bisecting cause commit starting from 6850ec973791a4917003a6f5e2e0243a56e2c1f7
building syzkaller on 325a8dab43fe8af46c179dcb4e2426613440fe85
testing commit 6850ec973791a4917003a6f5e2e0243a56e2c1f7 with gcc (GCC) 10.2.1 20210217
kernel signature: ec1ce05bb908c89c3c9ec693af07b92a5463120b0a3bad41440c2a67f8a68d45
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
testing release v5.12
testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217
kernel signature: 20a3195b0c2adea39c30d2e9f830a6fa425a34f031f28cd84a5fc4bf09ce8f4d
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217
kernel signature: 22b26ae1e3be417e2ad324e47433a262e845b6471dfc09f4fa2f647b3330df8e
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217
kernel signature: 8f55ba93fd53951cac9b68b979c728becbef461543abacbe99727324ff41baf6
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217
kernel signature: f654d07eeb7c456b884d4afbd5bc4d393d1b1677ed42327eee0eaef482a1d4de
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217
kernel signature: 1063ebaf54671db7804acf12269942e9a5933d00bfb78bb5cf898a218f3c1d07
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217
kernel signature: 3856a09b3d94850025e3ae49dd0f33b972955333e09df445983a6a278d85997d
all runs: OK
# git bisect start bcf876870b95592b52519ed4aafcf9d95999bc9c 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162
Bisecting: 8752 revisions left to test after this (roughly 13 steps)
[694b5a5d313f3997764b67d52bab66ec7e59e714] Merge tag 'arm-soc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 694b5a5d313f3997764b67d52bab66ec7e59e714 with gcc (GCC) 8.4.1 20210217
kernel signature: e3c9d0a702e47eebeb4dd9082e44a8dd2addfedb876b350e00a1d2ca5c4461eb
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
# git bisect bad 694b5a5d313f3997764b67d52bab66ec7e59e714
Bisecting: 4417 revisions left to test after this (roughly 12 steps)
[2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63] Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

testing commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 with gcc (GCC) 8.4.1 20210217
kernel signature: 32f727b2e997de4de9ce4942773367a974bc5d6b4f17241a93f731714df7d777
all runs: OK
# git bisect good 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63
Bisecting: 2208 revisions left to test after this (roughly 11 steps)
[5df42c8267418bfb8da54cc4772b397ea4c88aea] ice: fix MAC write command

testing commit 5df42c8267418bfb8da54cc4772b397ea4c88aea with gcc (GCC) 8.4.1 20210217
kernel signature: 0ed4eb6871c1b1b804be62d2815d78730efcd03ebd6a6935bc5e8db3de3bc72d
all runs: OK
# git bisect good 5df42c8267418bfb8da54cc4772b397ea4c88aea
Bisecting: 1032 revisions left to test after this (roughly 10 steps)
[a98f670e41a99f53acb1fb33cee9c6abbb2e6f23] Merge tag 'media/v5.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

testing commit a98f670e41a99f53acb1fb33cee9c6abbb2e6f23 with gcc (GCC) 8.4.1 20210217
kernel signature: cf406da47779db59f2df69a7ad0249097af419b1ad3554a3bd14372851095446
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
# git bisect bad a98f670e41a99f53acb1fb33cee9c6abbb2e6f23
Bisecting: 636 revisions left to test after this (roughly 9 steps)
[c444eb564fb16645c172d550359cb3d75fe8a040] mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()

testing commit c444eb564fb16645c172d550359cb3d75fe8a040 with gcc (GCC) 8.4.1 20210217
kernel signature: d8e017ee57b6b62f9292de06c1097693f183944c8107c22dc9b159295b7f0292
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
# git bisect bad c444eb564fb16645c172d550359cb3d75fe8a040
Bisecting: 266 revisions left to test after this (roughly 8 steps)
[d7ad1415bda5cd0a7a948720bf154ecb62a0e9c4] Merge tag 'wireless-drivers-next-2020-05-30' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next

testing commit d7ad1415bda5cd0a7a948720bf154ecb62a0e9c4 with gcc (GCC) 8.4.1 20210217
kernel signature: 607924873b8dd3da6772cd2d3a41dfe706d39e2320d86ca9467fdd867f8bf577
all runs: OK
# git bisect good d7ad1415bda5cd0a7a948720bf154ecb62a0e9c4
Bisecting: 133 revisions left to test after this (roughly 7 steps)
[1897936744f0ab366102170d7c76bfc8f7aeb2ba] netdevsim: Register control traps

