bisecting cause commit starting from 4e2fa6b902751da6e15ad1bc748a65498ed28c94
building syzkaller on f9b6950728295eb8f52b05a0d9e5dccd99f93eaa
testing commit 4e2fa6b902751da6e15ad1bc748a65498ed28c94 with gcc (GCC) 8.1.0
kernel signature: 0729157d552b06b9e5937f4c557875ac38633cd2
all runs: crashed: BUG: unable to handle kernel paging request in rhashtable_jhash2
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 13d3f48efff34d4f6cb0e16aa0587e8b1995dda4
all runs: OK
# git bisect start 4e2fa6b902751da6e15ad1bc748a65498ed28c94 219d54332a09e8d8741c1e1982f5eae56099de85
Bisecting: 7035 revisions left to test after this (roughly 13 steps)
[a6ed68d6468bd5a3da78a103344ded1435fed57a] Merge tag 'drm-next-2019-11-27' of git://anongit.freedesktop.org/drm/drm
testing commit a6ed68d6468bd5a3da78a103344ded1435fed57a with gcc (GCC) 8.1.0
kernel signature: f895d094b5f6874c95f454eed731c6cb62d77591
all runs: OK
# git bisect good a6ed68d6468bd5a3da78a103344ded1435fed57a
Bisecting: 3662 revisions left to test after this (roughly 12 steps)
[ec939e4c94bd3ef2fd4f34c15f8aaf79bd0c5ee1] Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit ec939e4c94bd3ef2fd4f34c15f8aaf79bd0c5ee1 with gcc (GCC) 8.1.0
kernel signature: a81166565db19fb48c48c46bb42c749d0fce6f5a
all runs: OK
# git bisect good ec939e4c94bd3ef2fd4f34c15f8aaf79bd0c5ee1
Bisecting: 1835 revisions left to test after this (roughly 11 steps)
[80a0c2e511a97e11d82e0ec11564e2c3fe624b0d] Merge tag 'sound-5.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit 80a0c2e511a97e11d82e0ec11564e2c3fe624b0d with gcc (GCC) 8.1.0
kernel signature: 20e6bce4200d460acddeedf95c69f9cb356439f2
all runs: OK
# git bisect good 80a0c2e511a97e11d82e0ec11564e2c3fe624b0d
Bisecting: 966 revisions left to test after this (roughly 10 steps)
[9e41fbf3dd38327d440a8f3ba0c234519dbb5280] Merge branch 's390-qeth-next'
testing commit 9e41fbf3dd38327d440a8f3ba0c234519dbb5280 with gcc (GCC) 8.1.0
kernel signature: 47af340ea6f0d7017fdd6387fa19c0d5fe487f2e
all runs: OK
# git bisect good 9e41fbf3dd38327d440a8f3ba0c234519dbb5280
Bisecting: 483 revisions left to test after this (roughly 9 steps)
[6de03d2dcb0ec53e5862ae5844563bbbccde74bb] net/mlx5: DR, Create FTE entry in the FW from SW-steering
testing commit 6de03d2dcb0ec53e5862ae5844563bbbccde74bb with gcc (GCC) 8.1.0
kernel signature: 59f741254b5f53cf2dcc2e4fbc015b77479367dd
all runs: OK
# git bisect good 6de03d2dcb0ec53e5862ae5844563bbbccde74bb
Bisecting: 239 revisions left to test after this (roughly 8 steps)
[e69ec487b2c7c82ef99b4b15122f58a2a99289a3] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
testing commit e69ec487b2c7c82ef99b4b15122f58a2a99289a3 with gcc (GCC) 8.1.0
kernel signature: f4d0f3b7f5e14a55b748aabfecdac046f81d36c4
all runs: OK
# git bisect good e69ec487b2c7c82ef99b4b15122f58a2a99289a3
Bisecting: 119 revisions left to test after this (roughly 7 steps)
[8aa9a5d3f6af583ef6ba1f8ac66142c59ef5223a] r8169: switch to phylib functions in rtl_writephy_batch
testing commit 8aa9a5d3f6af583ef6ba1f8ac66142c59ef5223a with gcc (GCC) 8.1.0
