bisecting cause commit starting from 39f5886032380e49119786b23274b38e9b3aa99c
building syzkaller on 34bf9440bd06034f86b5d9ac8afbf078129cbdae
testing commit 39f5886032380e49119786b23274b38e9b3aa99c with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in call_fib6_multipath_entry_notifiers
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 39f5886032380e49119786b23274b38e9b3aa99c v5.1
Bisecting: 7437 revisions left to test after this (roughly 13 steps)
[a2d635decbfa9c1e4ae15cb05b68b2559f7f827c] Merge tag 'drm-next-2019-05-09' of git://anongit.freedesktop.org/drm/drm
testing commit a2d635decbfa9c1e4ae15cb05b68b2559f7f827c with gcc (GCC) 8.1.0
all runs: OK
# git bisect good a2d635decbfa9c1e4ae15cb05b68b2559f7f827c
Bisecting: 3617 revisions left to test after this (roughly 12 steps)
[e8a1d70117116c8d96c266f0b99e931717670eaf] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit e8a1d70117116c8d96c266f0b99e931717670eaf with gcc (GCC) 8.1.0
all runs: OK
# git bisect good e8a1d70117116c8d96c266f0b99e931717670eaf
Bisecting: 1808 revisions left to test after this (roughly 11 steps)
[f097dcba1d4a46a1b3b43a94cf9adafc8f4f859a] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 380
testing commit f097dcba1d4a46a1b3b43a94cf9adafc8f4f859a with gcc (GCC) 8.1.0
all runs: OK
# git bisect good f097dcba1d4a46a1b3b43a94cf9adafc8f4f859a
Bisecting: 904 revisions left to test after this (roughly 10 steps)
[89fec474fa1ab2c754e48d29e1081a2c2bd22dc6] net/tls: pass record number as a byte array
testing commit 89fec474fa1ab2c754e48d29e1081a2c2bd22dc6 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 89fec474fa1ab2c754e48d29e1081a2c2bd22dc6
Bisecting: 450 revisions left to test after this (roughly 9 steps)
[963172d9c7e862654d3d24cbcafb33f33ae697a8] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 963172d9c7e862654d3d24cbcafb33f33ae697a8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 963172d9c7e862654d3d24cbcafb33f33ae697a8
Bisecting: 225 revisions left to test after this (roughly 8 steps)
[efa14c3985828da3163f5372137cb64d992b0f79] iavf: allow null RX descriptors
testing commit efa14c3985828da3163f5372137cb64d992b0f79 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good efa14c3985828da3163f5372137cb64d992b0f79
Bisecting: 110 revisions left to test after this (roughly 7 steps)
[2a2af5e6e6f55e8ec381f710b8765ffe2838e313] Merge tag 'mac80211-for-davem-2019-06-14' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
testing commit 2a2af5e6e6f55e8ec381f710b8765ffe2838e313 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 2a2af5e6e6f55e8ec381f710b8765ffe2838e313
Bisecting: 50 revisions left to test after this (roughly 6 steps)
[da0f382029868806e88c046eb2560fdee7a9457c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit da0f382029868806e88c046eb2560fdee7a9457c with gcc (GCC) 8.1.0
all runs: OK
# git bisect good da0f382029868806e88c046eb2560fdee7a9457c
Bisecting: 25 revisions left to test after this (roughly 5 steps)
[928c0b534f2977a3c20c6237282fb8f685775373] mlxsw: spectrum_router: Pass multiple routes to work item
testing commit 928c0b534f2977a3c20c6237282fb8f685775373 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in call_fib6_multipath_entry_notifiers
# git bisect bad 928c0b534f2977a3c20c6237282fb8f685775373
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[13091aa30535b719e269f20a7bc34002bf5afae5] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit 13091aa30535b719e269f20a7bc34002bf5afae5 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 13091aa30535b719e269f20a7bc34002bf5afae5
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[f6c3bb75165cb4d0a0beb2ea6df5b392b7131645] mlxsw: spectrum_router: Ignore IPv6 multipath notifications
testing commit f6c3bb75165cb4d0a0beb2ea6df5b392b7131645 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good f6c3bb75165cb4d0a0beb2ea6df5b392b7131645
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[2881fd61b68ef260b65ff25e19e3133d99f6a0a8] ipv6: Add IPv6 multipath notification for route delete
testing commit 2881fd61b68ef260b65ff25e19e3133d99f6a0a8 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in call_fib6_multipath_entry_notifiers
# git bisect bad 2881fd61b68ef260b65ff25e19e3133d99f6a0a8
Bisecting: 0 revisions left to test after this (roughly 1 step)
[ebee3cad835f7fe7250213225cf6d62c7cf3b2ca] ipv6: Add IPv6 multipath notifications for add / replace
testing commit ebee3cad835f7fe7250213225cf6d62c7cf3b2ca with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in call_fib6_multipath_entry_notifiers
# git bisect bad ebee3cad835f7fe7250213225cf6d62c7cf3b2ca
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d133e4f1fa12bff58e1203c7d6c75f993fb5dead] netdevsim: Ignore IPv6 multipath notifications
testing commit d133e4f1fa12bff58e1203c7d6c75f993fb5dead with gcc (GCC) 8.1.0
all runs: OK
# git bisect good d133e4f1fa12bff58e1203c7d6c75f993fb5dead
ebee3cad835f7fe7250213225cf6d62c7cf3b2ca is the first bad commit
commit ebee3cad835f7fe7250213225cf6d62c7cf3b2ca
Author: Ido Schimmel <idosch@mellanox.com>
Date:   Tue Jun 18 18:12:48 2019 +0300

