syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

divide error in tabledist

Status: fixed on 2020/11/17 09:23
Reported-by: syzbot+27502b739115cfecfe57@syzkaller.appspotmail.com
Fix commit: 95ba2236b8e6 netem: fix zero division in tabledist
First crash: 2099d, last: 1742d
Fix bisection: fixed by (bisect log) :
commit 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19
Author: Aleksandr Nogikh <nogikh@google.com>
Date: Wed Oct 28 17:07:31 2020 +0000

  netem: fix zero division in tabledist

  
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream divide error in tabledist (2) 2 C done error 39 1864d 2105d 0/29 closed as invalid on 2021/10/06 02:59
upstream divide error in tabledist net 2 3 2128d 2137d 13/29 fixed on 2019/10/15 23:40
Fix bisection attempts (12)
Created Duration User Patch Repo Result
2020/11/17 02:59 3h01m bisect fix linux-4.19.y OK (1) job log
2020/10/18 02:33 25m bisect fix linux-4.19.y OK (0) job log log
2020/09/18 02:09 24m bisect fix linux-4.19.y OK (0) job log log
2020/08/11 20:07 26m bisect fix linux-4.19.y OK (0) job log log
2020/07/12 17:05 25m bisect fix linux-4.19.y OK (0) job log log
2020/06/12 16:39 25m bisect fix linux-4.19.y OK (0) job log log
2020/05/13 16:05 30m bisect fix linux-4.19.y OK (0) job log log
2020/04/12 01:46 24m bisect fix linux-4.19.y OK (0) job log log
2020/03/13 01:16 26m bisect fix linux-4.19.y OK (0) job log log
2020/02/12 00:32 24m bisect fix linux-4.19.y OK (0) job log log
2020/01/12 18:07 24m bisect fix linux-4.19.y OK (0) job log log
2019/12/13 17:27 24m bisect fix linux-4.19.y OK (0) job log log
Cause bisection attempts (1)
Created Duration User Patch Repo Result
2019/11/27 08:24 bisect linux-4.19.y OK (0)

Sample crash report:
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 4.19.139-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:tabledist.part.0+0x22a/0x2a0 net/sched/sch_netem.c:333
Code: 4c 01 f0 48 c1 e8 20 41 89 45 00 41 89 c6 e8 1d 9e 91 fb 48 85 db 0f 85 6d fe ff ff e8 0f 9e 91 fb 8d 4c 2d 00 44 89 f0 31 d2 <f7> f1 49 29 ec 49 01 d4 e9 2b ff ff ff e8 f4 9d 91 fb 48 81 eb 00
RSP: 0018:ffff8880a9ededa0 EFLAGS: 00010246
RAX: 000000004113bdaf RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff85d811b1 RDI: 0000000000000005
RBP: ffffffff80000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 000000000013a1a1 R12: 0000000000000000
R13: ffff8880893d952c R14: 000000004113bdaf R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055601e937270 CR3: 0000000093e79000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tabledist net/sched/sch_netem.c:534 [inline]
 netem_enqueue+0x453/0x3167 net/sched/sch_netem.c:534
 __dev_xmit_skb net/core/dev.c:3494 [inline]
 __dev_queue_xmit+0x140a/0x2e00 net/core/dev.c:3807
 neigh_hh_output include/net/neighbour.h:491 [inline]
 neigh_output include/net/neighbour.h:499 [inline]
 ip_finish_output2+0xb6d/0x1540 net/ipv4/ip_output.c:229
 ip_finish_output+0x84d/0xcd0 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip_output+0x203/0x5f0 net/ipv4/ip_output.c:405
 dst_output include/net/dst.h:455 [inline]
 ip_local_out+0xaf/0x170 net/ipv4/ip_output.c:124
 iptunnel_xmit+0x63b/0x9d0 net/ipv4/ip_tunnel_core.c:91
 geneve_xmit_skb drivers/net/geneve.c:857 [inline]
 geneve_xmit+0xdcf/0x28b0 drivers/net/geneve.c:929
 __netdev_start_xmit include/linux/netdevice.h:4333 [inline]
 netdev_start_xmit include/linux/netdevice.h:4347 [inline]
 xmit_one net/core/dev.c:3256 [inline]
 dev_hard_start_xmit+0x1a8/0x920 net/core/dev.c:3272
 __dev_queue_xmit+0x269d/0x2e00 net/core/dev.c:3838
 neigh_resolve_output+0x55a/0x910 net/core/neighbour.c:1374
 neigh_output include/net/neighbour.h:501 [inline]
 ip6_finish_output2+0x113d/0x2290 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x7eb/0xc10 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x205/0x770 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:455 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0xa24/0x1720 net/ipv6/ndisc.c:491
 ndisc_send_ns+0x51d/0x840 net/ipv6/ndisc.c:633
 addrconf_dad_work+0xb0e/0x10a0 net/ipv6/addrconf.c:4075
 process_one_work+0x864/0x1570 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
 kthread+0x30b/0x410 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Modules linked in:
---[ end trace 634c6d63ba148136 ]---
RIP: 0010:tabledist.part.0+0x22a/0x2a0 net/sched/sch_netem.c:333
Code: 4c 01 f0 48 c1 e8 20 41 89 45 00 41 89 c6 e8 1d 9e 91 fb 48 85 db 0f 85 6d fe ff ff e8 0f 9e 91 fb 8d 4c 2d 00 44 89 f0 31 d2 <f7> f1 49 29 ec 49 01 d4 e9 2b ff ff ff e8 f4 9d 91 fb 48 81 eb 00
RSP: 0018:ffff8880a9ededa0 EFLAGS: 00010246
RAX: 000000004113bdaf RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff85d811b1 RDI: 0000000000000005
RBP: ffffffff80000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 000000000013a1a1 R12: 0000000000000000
R13: ffff8880893d952c R14: 000000004113bdaf R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055601e937270 CR3: 0000000093e79000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/19 02:09 linux-4.19.y c14d30dc9987 e1c29030 .config console log report syz C ci2-linux-4-19
2020/04/13 16:05 linux-4.19.y 6dd0e32665e5 17a986e5 .config console log report syz C ci2-linux-4-19
2019/10/27 01:53 linux-4.19.y c3038e718a19 25bb509e .config console log report syz C ci2-linux-4-19
* Struck through repros no longer work on HEAD.