kernel signature: 97af7724566f7e79ff54917cf51f5ca687e04ab6
all runs: OK
# git bisect good 8aa9a5d3f6af583ef6ba1f8ac66142c59ef5223a
Bisecting: 59 revisions left to test after this (roughly 6 steps)
[58ae92814008a324fc5698fa76fcd7497207fe0f] net: stmmac: gmac4+: Add TBS support
testing commit 58ae92814008a324fc5698fa76fcd7497207fe0f with gcc (GCC) 8.1.0
kernel signature: 6f84b28992109041e50d06f9da0590eb34df8f8e
all runs: OK
# git bisect good 58ae92814008a324fc5698fa76fcd7497207fe0f
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[9f3ef3d7026fe0aef5c2d649e21b8c71c17d8fc2] net: mac80211: use skb_list_walk_safe helper for gso segments
testing commit 9f3ef3d7026fe0aef5c2d649e21b8c71c17d8fc2 with gcc (GCC) 8.1.0
kernel signature: 46d838ff54bd6959998e8a6d8f16f3107a87d149
all runs: OK
# git bisect good 9f3ef3d7026fe0aef5c2d649e21b8c71c17d8fc2
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[8c5a5b9b9185e5f3f14c81b2d1cef7e6f837c280] mlxsw: spectrum_router: Separate nexthop offload indication from route
testing commit 8c5a5b9b9185e5f3f14c81b2d1cef7e6f837c280 with gcc (GCC) 8.1.0
kernel signature: 2d6c7ace2e66028756dd1d50fc9bb32faa7b565d
all runs: OK
# git bisect good 8c5a5b9b9185e5f3f14c81b2d1cef7e6f837c280
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[5a46facbbcd454985992b5109185329aebf82a02] net: bridge: vlan: add helpers to check for vlan id/range validity
testing commit 5a46facbbcd454985992b5109185329aebf82a02 with gcc (GCC) 8.1.0
kernel signature: f00b18cecf34f4e6d5599e4a73f23068e9260ee2
all runs: crashed: BUG: unable to handle kernel paging request in rhashtable_jhash2
# git bisect bad 5a46facbbcd454985992b5109185329aebf82a02
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[c662455b64a1f0dacb2127f402bd5401b88d42d1] selftests: forwarding: Add helpers and tests for FIB offload
testing commit c662455b64a1f0dacb2127f402bd5401b88d42d1 with gcc (GCC) 8.1.0
kernel signature: 2c1323f355d99388407886eab5fa085fbfb7f361
all runs: crashed: BUG: unable to handle kernel paging request in rhashtable_jhash2
# git bisect bad c662455b64a1f0dacb2127f402bd5401b88d42d1
Bisecting: 0 revisions left to test after this (roughly 1 step)
[48bb9eb47b2708bd3ded16684ddd258e53bd402c] netdevsim: fib: Add dummy implementation for FIB offload
testing commit 48bb9eb47b2708bd3ded16684ddd258e53bd402c with gcc (GCC) 8.1.0
kernel signature: eb88878019771dbe54bc0785e96a626ef8ad7b27
all runs: crashed: BUG: unable to handle kernel paging request in rhashtable_jhash2
# git bisect bad 48bb9eb47b2708bd3ded16684ddd258e53bd402c
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[ee5a0448e72b0857260e04f68126b2bfa27c154e] mlxsw: spectrum_router: Set hardware flags for routes
testing commit ee5a0448e72b0857260e04f68126b2bfa27c154e with gcc (GCC) 8.1.0
kernel signature: 95ac20f642b0988edfc5fac11aa5a3a4578eea1e
all runs: OK
# git bisect good ee5a0448e72b0857260e04f68126b2bfa27c154e
48bb9eb47b2708bd3ded16684ddd258e53bd402c is the first bad commit
commit 48bb9eb47b2708bd3ded16684ddd258e53bd402c
Author: Ido Schimmel <idosch@mellanox.com>
Date:   Tue Jan 14 13:23:15 2020 +0200

