bisecting fixing commit since 0e698dfa282211e414076f9dc7e83c1c288314fd building syzkaller on 58ae5e18624eaaac79cab00e63d6f32c9bd64ee0 testing commit 0e698dfa282211e414076f9dc7e83c1c288314fd with gcc (GCC) 8.1.0 kernel signature: 7a71f83bc0a8d18f2c103285e1d16bc8e8ac60c2a9342bf4ed90a72cce1f4bec all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic testing current HEAD 04300d66f0a06d572d9f2ad6768c38cabde22179 testing commit 04300d66f0a06d572d9f2ad6768c38cabde22179 with gcc (GCC) 8.1.0 kernel signature: ce155bc499044abce4eb34b08a7fddbddc9ede9af507972675b8c05a08c4a5d3 all runs: OK # git bisect start 04300d66f0a06d572d9f2ad6768c38cabde22179 0e698dfa282211e414076f9dc7e83c1c288314fd Bisecting: 9293 revisions left to test after this (roughly 13 steps) [a0a4d17e02a80a74a63c7cbb7bc8cea2f0b7d8b1] Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux testing commit a0a4d17e02a80a74a63c7cbb7bc8cea2f0b7d8b1 with gcc (GCC) 8.1.0 kernel signature: 3292daac58863a1fc249ea1594681f1c294135172e8af724cf2f2cc0f1f7c4c3 all runs: OK # git bisect bad a0a4d17e02a80a74a63c7cbb7bc8cea2f0b7d8b1 Bisecting: 4703 revisions left to test after this (roughly 12 steps) [750a02ab8d3c49ca7d23102be90d3d1db19e2827] Merge tag 'for-5.8/block-2020-06-01' of git://git.kernel.dk/linux-block testing commit 750a02ab8d3c49ca7d23102be90d3d1db19e2827 with gcc (GCC) 8.1.0 kernel signature: 311c4b3040674d969c32fd5f8dc20673e528e5092214bec4aa1a6cf51e0564b4 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 750a02ab8d3c49ca7d23102be90d3d1db19e2827 Bisecting: 2351 revisions left to test after this (roughly 11 steps) [aef31718a923338aff610abef41114a9c0fd37ea] net: dsa: sja1105: avoid invalid state in sja1105_vlan_filtering testing commit aef31718a923338aff610abef41114a9c0fd37ea with gcc (GCC) 8.1.0 kernel signature: f9ae4b34f392c04440409bf3e9f5fdcc21d33284b7b5ed4143579acc2d2e7d07 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good aef31718a923338aff610abef41114a9c0fd37ea Bisecting: 1250 revisions left to test after this (roughly 10 steps) [2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63] Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 with gcc (GCC) 8.1.0 kernel signature: ca2a22a5f624cf4592411d853f7e69c002ef707cff97ce1ef33aa163e63fa642 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 Bisecting: 722 revisions left to test after this (roughly 9 steps) [ee01c4d72adffb7d424535adf630f2955748fa8b] Merge branch 'akpm' (patches from Andrew) testing commit ee01c4d72adffb7d424535adf630f2955748fa8b with gcc (GCC) 8.1.0 kernel signature: da0055e15c369782f2b9f9a0815279bd404291b644240f6976bc2e0c7ad6fe39 all runs: OK # git bisect bad ee01c4d72adffb7d424535adf630f2955748fa8b Bisecting: 263 revisions left to test after this (roughly 8 steps) [39c10350cfc8ce23faae651877171e354b9006d4] mlxsw: spectrum_trap: Register layer 2 control traps testing commit 39c10350cfc8ce23faae651877171e354b9006d4 with gcc (GCC) 8.1.0 kernel signature: eac0075ee147ed2055c171a71902aa4b9c6d61cedee3e7ff6f395ec03a898899 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 39c10350cfc8ce23faae651877171e354b9006d4 Bisecting: 131 revisions left to test after this (roughly 7 steps) [c444eb564fb16645c172d550359cb3d75fe8a040] mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() testing commit c444eb564fb16645c172d550359cb3d75fe8a040 with gcc (GCC) 8.1.0 kernel signature: 2cbf3a81575bac92e6941f96827cdcfd557afcb72996730bf6835e07d7119d09 all runs: OK # git bisect bad c444eb564fb16645c172d550359cb3d75fe8a040 Bisecting: 65 revisions left to test after this (roughly 6 steps) [e255d3273920dfd2d4e1cf2afe565b942c122219] Merge branch 'bpf-ring-buffer' testing commit e255d3273920dfd2d4e1cf2afe565b942c122219 with gcc (GCC) 8.1.0 kernel signature: 7179a949d4c65d65fb8a3232c9699e4f10a4ddebaf6a83a4d32933c1624128dc all runs: OK # git bisect bad e255d3273920dfd2d4e1cf2afe565b942c122219 Bisecting: 26 revisions left to test after this (roughly 5 steps) [2a2e01e7b1e00ff36741fefcf3a526709355252b] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 2a2e01e7b1e00ff36741fefcf3a526709355252b with gcc (GCC) 8.1.0 kernel signature: 78fc8b4e69a29fd7e6bb210f68548f86e3ee9a939531d46a05f61eedaa1cc807 all runs: OK # git bisect bad 2a2e01e7b1e00ff36741fefcf3a526709355252b Bisecting: 19 revisions left to test after this (roughly 4 steps) [3f8b826d705fc6f0f0602fcbe6ee3b646ed3316e] dpaa2-eth: Update FQ taildrop threshold and buffer pool count testing commit 3f8b826d705fc6f0f0602fcbe6ee3b646ed3316e with gcc (GCC) 8.1.0 kernel signature: 