bisecting fixing commit since 5e60366d56c630e32befce7ef05c569e04391ca3 building syzkaller on 04201c0669446145fd9c347c5538da0ca13ff29b testing commit 5e60366d56c630e32befce7ef05c569e04391ca3 with gcc (GCC) 10.2.1 20210217 kernel signature: 8549a457255f7b2fb794d16f568be19a10a672f94c9d3c4533f712823a78bf3a all runs: crashed: UBSAN: shift-out-of-bounds in tcindex_set_parms testing current HEAD 7a7fd0de4a9804299793e564a555a49c1fc924cb testing commit 7a7fd0de4a9804299793e564a555a49c1fc924cb with gcc (GCC) 10.2.1 20210217 kernel signature: f745aacd2ded0c513675d2351da09200ccc963c3c86dee07863f09bb210afd66 all runs: OK # git bisect start 7a7fd0de4a9804299793e564a555a49c1fc924cb 5e60366d56c630e32befce7ef05c569e04391ca3 Bisecting: 9066 revisions left to test after this (roughly 13 steps) [82851fce6107d5a3e66d95aee2ae68860a732703] Merge tag 'arm-dt-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 82851fce6107d5a3e66d95aee2ae68860a732703 with gcc (GCC) 10.2.1 20210217 kernel signature: 92a5eb530bcfb78ee48e2a030ac93e60cd6344cd7437cb1723fcfbf8cce7569f all runs: OK # git bisect bad 82851fce6107d5a3e66d95aee2ae68860a732703 Bisecting: 4845 revisions left to test after this (roughly 12 steps) [da1a6b8bec881b67f0e234ed19e8b7e2fb1e7812] arm64: dts: imx: Add i.mx8mm nitrogen basic dts support testing commit da1a6b8bec881b67f0e234ed19e8b7e2fb1e7812 with gcc (GCC) 10.2.1 20210217 kernel signature: df8068c1eff8f6ac77efee91411386443ef4f089d8b584c38bf238908f2d9b3a all runs: crashed: UBSAN: shift-out-of-bounds in tcindex_set_parms # git bisect good da1a6b8bec881b67f0e234ed19e8b7e2fb1e7812 Bisecting: 2443 revisions left to test after this (roughly 11 steps) [a283ea1b97163d21e0f1a3df387b71787042b990] net/mlx5: DR, Avoid unnecessary csum recalculation on supporting devices testing commit a283ea1b97163d21e0f1a3df387b71787042b990 with gcc (GCC) 10.2.1 20210217 kernel signature: 2097230e5f9da7a47440c3b3a14b474cd27879f107fc12d1e54c899fcbb91150 all runs: OK # git bisect bad a283ea1b97163d21e0f1a3df387b71787042b990 Bisecting: 1200 revisions left to test after this (roughly 10 steps) [c2e315b8c399cf364b740368561d9d8f3f354402] net: tun: fix misspellings using codespell tool testing commit c2e315b8c399cf364b740368561d9d8f3f354402 with gcc (GCC) 10.2.1 20210217 kernel signature: 07b7eacdc273e591fb32863c9a2984a54d7061406cdf21abfd147f4c0c5cb856 all runs: crashed: UBSAN: shift-out-of-bounds in tcindex_set_parms # git bisect good c2e315b8c399cf364b740368561d9d8f3f354402 Bisecting: 600 revisions left to test after this (roughly 9 steps) [228a65d4544af5086bd167dcc5a0cb4fae2c42b4] Merge tag 'sh-for-5.11' of git://git.libc.org/linux-sh testing commit 228a65d4544af5086bd167dcc5a0cb4fae2c42b4 with gcc (GCC) 10.2.1 20210217 kernel signature: e652742b9e9a63d9739a35a209d2799e74796574e02efd8e0b3a8a6ff5680b23 all runs: OK # git bisect bad 228a65d4544af5086bd167dcc5a0cb4fae2c42b4 Bisecting: 298 revisions left to test after this (roughly 8 steps) [63858ac326561af6a1e583ad4314cc1be16852ad] Merge tag 'pinctrl-v5.