    netdevsim: fib: Add dummy implementation for FIB offload
    
    Implement dummy IPv4 and IPv6 FIB "offload" in the driver by storing
    currently "programmed" routes in a hash table. Each route in the hash
    table is marked with "trap" indication. The indication is cleared when
    the route is replaced or when the netdevsim instance is deleted.
    
    This will later allow us to test the route offload API on top of
    netdevsim.
    
    v2:
    * Convert to new fib_alias_hw_flags_set() interface
    
    Signed-off-by: Ido Schimmel <idosch@mellanox.com>
    Reviewed-by: Jiri Pirko <jiri@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 drivers/net/Kconfig         |   1 +
 drivers/net/netdevsim/fib.c | 671 +++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 663 insertions(+), 9 deletions(-)
culprit signature: eb88878019771dbe54bc0785e96a626ef8ad7b27
parent  signature: 95ac20f642b0988edfc5fac11aa5a3a4578eea1e
revisions tested: 16, total time: 4h10m30.635022376s (build: 1h45m1.893922477s, test: 2h23m31.488352008s)
first bad commit: 48bb9eb47b2708bd3ded16684ddd258e53bd402c netdevsim: fib: Add dummy implementation for FIB offload
cc: ["davem@davemloft.net" "idosch@mellanox.com" "jiri@mellanox.com"]
crash: BUG: unable to handle kernel paging request in rhashtable_jhash2
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f105c24ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f105c24b6d4 RCX: 000000000045aff9
RDX: 000000000000001b RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000014 R09: 0000000000000000
R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000005
R13: 0000000000000a1e R14: 00000000004cb482 R15: 0000000000000006
BUG: unable to handle page fault for address: fffffffffffffff4
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 8c70067 P4D 8c70067 PUD 8c72067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8230 Comm: syz-executor.3 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:jhash2 include/linux/jhash.h:125 [inline]
RIP: 0010:rhashtable_jhash2+0x55/0x2c0 lib/rhashtable.c:963
Code: fc ff df 48 89 df 48 c1 ef 03 46 0f b6 04 27 48 89 df 83 e7 07 83 c7 03 44 38 c7 7c 09 45 84 c0 0f 85 1f 02 00 00 48 8d 7b 04 <44> 8b 2b 49 89 f8 49 c1 e8 03 47 0f b6 0c 20 49 89 f8 41 83 e0 07
RSP: 0018:ffffc90002d571e0 EFLAGS: 00010246
RAX: 00000000caa66d40 RBX: fffffffffffffff4 RCX: 00000000caa66d40
RDX: 00000000caa66d40 RSI: 0000000000000007 RDI: fffffffffffffff8
RBP: ffffc90002d57208 R08: 0000000000000000 R09: ffffed1015d6703d
R10: ffffed1015d6703c R11: ffff8880aeb381e3 R12: dffffc0000000000
R13: ffff88807dc48c58 R14: ffffc90002d5725c R15: 0000000000000014
FS:  00007f105c24b700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff4 CR3: 000000008f4ea000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rht_key_get_hash include/linux/rhashtable.h:133 [inline]
 rht_key_hashfn include/linux/rhashtable.h:159 [inline]
 rht_head_hashfn include/linux/rhashtable.h:174 [inline]
 __rhashtable_insert_fast.constprop.18+0xa0c/0xdd0 include/linux/rhashtable.h:723
 rhashtable_insert_fast include/linux/rhashtable.h:832 [inline]
 nsim_fib6_rt_add drivers/net/netdevsim/fib.c:603 [inline]
 nsim_fib6_rt_insert drivers/net/netdevsim/fib.c:658 [inline]
 nsim_fib6_event drivers/net/netdevsim/fib.c:719 [inline]
 nsim_fib_event drivers/net/netdevsim/fib.c:744 [inline]
 nsim_fib_event_nb+0x1762/0x23c0 drivers/net/netdevsim/fib.c:772
 notifier_call_chain+0x8a/0x160 kernel/notifier.c:83
 __atomic_notifier_call_chain+0x69/0x110 kernel/notifier.c:173
 atomic_notifier_call_chain+0x11/0x20 kernel/notifier.c:183
 call_fib_notifiers+0xf1/0x1c0 net/core/fib_notifier.c:35
 call_fib6_notifiers+0x37/0x60 net/ipv6/fib6_notifier.c:22
 call_fib6_entry_notifiers+0xdd/0x150 net/ipv6/ip6_fib.c:399
 fib6_add_rt2node net/ipv6/ip6_fib.c:1216 [inline]
 fib6_add+0x1481/0x3760 net/ipv6/ip6_fib.c:1471
 __ip6_ins_rt+0x4f/0x70 net/ipv6/route.c:1315
 ip6_ins_rt+0x77/0xa0 net/ipv6/route.c:1325
 __ipv6_dev_ac_inc+0x71b/0xb90 net/ipv6/anycast.c:324
 ipv6_sock_ac_join+0x38d/0x610 net/ipv6/anycast.c:139
 do_ipv6_setsockopt.isra.8+0x2751/0x3690 net/ipv6/ipv6_sockglue.c:670
 ipv6_setsockopt+0x77/0x100 net/ipv6/ipv6_sockglue.c:944
 udpv6_setsockopt+0x16/0x30 net/ipv6/udp.c:1564
 sock_common_setsockopt+0x73/0xf0 net/core/sock.c:3149
 __sys_setsockopt+0x213/0x440 net/socket.c:2130
 __do_sys_setsockopt net/socket.c:2146 [inline]
 __se_sys_setsockopt net/socket.c:2143 [inline]
 __x64_sys_setsockopt+0xb9/0x150 net/socket.c:2143
 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45aff9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f105c24ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f105c24b6d4 RCX: 000000000045aff9
RDX: 000000000000001b RSI: 0000000000000029 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000014 R09: 0000000000000000
R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000005
R13: 0000000000000a1e R14: 00000000004cb482 R15: 0000000000000006
Modules linked in:
CR2: fffffffffffffff4
---[ end trace 8a781b343eeb2259 ]---
RIP: 0010:jhash2 include/linux/jhash.h:125 [inline]
RIP: 0010:rhashtable_jhash2+0x55/0x2c0 lib/rhashtable.c:963
Code: fc ff df 48 89 df 48 c1 ef 03 46 0f b6 04 27 48 89 df 83 e7 07 83 c7 03 44 38 c7 7c 09 45 84 c0 0f 85 1f 02 00 00 48 8d 7b 04 <44> 8b 2b 49 89 f8 49 c1 e8 03 47 0f b6 0c 20 49 89 f8 41 83 e0 07
RSP: 0018:ffffc90002d571e0 EFLAGS: 00010246
RAX: 00000000caa66d40 RBX: fffffffffffffff4 RCX: 00000000caa66d40
RDX: 00000000caa66d40 RSI: 0000000000000007 RDI: fffffffffffffff8
RBP: ffffc90002d57208 R08: 0000000000000000 R09: ffffed1015d6703d
R10: ffffed1015d6703c R11: ffff8880aeb381e3 R12: dffffc0000000000
R13: ffff88807dc48c58 R14: ffffc90002d5725c R15: 0000000000000014
FS:  00007f105c24b700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff4 CR3: 000000008f4ea000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400