testing commit 1897936744f0ab366102170d7c76bfc8f7aeb2ba with gcc (GCC) 8.4.1 20210217
kernel signature: 574633bdf01d9494e4b9654f0e95717b2e2806b610b1accb0ed8959b158043f2
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
# git bisect bad 1897936744f0ab366102170d7c76bfc8f7aeb2ba
Bisecting: 55 revisions left to test after this (roughly 6 steps)
[1079a34c56c535c3e27df8def0d3c5069d2de129] Merge tag 'mac80211-next-for-davem-2020-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next

testing commit 1079a34c56c535c3e27df8def0d3c5069d2de129 with gcc (GCC) 8.4.1 20210217
kernel signature: e55debc9eada5f2d8793a442eaa8838c90987abbc5a5cd50f878a8b46596e9d9
all runs: OK
# git bisect good 1079a34c56c535c3e27df8def0d3c5069d2de129
Bisecting: 27 revisions left to test after this (roughly 5 steps)
[1fac52da5942c58dd3e337fd7c5a550925ca752e] net: flow_offload: consolidate indirect flow_block infrastructure

testing commit 1fac52da5942c58dd3e337fd7c5a550925ca752e with gcc (GCC) 8.4.1 20210217
kernel signature: 5b5bb8e27ad72e8e5f536df6faf874bb8e3525acff42d5c256b597eeea46a7e8
all runs: OK
# git bisect good 1fac52da5942c58dd3e337fd7c5a550925ca752e
Bisecting: 18 revisions left to test after this (roughly 4 steps)
[5b6743fb2c2a1fcb31c8b227558f537095dbece4] netfilter: nf_tables: skip flowtable hooknum and priority on device updates

testing commit 5b6743fb2c2a1fcb31c8b227558f537095dbece4 with gcc (GCC) 8.4.1 20210217
kernel signature: 3bc34265ee8a612e7e972b6948ea477fa0aedd1444e4b9193c614464456ef3ff
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
# git bisect bad 5b6743fb2c2a1fcb31c8b227558f537095dbece4
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[389a2cbcb7f15e2af9babdc0c63cec318537e7ed] netfilter: nf_tables: add nft_flowtable_hooks_destroy()

testing commit 389a2cbcb7f15e2af9babdc0c63cec318537e7ed with gcc (GCC) 8.4.1 20210217
kernel signature: 40bfe2812f96f0ab3a232af1648f9d9ea1deaabbf038efb2bf70dc65543fa7fb
all runs: OK
# git bisect good 389a2cbcb7f15e2af9babdc0c63cec318537e7ed
Bisecting: 2 revisions left to test after this (roughly 1 step)
[78d9f48f7f44431a25da2b46b3a8812f6ff2b981] netfilter: nf_tables: add devices to existing flowtable

testing commit 78d9f48f7f44431a25da2b46b3a8812f6ff2b981 with gcc (GCC) 8.4.1 20210217
kernel signature: 9cecf3ad19b0d3324133bff3fa8116cf2ee819292b549170d4d4295ea19c1e86
all runs: OK
# git bisect good 78d9f48f7f44431a25da2b46b3a8812f6ff2b981
Bisecting: 0 revisions left to test after this (roughly 1 step)
[05abe4456fa376040f6cc3cc6830d2e328723478] netfilter: nf_tables: allow to register flowtable with no devices

testing commit 05abe4456fa376040f6cc3cc6830d2e328723478 with gcc (GCC) 8.4.1 20210217
kernel signature: f6c058b579825cea81f27d50b8fd9616dce6aaad2b16dae69d2e93d822ff96e8
all runs: crashed: general protection fault in nft_set_elem_expr_alloc
# git bisect bad 05abe4456fa376040f6cc3cc6830d2e328723478
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[abadb2f865d72a223d691fc68e006943ecadf0d9] netfilter: nf_tables: delete devices from flowtable

