bisecting fixing commit since 9851a0dee7c28514f149f7e4f60ec1b06286cc1b building syzkaller on 9941337c5f7cfa2f5c0d19c53f0bb9a2444f43ce testing commit 9851a0dee7c28514f149f7e4f60ec1b06286cc1b with gcc (GCC) 8.1.0 kernel signature: 693ec55378dda8fdac4ea5a5a1a01f188ec2f68efbbc47fd4bbe5a093e03218a all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic testing current HEAD 6929f71e46bdddbf1c4d67c2728648176c67c555 testing commit 6929f71e46bdddbf1c4d67c2728648176c67c555 with gcc (GCC) 8.1.0 kernel signature: 7fd22b3846d9751a5570b6d82298dbb5eaf04f23cf5220250431cc02accbe350 all runs: OK # git bisect start 6929f71e46bdddbf1c4d67c2728648176c67c555 9851a0dee7c28514f149f7e4f60ec1b06286cc1b Bisecting: 4486 revisions left to test after this (roughly 12 steps) [750a02ab8d3c49ca7d23102be90d3d1db19e2827] Merge tag 'for-5.8/block-2020-06-01' of git://git.kernel.dk/linux-block testing commit 750a02ab8d3c49ca7d23102be90d3d1db19e2827 with gcc (GCC) 8.1.0 kernel signature: 4c107092abe7334998b16fed0f0e6c986447d2bc58e2479805549ce27d1e63b6 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 750a02ab8d3c49ca7d23102be90d3d1db19e2827 Bisecting: 2243 revisions left to test after this (roughly 11 steps) [d41ecaac903c9f4658a71d4e7a708673cfb5abba] tcp: add tcp_sock_set_keepintvl testing commit d41ecaac903c9f4658a71d4e7a708673cfb5abba with gcc (GCC) 8.1.0 kernel signature: 4a2e61c476f27bba6bb8336f1a4cc29607eaa03d744d4743707d9ef52def0bf1 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good d41ecaac903c9f4658a71d4e7a708673cfb5abba Bisecting: 1142 revisions left to test after this (roughly 10 steps) [2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63] Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 with gcc (GCC) 8.1.0 kernel signature: 9ebf2fa95a8076b92e89be593d812f72a2db3b023380592eed707318ea9662cc all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 Bisecting: 505 revisions left to test after this (roughly 9 steps) [ee01c4d72adffb7d424535adf630f2955748fa8b] Merge branch 'akpm' (patches from Andrew) testing commit ee01c4d72adffb7d424535adf630f2955748fa8b with gcc (GCC) 8.1.0 kernel signature: aecfaa7a621ac31170d9e9adec6b1893999910c545f0e91a5198a594d8be305f all runs: OK # git bisect bad ee01c4d72adffb7d424535adf630f2955748fa8b Bisecting: 320 revisions left to test after this (roughly 8 steps) [1806c13dc2532090d742ce03847b22367fb20ad6] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 1806c13dc2532090d742ce03847b22367fb20ad6 with gcc (GCC) 8.1.0 kernel signature: 53a24d39a8200589439ec56410e3b8bbb9ac928625c0dfd70704b4ac183f84b3 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 1806c13dc2532090d742ce03847b22367fb20ad6 Bisecting: 162 revisions left to test after this (roughly 7 steps) [cf51abcded837ef209faa03a62b2ea44e45995e8] Merge branch 'Link-based-attach-to-netns' testing commit cf51abcded837ef209faa03a62b2ea44e45995e8 with gcc (GCC) 8.1.0 kernel signature: 980a4b007239ef0ec2ae353c7dafa60185f6a043351e6a60354001dd84852844 all runs: OK # git bisect bad cf51abcded837ef209faa03a62b2ea44e45995e8 Bisecting: 78 revisions left to test after this (roughly 6 steps) [a477605fdb282a38493a9ff10b6a9a4db138ae57] Merge branch 'dpaa2-eth-add-PFC-support' testing commit a477605fdb282a38493a9ff10b6a9a4db138ae57 with gcc (GCC) 8.1.0 kernel signature: e3eb59f1309ecc50e21e083f55fa94a3bb1a9f06a580913e3ac25d0be1c59c3b all runs: OK # git bisect bad a477605fdb282a38493a9ff10b6a9a4db138ae57 Bisecting: 42 revisions left to test after this (roughly 5 steps) [a74d19ba7c41b6c1e424ef4fb7d4600f43ff75e5] net: fec: disable correct clk in the err path of fec_enet_clk_enable testing commit a74d19ba7c41b6c1e424ef4fb7d4600f43ff75e5 with gcc (GCC) 8.1.0 kernel signature: b4685c300156e42860f015650dfd64855c45c0c4c31c1dca81d1aab57794a4fb all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good