    ipv6: Add IPv6 multipath notifications for add / replace
    
    Emit a notification when a multipath routes is added or replace.
    
    Note that unlike the replace notifications sent from fib6_add_rt2node(),
    it is possible we are sending a 'FIB_EVENT_ENTRY_REPLACE' when a route
    was merely added and not replaced.
    
    Signed-off-by: Ido Schimmel <idosch@mellanox.com>
    Acked-by: Jiri Pirko <jiri@mellanox.com>
    Reviewed-by: David Ahern <dsahern@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

:040000 040000 d579ff2d02b0fd5b2b39acc4d945748ea12763eb fdc4d75a6f74e57a89ed88a2decef2ef9450dadd M	net
revisions tested: 16, total time: 4h16m58.184130819s (build: 1h29m8.409841585s, test: 2h42m58.91030275s)
first bad commit: ebee3cad835f7fe7250213225cf6d62c7cf3b2ca ipv6: Add IPv6 multipath notifications for add / replace
cc: ["davem@davemloft.net" "dsahern@gmail.com" "idosch@mellanox.com" "jiri@mellanox.com"]
crash: general protection fault in call_fib6_multipath_entry_notifiers
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7731 Comm: syz-executor.4 Not tainted 5.2.0-rc5+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:call_fib6_multipath_entry_notifiers+0x97/0x160 net/ipv6/ip6_fib.c:397
Code: 00 00 00 00 89 4d a8 48 89 d1 48 c1 e9 03 48 c7 45 88 00 00 00 00 48 c7 45 90 00 00 00 00 4c 89 45 98 48 89 55 a0 c6 45 ac 01 <80> 3c 01 00 0f 85 90 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b
RSP: 0018:ffff88809d577348 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 1ffff11013aaee6b RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88809d5773f0 R08: ffff88809d577890 R09: 0000000000000002
R10: ffff88809d577638 R11: 0000000000000000 R12: ffff88809d577890
R13: ffff88809ff4e180 R14: ffff88809d5774a0 R15: 000000000000000e
FS:  00007f8d234e3700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc1203df10 CR3: 000000009f826000 CR4: 00000000001406f0
Call Trace:
 ip6_route_multipath_add+0x232/0x1420 net/ipv6/route.c:5088
 inet6_rtm_newroute+0x99/0x100 net/ipv6/route.c:5202
 rtnetlink_rcv_msg+0x34f/0x8f0 net/core/rtnetlink.c:5214
 netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:5232
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x43f/0x630 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0xf0 net/socket.c:665
 ___sys_sendmsg+0x647/0x950 net/socket.c:2286
 __sys_sendmsg+0xd9/0x180 net/socket.c:2324
 __do_sys_sendmsg net/socket.c:2333 [inline]
 __se_sys_sendmsg net/socket.c:2331 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2331
 do_syscall_64+0xd0/0x530 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4592c9
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8d234e2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d234e36d4
R13: 00000000004c6f76 R14: 00000000004dc0b0 R15: 00000000ffffffff
Modules linked in:
---[ end trace 51f4d60fba5c117f ]---
RIP: 0010:call_fib6_multipath_entry_notifiers+0x97/0x160 net/ipv6/ip6_fib.c:397
Code: 00 00 00 00 89 4d a8 48 89 d1 48 c1 e9 03 48 c7 45 88 00 00 00 00 48 c7 45 90 00 00 00 00 4c 89 45 98 48 89 55 a0 c6 45 ac 01 <80> 3c 01 00 0f 85 90 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b
RSP: 0018:ffff88809d577348 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 1ffff11013aaee6b RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88809d5773f0 R08: ffff88809d577890 R09: 0000000000000002
R10: ffff88809d577638 R11: 0000000000000000 R12: ffff88809d577890
R13: ffff88809ff4e180 R14: ffff88809d5774a0 R15: 000000000000000e
FS:  00007f8d234e3700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc1203df10 CR3: 000000009f826000 CR4: 00000000001406f0