bisecting cause commit starting from c77fb07fae36a02c382b729f856d45dade88a581
building syzkaller on 4a77ae0bdc5cd75ebe88ce7c896aae6bbf457a29
testing commit c77fb07fae36a02c382b729f856d45dade88a581 with gcc (GCC) 8.1.0
kernel signature: e87fe57c27e7bc6acf3f49fec4c33b69cd2c2e839d70f36a8536cecf23282bb9
all runs: crashed: kernel panic: Fatal exception
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: 427be199cd702d8f6264bc8bf6abcded0c46f073956e9aa8084aa0b4793f110b
run #0: crashed: kernel panic: Fatal exception
run #1: crashed: kernel panic: Fatal exception
run #2: crashed: kernel panic: Fatal exception
run #3: crashed: kernel panic: Fatal exception
run #4: crashed: kernel panic: Fatal exception
run #5: crashed: kernel panic: Fatal exception
run #6: crashed: kernel panic: Fatal exception
run #7: crashed: kernel panic: Fatal exception
run #8: crashed: kernel panic: Fatal exception
run #9: boot failed: can't ssh into the instance
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: c52adf098b1f911161896c3b74111e59413ee593f8dd5498f2465b8860837531
all runs: crashed: divide error in tabledist
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: ed2ea842a42d065378bbb21c0e98c97a8bf78cf76f59fd1e3f7b8facaf66c4d8
all runs: crashed: UBSAN: undefined-behaviour in tabledist
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: b523f839c65fb83bc4e67d42790242421f6ddc89905426c5d95caf32f5911c32
all runs: crashed: UBSAN: undefined-behaviour in tabledist
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: dea2ba18a3c1379e323166153020965b93402dd3e3ef6b05000ab4cdf965d760
all runs: crashed: UBSAN: undefined-behaviour in tabledist
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 1fe81e354cc12cead6b04d8fff8a47be6dd5b4c74ed3e5fb9fed89f321a1a3d6
all runs: crashed: UBSAN: undefined-behaviour in tabledist
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 4967234e9314f8fc6829344f0f37a933f423e1b919235a699a189e11735af680
all runs: crashed: divide error in tabledist
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: 405ca13ad7d977f21d3a43df77d5ab803a6dbd4babe1e71bbab2212b1fdf92e2
all runs: crashed: divide error in tabledist
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 192334e970e970c393167f2e6e3050e02d7def362a128f6b5083809294327228
run #0: crashed: divide error in tabledist
run #1: crashed: divide error in tabledist
run #2: crashed: divide error in tabledist
run #3: crashed: divide error in tabledist
run #4: crashed: divide error in tabledist
run #5: crashed: divide error in tabledist
run #6: crashed: divide error in corrupted
run #7: crashed: divide error in tabledist
run #8: crashed: divide error in tabledist
run #9: crashed: divide error in tabledist
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
certs/signing_key.pem: Permission denied
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
certs/signing_key.pem: Permission denied
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
certs/signing_key.pem: Permission denied
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
certs/signing_key.pem: Permission denied
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
certs/signing_key.pem: Permission denied
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
certs/signing_key.pem: Permission denied
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
certs/signing_key.pem: Permission denied
revisions tested: 25, total time: 2h8m56.34093465s (build: 1h26m59.321637353s, test: 38m21.532367891s)
the crash already happened on the oldest tested release
commit msg: Linux 5.0
crash: divide error in tabledist
neighbour: ndisc_cache: neighbor table overflow!
neighbour: ndisc_cache: neighbor table overflow!
neighbour: ndisc_cache: neighbor table overflow!
neighbour: ndisc_cache: neighbor table overflow!
divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.0.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:tabledist.part.4+0x10b/0x150 net/sched/sch_netem.c:337
Code: 3c 18 49 8d 80 ff 1f 00 00 49 0f 49 c0 48 83 c4 08 5b 48 c1 f8 0d 41 5c 48 01 f8 41 5d 5d c3 43 8d 4c 2d 00 31 d2 48 83 c4 08 <f7> f1 49 63 c5 48 29 c3 48 8d 04 1a 5b 41 5c 41 5d 5d c3 4c 89 e7
RSP: 0018:ffff8880aa297418 EFLAGS: 00010286
RAX: 0000000048b94ecf RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff87ab46a0 RDI: ffffffff8a5a2de0
RBP: ffff8880aa297430 R08: 0000000000000002 R09: ffffed1015452e79
R10: ffffed1015452e79 R11: 0000000000000003 R12: 0000000000000000
R13: 0000000080000000 R14: 0000000000000000 R15: ffff8880a864cd80
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000118c000 CR3: 00000000a8acd000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tabledist net/sched/sch_netem.c:540 [inline]
 netem_enqueue+0xd64/0x27d0 net/sched/sch_netem.c:540
 __dev_xmit_skb net/core/dev.c:3516 [inline]
 __dev_queue_xmit+0x117d/0x28f0 net/core/dev.c:3832
 dev_queue_xmit+0xb/0x10 net/core/dev.c:3897
 neigh_resolve_output+0x479/0x7e0 net/core/neighbour.c:1476
 neigh_output include/net/neighbour.h:508 [inline]
 ip6_finish_output2+0xced/0x2010 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x639/0xa40 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x1bb/0x630 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:444 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0x921/0x1380 net/ipv6/ndisc.c:491
 ndisc_send_ns+0x422/0x7c0 net/ipv6/ndisc.c:633
 addrconf_dad_work+0x9df/0xf70 net/ipv6/addrconf.c:4082
 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2173
 worker_thread+0x85/0xb60 kernel/workqueue.c:2319
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace 87dbc64e412a69dc ]---
RIP: 0010:tabledist.part.4+0x10b/0x150 net/sched/sch_netem.c:337
Code: 3c 18 49 8d 80 ff 1f 00 00 49 0f 49 c0 48 83 c4 08 5b 48 c1 f8 0d 41 5c 48 01 f8 41 5d 5d c3 43 8d 4c 2d 00 31 d2 48 83 c4 08 <f7> f1 49 63 c5 48 29 c3 48 8d 04 1a 5b 41 5c 41 5d 5d c3 4c 89 e7
RSP: 0018:ffff8880aa297418 EFLAGS: 00010286
RAX: 0000000048b94ecf RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff87ab46a0 RDI: ffffffff8a5a2de0
RBP: ffff8880aa297430 R08: 0000000000000002 R09: ffffed1015452e79
Bluetooth: hci1: command 0x0419 tx timeout
R10: ffffed1015452e79 R11: 0000000000000003 R12: 0000000000000000
Bluetooth: hci0: command 0x0419 tx timeout
R13: 0000000080000000 R14: 0000000000000000 R15: ffff8880a864cd80
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000118c000 CR3: 00000000a8acd000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400