syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

divide error in netem_enqueue

Status: upstream: reported C repro on 2020/11/25 15:52
Reported-by: syzbot+24970a7c41ef39ac08d8@syzkaller.appspotmail.com
First crash: 1457d, last: 672d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream divide error in netem_enqueue C done done 332 841d 1854d 0/28 closed as invalid on 2022/11/15 21:20
android-5-10 divide error in netem_enqueue 2 906d 917d 0/2 auto-closed as invalid on 2022/08/28 08:54
android-5-10 divide error in netem_enqueue (2) 1 798d 798d 0/2 auto-obsoleted due to no activity on 2022/12/14 01:50
linux-4.14 divide error in netem_enqueue C error 32 899d 1791d 0/1 upstream: reported C repro on 2019/12/26 23:17
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2022/02/19 15:36 13m bisect fix linux-4.19.y error job log
2021/06/14 18:48 24m bisect fix linux-4.19.y OK (0) job log log
2021/05/15 18:09 27m bisect fix linux-4.19.y OK (0) job log log
2021/04/06 10:02 23m bisect fix linux-4.19.y OK (0) job log log

Sample crash report:
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8375 Comm: syz-executor191 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:netem_enqueue+0x1217/0x3170 net/sched/sch_netem.c:516
Code: f6 74 1f 4c 89 44 24 20 89 4c 24 18 89 44 24 10 e8 9e b4 02 fb 4c 8b 44 24 20 8b 4c 24 18 8b 44 24 10 2b 8d 84 00 00 00 31 d2 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d6 4c 89 f1 48 c1 e9 03
RSP: 0018:ffff8880957a76d8 EFLAGS: 00010246
RAX: 00000000336d57df RBX: 0000000000000010 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88809f03ee44
RBP: ffff88809f03edc0 R08: ffff88809f03ee98 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffff88809bf71780 R15: ffff8880aed31680
FS:  00007f0c010d9700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 000000009b602000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __dev_xmit_skb net/core/dev.c:3494 [inline]
 __dev_queue_xmit+0x140a/0x2e00 net/core/dev.c:3807
 __netlink_deliver_tap_skb net/netlink/af_netlink.c:303 [inline]
 __netlink_deliver_tap net/netlink/af_netlink.c:321 [inline]
 netlink_deliver_tap+0x8fb/0xb00 net/netlink/af_netlink.c:334
 netlink_deliver_tap_kernel net/netlink/af_netlink.c:343 [inline]
 netlink_unicast_kernel net/netlink/af_netlink.c:1324 [inline]
 netlink_unicast+0x545/0x690 net/netlink/af_netlink.c:1351
 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227
 __sys_sendmsg net/socket.c:2265 [inline]
 __do_sys_sendmsg net/socket.c:2274 [inline]
 __se_sys_sendmsg net/socket.c:2272 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f0c01934e79
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0c010d9308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f0c019b64a8 RCX: 00007f0c01934e79
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
RBP: 00007f0c019b64a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c019b64ac
R13: 00007f0c01983818 R14: 0004000c00000000 R15: 0000000000022000
Modules linked in:
---[ end trace d03721d2bae6e2f8 ]---
RIP: 0010:netem_enqueue+0x1217/0x3170 net/sched/sch_netem.c:516
Code: f6 74 1f 4c 89 44 24 20 89 4c 24 18 89 44 24 10 e8 9e b4 02 fb 4c 8b 44 24 20 8b 4c 24 18 8b 44 24 10 2b 8d 84 00 00 00 31 d2 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d6 4c 89 f1 48 c1 e9 03
RSP: 0018:ffff8880957a76d8 EFLAGS: 00010246
RAX: 00000000336d57df RBX: 0000000000000010 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88809f03ee44
RBP: ffff88809f03edc0 R08: ffff88809f03ee98 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffff88809bf71780 R15: ffff8880aed31680
FS:  00007f0c010d9700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 000000009b602000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	f6 74 1f 4c          	divb   0x4c(%rdi,%rbx,1)
   4:	89 44 24 20          	mov    %eax,0x20(%rsp)
   8:	89 4c 24 18          	mov    %ecx,0x18(%rsp)
   c:	89 44 24 10          	mov    %eax,0x10(%rsp)
  10:	e8 9e b4 02 fb       	callq  0xfb02b4b3
  15:	4c 8b 44 24 20       	mov    0x20(%rsp),%r8
  1a:	8b 4c 24 18          	mov    0x18(%rsp),%ecx
  1e:	8b 44 24 10          	mov    0x10(%rsp),%eax
  22:	2b 8d 84 00 00 00    	sub    0x84(%rbp),%ecx
  28:	31 d2                	xor    %edx,%edx
* 2a:	f7 f1                	div    %ecx <-- trapping instruction
  2c:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  33:	fc ff df
  36:	49 01 d6             	add    %rdx,%r14
  39:	4c 89 f1             	mov    %r14,%rcx
  3c:	48 c1 e9 03          	shr    $0x3,%rcx