6c2578de909fe234cbadea29cfe1126f7e62883a87fc3bcf00241acedb82cba7 all runs: OK # git bisect bad 3f8b826d705fc6f0f0602fcbe6ee3b646ed3316e Bisecting: 9 revisions left to test after this (roughly 3 steps) [4b3a61b030d1131dcf3633a276158a3d0a435a47] bridge: mrp: Set the priority of MRP instance testing commit 4b3a61b030d1131dcf3633a276158a3d0a435a47 with gcc (GCC) 8.1.0 kernel signature: 08e1e97740890808b01ea96c4fd2ab6b37005ddd6ad3adaff47f18b2948dacef all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 4b3a61b030d1131dcf3633a276158a3d0a435a47 Bisecting: 4 revisions left to test after this (roughly 2 steps) [3190ca3b5f51a0e471ee3f04c898401c81b00385] net: phy: broadcom: don't export RDB/legacy access methods testing commit 3190ca3b5f51a0e471ee3f04c898401c81b00385 with gcc (GCC) 8.1.0 kernel signature: a46105ff291adec54da4bb09d03d8cee297dfda4c14530fd74e888372f96fcb7 all runs: OK # git bisect bad 3190ca3b5f51a0e471ee3f04c898401c81b00385 Bisecting: 2 revisions left to test after this (roughly 1 step) [2a67ab99aad078504ded787211351a12717c6e96] Merge branch 'bridge-mrp-Add-support-for-MRA-role' testing commit 2a67ab99aad078504ded787211351a12717c6e96 with gcc (GCC) 8.1.0 kernel signature: dd5a54470cbbc14bded163c3dbbc262e74d537e720468b75d9a388f7449575b8 run #0: boot failed: failed to create instance: googleapi: Error 503: Internal error. Please try again or contact Google Support. (Code: '5AB527C13E1AB.A302089.9200CDA2'), backendError run #1: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #2: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #3: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #4: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #5: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #6: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #7: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #8: crashed: BUG: unable to handle kernel paging request in do_xdp_generic run #9: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 2a67ab99aad078504ded787211351a12717c6e96 Bisecting: 0 revisions left to test after this (roughly 1 step) [96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f] tun: correct header offsets in napi frags mode testing commit 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f with gcc (GCC) 8.1.0 kernel signature: c9a09dfd56e25a1885b302b3e3d92eb1bb5ddf492bda678225ad701f1ba2374d all runs: OK # git bisect bad 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f Bisecting: 0 revisions left to test after this (roughly 0 steps) [4e4f4ce6abf5f6a8df0561776d3a790d60d519d0] cls_flower: remove mpls_opts_policy testing commit 4e4f4ce6abf5f6a8df0561776d3a790d60d519d0 with gcc (GCC) 8.1.0 kernel signature: e809b00ffeb70a3976f0e3234aef6e16cfb69d76b89dd68b6398aec45d79e0d8 all runs: crashed: BUG: unable to handle kernel paging request in do_xdp_generic # git bisect good 4e4f4ce6abf5f6a8df0561776d3a790d60d519d0 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f is the first bad commit commit 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f Author: Willem de Bruijn Date: Sat May 30 15:41:31 2020 -0400 tun: correct header offsets in napi frags mode Tun in IFF_NAPI_FRAGS mode calls napi_gro_frags. Unlike netif_rx and netif_gro_receive, this expects skb->data to point to the mac layer. But skb_probe_transport_header, __skb_get_hash_symmetric, and xdp_do_generic in tun_get_user need skb->data to point to the network header. Flow dissection also needs skb->protocol set, so eth_type_trans has to be called. Ensure the link layer header lies in linear as eth_type_trans pulls ETH_HLEN. Then take the same code paths for frags as for not frags. Push the link layer header back just before calling napi_gro_frags. By pulling up to ETH_HLEN from frag0 into linear, this disables the frag0 optimization in the special case when IFF_NAPI_FRAGS is used with zero length iov[0] (and thus empty skb->linear). Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver") Signed-off-by: Willem de Bruijn Acked-by: Petar Penkov Signed-off-by: David S. Miller drivers/net/tun.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) culprit signature: c9a09dfd56e25a1885b302b3e3d92eb1bb5ddf492bda678225ad701f1ba2374d parent signature: e809b00ffeb70a3976f0e3234aef6e16cfb69d76b89dd68b6398aec45d79e0d8 revisions tested: 17, total time: 3h37m22.59198418s (build: 1h37m45.422939626s, test: 1h56m48.569596469s) first good commit: 96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f tun: correct header offsets in napi frags mode cc: ["davem@davemloft.net" "ppenkov@google.com" "willemb@google.com"]