testing commit abadb2f865d72a223d691fc68e006943ecadf0d9 with gcc (GCC) 8.4.1 20210217
kernel signature: 27cc09b3c40c2da6bd02da7477f14ccc35c0c783b2508e195fde16f5e95092cf
all runs: OK
# git bisect good abadb2f865d72a223d691fc68e006943ecadf0d9
05abe4456fa376040f6cc3cc6830d2e328723478 is the first bad commit
commit 05abe4456fa376040f6cc3cc6830d2e328723478
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Wed May 20 15:44:37 2020 +0200

    netfilter: nf_tables: allow to register flowtable with no devices
    
    A flowtable might be composed of dynamic interfaces only. Such dynamic
    interfaces might show up at a later stage. This patch allows users to
    register a flowtable with no devices. Once the dynamic interface becomes
    available, the user adds the dynamic devices to the flowtable.
    
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 net/netfilter/nf_tables_api.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

culprit signature: f6c058b579825cea81f27d50b8fd9616dce6aaad2b16dae69d2e93d822ff96e8
parent  signature: 27cc09b3c40c2da6bd02da7477f14ccc35c0c783b2508e195fde16f5e95092cf
revisions tested: 21, total time: 4h33m32.147127047s (build: 2h31m41.280901595s, test: 1h58m57.756739184s)
first bad commit: 05abe4456fa376040f6cc3cc6830d2e328723478 netfilter: nf_tables: allow to register flowtable with no devices
recipients (to): ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@netfilter.org" "kuba@kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org" "pablo@netfilter.org"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: general protection fault in nft_set_elem_expr_alloc
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 1 PID: 10834 Comm: syz-executor.0 Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nft_set_elem_expr_alloc+0x119/0x1e0 net/netfilter/nf_tables_api.c:4868
Code: c1 e9 03 80 3c 11 00 0f 85 ce 00 00 00 49 8b ac 24 c0 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 8d 7d 70 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 95 00 00 00 48 8b 55 70 48 85 d2 74 16 48 89 04
RSP: 0018:ffffc9000ab9f2e8 EFLAGS: 00010202
RAX: ffff8880a9edca00 RBX: ffffc9000ab9f490 RCX: 000000000000000e
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0000000000000070
RBP: 0000000000000000 R08: fffffbfff1853ff9 R09: fffffbfff1853ff9
R10: ffffffff8c29ffc7 R11: fffffbfff1853ff8 R12: ffff8880a12ac800
R13: 0000000000000007 R14: ffff8880b0c5d580 R15: ffffc9000ab9f6f0
FS:  00007f5f64210700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000052c570 CR3: 00000000af9d9000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 nf_tables_newset+0x1322/0x2120 net/netfilter/nf_tables_api.c:4097
 nfnetlink_rcv_batch+0x876/0x15e0 net/netfilter/nfnetlink.c:433
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline]
 nfnetlink_rcv+0x2bc/0x340 net/netfilter/nfnetlink.c:561
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x766/0xc10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:672
 ____sys_sendmsg+0x57b/0x7a0 net/socket.c:2352
 ___sys_sendmsg+0xe4/0x160 net/socket.c:2406
 __sys_sendmsg+0xce/0x170 net/socket.c:2439
 do_syscall_64+0x98/0x560 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x4665d9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5f64210188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffdbff4a2df R14: 00007f5f64210300 R15: 0000000000022000
Modules linked in:
---[ end trace 3c8fd73d212a95a2 ]---
RIP: 0010:nft_set_elem_expr_alloc+0x119/0x1e0 net/netfilter/nf_tables_api.c:4868
Code: c1 e9 03 80 3c 11 00 0f 85 ce 00 00 00 49 8b ac 24 c0 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 8d 7d 70 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 95 00 00 00 48 8b 55 70 48 85 d2 74 16 48 89 04
RSP: 0018:ffffc9000ab9f2e8 EFLAGS: 00010202
RAX: ffff8880a9edca00 RBX: ffffc9000ab9f490 RCX: 000000000000000e
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0000000000000070
RBP: 0000000000000000 R08: fffffbfff1853ff9 R09: fffffbfff1853ff9
R10: ffffffff8c29ffc7 R11: fffffbfff1853ff8 R12: ffff8880a12ac800
R13: 0000000000000007 R14: ffff8880b0c5d580 R15: ffffc9000ab9f6f0
FS:  00007f5f64210700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a9a65d0c37 CR3: 00000000af9d9000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400