Crashes (55):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/10/21 05:13 linux-4.19.y 3f8a27f9e27b f111d03b .config console log report syz C ci2-linux-4-19 divide error in netem_enqueue
2021/01/01 01:43 linux-4.19.y 3207316b3bee 79264ae3 .config console log report syz C ci2-linux-4-19
2020/12/14 21:09 linux-4.19.y 13d2ce42de8c 97183ed7 .config console log report syz C ci2-linux-4-19
2023/01/19 01:03 linux-4.19.y 3f8a27f9e27b 4620c2d9 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 divide error in netem_enqueue
2022/11/03 05:41 linux-4.19.y 3f8a27f9e27b 7a2ebf95 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 divide error in netem_enqueue
2022/06/23 02:37 linux-4.19.y 3f8a27f9e27b 912f5df7 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2022/06/01 15:51 linux-4.19.y 3f8a27f9e27b b4bc6a3d .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2022/04/30 06:31 linux-4.19.y 3f8a27f9e27b ad6b95d8 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2022/03/14 22:24 linux-4.19.y 3f8a27f9e27b 9e8eaa75 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2022/02/25 04:27 linux-4.19.y 3f8a27f9e27b 7c337266 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2022/01/20 15:36 linux-4.19.y 3f8a27f9e27b b838eb76 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2022/01/15 16:08 linux-4.19.y 3f8a27f9e27b 723cfaf0 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/12/30 23:10 linux-4.19.y 3f8a27f9e27b 36bd2e48 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/12/12 13:57 linux-4.19.y 3f8a27f9e27b 49ca1f59 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/17 22:26 linux-4.19.y 3f8a27f9e27b cafff8b6 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/16 04:29 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/15 01:47 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/14 23:04 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/13 17:20 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/13 09:41 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/11 13:33 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/11 13:07 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/08 10:23 linux-4.19.y 3f8a27f9e27b 4c1be0be .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/06 01:20 linux-4.19.y 3f8a27f9e27b 4c1be0be .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/11/03 21:14 linux-4.19.y 3f8a27f9e27b 4c1be0be .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/10/13 10:03 linux-4.19.y 3f8a27f9e27b 9d56e7dd .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/10/13 08:39 linux-4.19.y 3f8a27f9e27b 9d56e7dd .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/10/12 10:19 linux-4.19.y e34184f53363 838e7e2c .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/10/09 14:02 linux-4.19.y e34184f53363 838e7e2c .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/10/09 03:33 linux-4.19.y 6db10b4d5efd efe0f24d .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/09/28 04:09 linux-4.19.y c2276d585654 78494d16 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/09/27 22:55 linux-4.19.y c2276d585654 78494d16 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/09/27 03:50 linux-4.19.y c2276d585654 78494d16 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/09/24 23:11 linux-4.19.y 2950c9c5e0df 8cac236e .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/09/19 05:33 linux-4.19.y b172b44fcb17 70b76c1d .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/09/16 01:39 linux-4.19.y b172b44fcb17 07e953c1 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/08/31 22:42 linux-4.19.y e23d55af0e1f 7eb7e152 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/08/24 00:38 linux-4.19.y 59456c9cc40c b599f2fc .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/08/14 09:05 linux-4.19.y addba38e7c3b 2489ab88 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/08/09 13:47 linux-4.19.y 5c66974a6304 6972b106 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/08/06 17:38 linux-4.19.y 6ca2f514c578 6972b106 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/08/04 17:02 linux-4.19.y 6ca2f514c578 b97d64c9 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/08/04 04:52 linux-4.19.y 53bd76690e27 6c236867 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/07/20 09:48 linux-4.19.y fcfbdfe9626e bc48c9ab .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/06/23 20:07 linux-4.19.y eb575cd5d7f6 fe4ab389 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/06/23 03:34 linux-4.19.y eb575cd5d7f6 aba2b2fb .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/04/15 18:09 linux-4.19.y 0f1b4cb77d7f c59079a6 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/04/08 01:15 linux-4.19.y b4454811f122 6a81331a .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/03/07 10:00 linux-4.19.y dfb571610ba3 c599ed12 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/02/25 03:11 linux-4.19.y 2d19be4653f5 fcc6d71b .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/02/14 13:24 linux-4.19.y 811218eceeaa 98682e5e .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/01/28 13:41 linux-4.19.y c4ff839de17f eefc07f2 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2021/01/25 17:43 linux-4.19.y 2263955bf7e7 52e37319 .config console log report info ci2-linux-4-19 divide error in netem_enqueue
2020/12/14 20:18 linux-4.19.y 13d2ce42de8c 97183ed7 .config console log report info ci2-linux-4-19
2020/11/25 15:51 linux-4.19.y 0c88e405c97e 1a1f4bd8 .config console log report info ci2-linux-4-19
* Struck through repros no longer work on HEAD.