac940954956dec70325f2cedb4e4ad3f88746e5e0445184cfe42474b548 all runs: crashed: WARNING in memtype_reserve # git bisect bad 2bef9aed6f0e22391c8d4570749b1acc9bc3981e 2bef9aed6f0e22391c8d4570749b1acc9bc3981e is the first bad commit commit 2bef9aed6f0e22391c8d4570749b1acc9bc3981e Author: Jeremy Linton Date: Mon May 4 15:13:48 2020 -0500 usb: usbfs: correct kernel->user page attribute mismatch On some architectures (e.g. arm64) requests for IO coherent memory may use non-cachable attributes if the relevant device isn't cache coherent. If these pages are then remapped into userspace as cacheable, they may not be coherent with the non-cacheable mappings. In particular this happens with libusb, when it attempts to create zero-copy buffers for use by rtl-sdr (https://github.com/osmocom/rtl-sdr/). On low end arm devices with non-coherent USB ports, the application will be unexpectedly killed, while continuing to work fine on arm machines with coherent USB controllers. This bug has been discovered/reported a few times over the last few years. In the case of rtl-sdr a compile time option to enable/disable zero copy was implemented to work around it. Rather than relaying on application specific workarounds, dma_mmap_coherent() can be used instead of remap_pfn_range(). The page cache/etc attributes will then be correctly set in userspace to match the kernel mapping. Signed-off-by: Jeremy Linton Cc: stable Link: https://lore.kernel.org/r/20200504201348.1183246-1-jeremy.linton@arm.com Signed-off-by: Greg Kroah-Hartman drivers/usb/core/devio.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) culprit signature: 385fcac940954956dec70325f2cedb4e4ad3f88746e5e0445184cfe42474b548 parent signature: 32135be59e7254c4a11cebd791b926c46bd76e89a16c618cb77031a09f03f1ee revisions tested: 17, total time: 3h58m42.254623598s (build: 1h39m52.059526782s, test: 2h17m27.222591589s) first bad commit: 2bef9aed6f0e22391c8d4570749b1acc9bc3981e usb: usbfs: correct kernel->user page attribute mismatch cc: ["dmitry.torokhov@gmail.com" "ebiederm@xmission.com" "gregkh@linuxfoundation.org" "jeremy.linton@arm.com" "linux-kernel@vger.kernel.org" "linux-usb@vger.kernel.org" "stern@rowland.harvard.edu"] crash: WARNING in memtype_reserve ------------[ cut here ]------------ memtype_reserve failed: [mem 0xffffffffff000-0x00008fff], req write-back WARNING: CPU: 1 PID: 8422 at arch/x86/mm/pat/memtype.c:590 memtype_reserve+0x429/0x6c0 arch/x86/mm/pat/memtype.c:589 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 8422 Comm: syz-executor.3 Not tainted 5.7.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.10+0x25/0x26 kernel/panic.c:582 report_bug+0x1ad/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:memtype_reserve+0x429/0x6c0 arch/x86/mm/pat/memtype.c:589 Code: 10 00 0f 85 a7 02 00 00 4e 8b 04 f5 00 58 88 87 48 8d 4b ff 48 89 ea 48 c7 c6 60 58 88 87 48 c7 c7 c0 50 88 87 e8 03 71 0f 00 <0f> 0b 41 bf ea ff ff ff e9 ec fd ff ff 41 bf ea ff ff ff e9 e1 fd RSP: 0018:ffffc90004c37868 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000009000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff8b8d6160 RBP: 000ffffffffff000 R08: ffffed1015d266a9 R09: ffffed1015d266a9 R10: ffff8880ae933547 R11: ffffed1015d266a8 R12: 1ffff92000986f12 R13: 000000000000a000 R14: 0000000000000000 R15: 0000000000009000 reserve_pfn_range+0x10f/0x300 arch/x86/mm/pat/memtype.c:941 track_pfn_remap+0xfd/0x210 arch/x86/mm/pat/memtype.c:1033 remap_pfn_range+0x19b/0x7f0 mm/memory.c:2130 usbdev_mmap+0x375/0x730 drivers/usb/core/devio.c:254 call_mmap include/linux/fs.h:1912 [inline] mmap_region+0x8df/0x12a0 mm/mmap.c:1772 do_mmap+0x5b9/0xea0 mm/mmap.c:1545 do_mmap_pgoff include/linux/mm.h:2553 [inline] vm_mmap_pgoff+0x16c/0x1d0 mm/util.c:506 ksys_mmap_pgoff+0x3a0/0x5a0 mm/mmap.c:1595 do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline] do_fast_syscall_32+0x231/0xba0 arch/x86/entry/common.c:396 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 Kernel Offset: disabled Rebooting in 86400 seconds..