a74d19ba7c41b6c1e424ef4fb7d4600f43ff75e5 Bisecting: 21 revisions left to test after this (roughly 5 steps) [39c10350cfc8ce23faae651877171e354b9006d4] mlxsw: spectrum_trap: Register layer 2 control traps testing commit 39c10350cfc8ce23faae651877171e354b9006d4 with gcc (GCC) 8.1.0 kernel signature: 812c50f619b2dbdb532bd965c99aadf7f92ff3fec15aab00f8efc52964d06569 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 39c10350cfc8ce23faae651877171e354b9006d4 Bisecting: 10 revisions left to test after this (roughly 4 steps) [2a67ab99aad078504ded787211351a12717c6e96] Merge branch 'bridge-mrp-Add-support-for-MRA-role' testing commit 2a67ab99aad078504ded787211351a12717c6e96 with gcc (GCC) 8.1.0 kernel signature: 6c2c225747e286d414caf3ac995e3d1aab1bd7f24ef2357cc0ace55d5796f96b all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 2a67ab99aad078504ded787211351a12717c6e96 Bisecting: 5 revisions left to test after this (roughly 3 steps) [6aa90fe2d96745b63d4ccc74c0c37b90d31b699e] dpaa2-eth: Distribute ingress frames based on VLAN prio testing commit 6aa90fe2d96745b63d4ccc74c0c37b90d31b699e with gcc (GCC) 8.1.0 kernel signature: 0d6e237f8197a92917c857e292f4dd4c91cef6cacf7f5ec3c51b47f282b11fcf all runs: OK # git bisect bad 6aa90fe2d96745b63d4ccc74c0c37b90d31b699e Bisecting: 2 revisions left to test after this (roughly 1 step) [96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f] tun: correct header offsets in napi frags mode testing commit 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f with gcc (GCC) 8.1.0 kernel signature: ca21c7d198902031eaf20194fef55890ce2745f27ca9578eb4846fda31acc656 all runs: OK # git bisect bad 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f Bisecting: 0 revisions left to test after this (roughly 0 steps) [4e4f4ce6abf5f6a8df0561776d3a790d60d519d0] cls_flower: remove mpls_opts_policy testing commit 4e4f4ce6abf5f6a8df0561776d3a790d60d519d0 with gcc (GCC) 8.1.0 kernel signature: acda5ad9a550fdcab3c7f07cc23aa249186c40eed5f61d064bb72075cc18927f all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 4e4f4ce6abf5f6a8df0561776d3a790d60d519d0 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f is the first bad commit commit 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f Author: Willem de Bruijn Date: Sat May 30 15:41:31 2020 -0400 tun: correct header offsets in napi frags mode Tun in IFF_NAPI_FRAGS mode calls napi_gro_frags. Unlike netif_rx and netif_gro_receive, this expects skb->data to point to the mac layer. But skb_probe_transport_header, __skb_get_hash_symmetric, and xdp_do_generic in tun_get_user need skb->data to point to the network header. Flow dissection also needs skb->protocol set, so eth_type_trans has to be called. Ensure the link layer header lies in linear as eth_type_trans pulls ETH_HLEN. Then take the same code paths for frags as for not frags. Push the link layer header back just before calling napi_gro_frags. By pulling up to ETH_HLEN from frag0 into linear, this disables the frag0 optimization in the special case when IFF_NAPI_FRAGS is used with zero length iov[0] (and thus empty skb->linear). Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver") Signed-off-by: Willem de Bruijn Acked-by: Petar Penkov Signed-off-by: David S. Miller drivers/net/tun.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) culprit signature: ca21c7d198902031eaf20194fef55890ce2745f27ca9578eb4846fda31acc656 parent signature: acda5ad9a550fdcab3c7f07cc23aa249186c40eed5f61d064bb72075cc18927f revisions tested: 15, total time: 3h5m9.542358576s (build: 1h30m36.574600733s, test: 1h33m17.888899641s) first good commit: 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f tun: correct header offsets in napi frags mode cc: ["davem@davemloft.net" "ppenkov@google.com" "willemb@google.com"]