bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217 building syzkaller on 92390980c13f2571a66bfdca5802d55b137f0ccc testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.1.0 kernel signature: a1671ff7f8a4631bd029d8d517378bb42e03f9500b2a6b4889d7c467a28c865b all runs: crashed: divide error in tabledist testing current HEAD b94de4d19498b454645b72d08a05d32fa9074fb5 testing commit b94de4d19498b454645b72d08a05d32fa9074fb5 with gcc (GCC) 8.1.0 kernel signature: 9c765a5beca8baf4fee795952eca68d6d0ecbb5db6657f482e0dcf8c1033dff6 all runs: OK # git bisect start b94de4d19498b454645b72d08a05d32fa9074fb5 a1b977b49b66c75e6c51a515f6700371ae720217 Bisecting: 264 revisions left to test after this (roughly 8 steps) [7c6aa8c97a8df30192614cbe6d58bf4a75adc934] ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator testing commit 7c6aa8c97a8df30192614cbe6d58bf4a75adc934 with gcc (GCC) 8.1.0 kernel signature: f2c05ab60314206e9d5d2eb2400fe3c897ebd27df60414e6347dce1d817c8d8e all runs: crashed: divide error in tabledist # git bisect good 7c6aa8c97a8df30192614cbe6d58bf4a75adc934 Bisecting: 132 revisions left to test after this (roughly 7 steps) [3c09f4652f7cfa655b723ef94cdcfc74f892da2d] f2fs: add trace exit in exception path testing commit 3c09f4652f7cfa655b723ef94cdcfc74f892da2d with gcc (GCC) 8.1.0 kernel signature: 86c5828bc28b6162d0c357a764c01396ba7a79f13a535a05102bbedde6327750 all runs: OK # git bisect bad 3c09f4652f7cfa655b723ef94cdcfc74f892da2d Bisecting: 65 revisions left to test after this (roughly 6 steps) [f34426b44d24f4624e49dc122526f603afc85973] ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() testing commit f34426b44d24f4624e49dc122526f603afc85973 with gcc (GCC) 8.1.0 kernel signature: 377d6630be07f405ffd1480e33bca982695a9323eea1fcdc003fe3afa8de78b3 all runs: crashed: divide error in tabledist # git bisect good f34426b44d24f4624e49dc122526f603afc85973 Bisecting: 32 revisions left to test after this (roughly 5 steps) [4a2b6dadaeb4600ec7d51cdb6490ad0c970b1687] mtd: lpddr: Fix bad logic in print_drs_error testing commit 4a2b6dadaeb4600ec7d51cdb6490ad0c970b1687 with gcc (GCC) 8.1.0 kernel signature: e1d0791e74619618f0ae55f9e135fbf5f078db5581edc90580ba18f37c211059 all runs: OK # git bisect bad 4a2b6dadaeb4600ec7d51cdb6490ad0c970b1687 Bisecting: 16 revisions left to test after this (roughly 4 steps) [efea090aff4b690cb5c3175724ea69de23d9ea19] chelsio/chtls: fix tls record info to user testing commit efea090aff4b690cb5c3175724ea69de23d9ea19 with gcc (GCC) 8.1.0 kernel signature: 5c27f5aecd6cad0272da61e9f7d584d4dc3a4fda8c81e500a5c97350116ba9c3 all runs: crashed: divide error in tabledist # git bisect good efea090aff4b690cb5c3175724ea69de23d9ea19 Bisecting: 8 revisions left to test after this (roughly 3 steps) [d3b8171face63754448c1d0fcb40f2bf124fd2ab] cxgb4: set up filter action after rewrites testing commit d3b8171face63754448c1d0fcb40f2bf124fd2ab with gcc (GCC) 8.1.0 kernel signature: 242fac4601342b5ff22305b329b3ef495aa9be84fe5201a62d9a70f43c4a8ef2 all runs: OK # git bisect bad d3b8171face63754448c1d0fcb40f2bf124fd2ab Bisecting: 3 revisions left to test after this (roughly 2 steps) [32ac9183ede9b4384c3ec1b285a46ba540b01a81] ravb: Fix bit fields checking in ravb_hwtstamp_get() testing commit 32ac9183ede9b4384c3ec1b285a46ba540b01a81 with gcc (GCC) 8.1.0 kernel signature: 56445b7b5003cca17e758a5d22acb2f67bd605dd546c954aed14ef955e4179a2 all runs: OK # git bisect bad 32ac9183ede9b4384c3ec1b285a46ba540b01a81 Bisecting: 1 revision left to test after this (roughly 1 step) [84013ba77c1704c1461b299fbd336d6d6b6d3a9f] mlxsw: core: Fix memory leak on module removal testing commit 84013ba77c1704c1461b299fbd336d6d6b6d3a9f with gcc (GCC) 8.1.0 kernel signature: 6f03be98bf48761af6b5011d3b602cb98aa9c48213dd9675f601edcef7a054be all runs: crashed: divide error in tabledist # git bisect good 84013ba77c1704c1461b299fbd336d6d6b6d3a9f Bisecting: 0 revisions left to test after this (roughly 0 steps) [95ba2236b8e69de3cb9b12e1cd6c4252a1574a19] netem: fix zero division in tabledist testing commit 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 with gcc (GCC) 8.1.0 kernel signature: 56445b7b5003cca17e758a5d22acb2f67bd605dd546c954aed14ef955e4179a2 all runs: OK # git bisect bad 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 is the first bad commit commit 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 Author: Aleksandr Nogikh Date: Wed Oct 28 17:07:31 2020 +0000 netem: fix zero division in tabledist [ Upstream commit eadd1befdd778a1eca57fad058782bd22b4db804 ] Currently it is possible to craft a special netlink RTM_NEWQDISC command that can result in jitter being equal to 0x80000000. It is enough to set the 32 bit jitter to 0x02000000 (it will later be multiplied by 2^6) or just set the 64 bit jitter via TCA_NETEM_JITTER64. This causes an overflow during the generation of uniformly distributed numbers in tabledist(), which in turn leads to division by zero (sigma != 0, but sigma * 2 is 0). The related fragment of code needs 32-bit division - see commit 9b0ed89 ("netem: remove unnecessary 64 bit modulus"), so switching to 64 bit is not an option. Fix the issue by keeping the value of jitter within the range that can be adequately handled by tabledist() - [0;INT_MAX]. As negative std deviation makes no sense, take the absolute value of the passed value and cap it at INT_MAX. Inside tabledist(), switch to unsigned 32 bit arithmetic in order to prevent overflows. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Aleksandr Nogikh Reported-by: syzbot+ec762a6342ad0d3c0d8f@syzkaller.appspotmail.com Acked-by: Stephen Hemminger Link: https://lore.kernel.org/r/20201028170731.1383332-1-aleksandrnogikh@gmail.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman net/sched/sch_netem.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) culprit signature: 56445b7b5003cca17e758a5d22acb2f67bd605dd546c954aed14ef955e4179a2 parent signature: 6f03be98bf48761af6b5011d3b602cb98aa9c48213dd9675f601edcef7a054be revisions tested: 11, total time: 2h57m57.426532171s (build: 1h39m21.626202304s, test: 1h17m24.422893528s) first good commit: 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 netem: fix zero division in tabledist recipients (to): ["gregkh@linuxfoundation.org" "kuba@kernel.org" "nogikh@google.com" "stephen@networkplumber.org"] recipients (cc): []