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 63858ac326561af6a1e583ad4314cc1be16852ad with gcc (GCC) 10.2.1 20210217 kernel signature: 22b1c04f88ba8ecbc227c811ccc19e004ae7aeccaaf922b938ab411bbd41fa09 all runs: OK # git bisect bad 63858ac326561af6a1e583ad4314cc1be16852ad Bisecting: 156 revisions left to test after this (roughly 7 steps) [9348b73c2e1bfea74ccd4a44fb4ccc7276ab9623] mm: don't play games with pinned pages in clear_page_refs testing commit 9348b73c2e1bfea74ccd4a44fb4ccc7276ab9623 with gcc (GCC) 10.2.1 20210217 kernel signature: 010b4300af59e3b9a112f146f3fa1a5780bcc1b2aa924dac2732acc33327a9a7 all runs: crashed: UBSAN: shift-out-of-bounds in tcindex_set_parms # git bisect good 9348b73c2e1bfea74ccd4a44fb4ccc7276ab9623 Bisecting: 78 revisions left to test after this (roughly 6 steps) [7178a107f5ea7bdb1cc23073234f0ded0ef90ec7] X.509: Fix crash caused by NULL pointer testing commit 7178a107f5ea7bdb1cc23073234f0ded0ef90ec7 with gcc (GCC) 10.2.1 20210217 kernel signature: 8b6951c56699bb9211fbfe1e444e1b159be89dd815a6e7099cc34c6d4a98e62e all runs: crashed: UBSAN: shift-out-of-bounds in tcindex_set_parms # git bisect good 7178a107f5ea7bdb1cc23073234f0ded0ef90ec7 Bisecting: 38 revisions left to test after this (roughly 5 steps) [2565ff4eef34e03af67b7447c232c858f46b6e3b] Merge branch 'ipv4-ensure-ecn-bits-don-t-influence-source-address-validation' testing commit 2565ff4eef34e03af67b7447c232c858f46b6e3b with gcc (GCC) 10.2.1 20210217 kernel signature: dbe12df857bf925e93e533785a6b500b33946202cc282defd1751f78e2181513 all runs: OK # git bisect bad 2565ff4eef34e03af67b7447c232c858f46b6e3b Bisecting: 19 revisions left to test after this (roughly 4 steps) [87fe04367d842c4d97a77303242d4dd4ac351e46] net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext testing commit 87fe04367d842c4d97a77303242d4dd4ac351e46 with gcc (GCC) 10.2.1 20210217 kernel signature: 9e2ddcca8665e45e8aad44e47095a972aa6f6ae4a7ca8bfea0d2c7d9178e9c55 all runs: OK # git bisect bad 87fe04367d842c4d97a77303242d4dd4ac351e46 Bisecting: 9 revisions left to test after this (roughly 3 steps) [4237e9f4a96228ccc8a7abe5e4b30834323cd353] selftests/bpf: Add verifier test for PTR_TO_MEM spill testing commit 4237e9f4a96228ccc8a7abe5e4b30834323cd353 with gcc (GCC) 10.2.1 20210217 kernel signature: c3f72bea13d5888d734beace5a37e7e0e270aca5d9c1374266f0576c47fd363b all runs: crashed: UBSAN: shift-out-of-bounds in tcindex_set_parms # git bisect good 4237e9f4a96228ccc8a7abe5e4b30834323cd353 Bisecting: 4 revisions left to test after this (roughly 2 steps) [e4bedf48aaa5552bc1f49703abd17606e7e6e82a] net_sched: reject silly cell_log in qdisc_get_rtab() testing commit e4bedf48aaa5552bc1f49703abd17606e7e6e82a with gcc (GCC) 10.2.1 20210217 kernel signature: 12df044b5276e5f1d56911ea2ad574f9fedb203b839192e6f155f6baa903e1f1 all runs: crashed: UBSAN: shift-out-of-bounds in tcindex_set_parms # git bisect good e4bedf48aaa5552bc1f49703abd17606e7e6e82a Bisecting: 2 revisions left to test after this (roughly 1 step) [bcd0cf19ef8258ac31b9a20248b05c15a1f4b4b0] net_sched: avoid shift-out-of-bounds in tcindex_set_parms() testing commit bcd0cf19ef8258ac31b9a20248b05c15a1f4b4b0 with gcc (GCC) 10.2.1 20210217 kernel signature: d7b8c2b6f75f644e3464797539c2ab7b9e807770206a75cba6a3ce4f89876591 run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect good bcd0cf19ef8258ac31b9a20248b05c15a1f4b4b0 Bisecting: 0 revisions left to test after this (roughly 1 step) [79267ae22615496655feee2db0848f6786bcf67a] net: mscc: ocelot: allow offloading of bridge on top of LAG testing commit 79267ae22615496655feee2db0848f6786bcf67a with gcc (GCC) 10.2.1 20210217 kernel signature: 9e2ddcca8665e45e8aad44e47095a972aa6f6ae4a7ca8bfea0d2c7d9178e9c55 all runs: OK # git bisect bad 79267ae22615496655feee2db0848f6786bcf67a Bisecting: 0 revisions left to test after this (roughly 0 steps) [66c556025d687dbdd0f748c5e1df89c977b6c02a] skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too testing commit 66c556025d687dbdd0f748c5e1df89c977b6c02a with gcc (GCC) 10.2.1 20210217 kernel signature: 9e2ddcca8665e45e8aad44e47095a972aa6f6ae4a7ca8bfea0d2c7d9178e9c55 all runs: OK # git bisect bad 66c556025d687dbdd0f748c5e1df89c977b6c02a 66c556025d687dbdd0f748c5e1df89c977b6c02a is the first bad commit commit 66c556025d687dbdd0f748c5e1df89c977b6c02a Author: Alexander Lobakin Date: Fri Jan 15 15:04:40 2021 +0000 skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too Commit 3226b158e67c ("net: avoid 32 x truesize under-estimation for tiny skbs") ensured that skbs with data size lower than 1025 bytes will be kmalloc'ed to avoid excessive page cache fragmentation and memory consumption. However, the fix adressed only __napi_alloc_skb() (primarily for virtio_net and napi_get_frags()), but the issue can still be achieved through __netdev_alloc_skb(), which is still used by several drivers. Drivers often allocate a tiny skb for headers and place the rest of the frame to frags (so-called copybreak). Mirror the condition to __netdev_alloc_skb() to handle this case too. Since v1 [0]: - fix "Fixes:" tag; - refine commit message (mention copybreak usecase). [0] https://lore.kernel.org/netdev/20210114235423.232737-1-alobakin@pm.me Fixes: a1c7fff7e18f ("net: netdev_alloc_skb() use build_skb()") Signed-off-by: Alexander Lobakin Link: https://lore.kernel.org/r/20210115150354.85967-1-alobakin@pm.me Signed-off-by: Jakub Kicinski net/core/skbuff.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) culprit signature: 9e2ddcca8665e45e8aad44e47095a972aa6f6ae4a7ca8bfea0d2c7d9178e9c55 parent signature: d7b8c2b6f75f644e3464797539c2ab7b9e807770206a75cba6a3ce4f89876591 Reproducer flagged being flaky revisions tested: 17, total time: 4h5m54.741735191s (build: 1h46m5.415845254s, test: 2h18m25.507339324s) first good commit: 66c556025d687dbdd0f748c5e1df89c977b6c02a skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too recipients (to): ["alobakin@pm.me" "davem@davemloft.net" "kuba@kernel.org" "kuba@kernel.org" "netdev@vger.kernel.org"] recipients (cc): ["alobakin@pm.me" "linux-kernel@vger.kernel.org"]