bisecting cause commit starting from 7d194c2100ad2a6dded545887d02754948ca5241 building syzkaller on b24d2b8a213c09b511478e7eab5fa343e4a198de testing commit 7d194c2100ad2a6dded545887d02754948ca5241 with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.15 v4.14 Bisecting: 8497 revisions left to test after this (roughly 13 steps) [5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a] Merge tag 'media/v4.15-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a Bisecting: 3798 revisions left to test after this (roughly 12 steps) [4e4510fec4af08ead21f6934c1410af1f19a8cad] Merge tag 'sound-4.15-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 4e4510fec4af08ead21f6934c1410af1f19a8cad with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4e4510fec4af08ead21f6934c1410af1f19a8cad Bisecting: 1899 revisions left to test after this (roughly 11 steps) [9fb7bd77d11ab03b4a969279de9f54d8fd6fe988] mlxsw: spectrum_ipip: Split accessor functions testing commit 9fb7bd77d11ab03b4a969279de9f54d8fd6fe988 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9fb7bd77d11ab03b4a969279de9f54d8fd6fe988 Bisecting: 947 revisions left to test after this (roughly 10 steps) [22714a2ba4b55737cd7d5299db7aaf1fa8287354] Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup testing commit 22714a2ba4b55737cd7d5299db7aaf1fa8287354 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 22714a2ba4b55737cd7d5299db7aaf1fa8287354 Bisecting: 475 revisions left to test after this (roughly 9 steps) [f6b3716dcdcd1a4c3fa05ecb6ab0a1e52b6785d0] Merge branch 'net-devname_alloc_cleanups' testing commit f6b3716dcdcd1a4c3fa05ecb6ab0a1e52b6785d0 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f6b3716dcdcd1a4c3fa05ecb6ab0a1e52b6785d0 Bisecting: 269 revisions left to test after this (roughly 8 steps) [b293fca43be544483b6488d33ad4b3ed55881064] Merge tag 'riscv-for-linus-4.15-arch-v9-premerge' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/linux testing commit b293fca43be544483b6488d33ad4b3ed55881064 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b293fca43be544483b6488d33ad4b3ed55881064 Bisecting: 122 revisions left to test after this (roughly 7 steps) [892204e06cb9e89fbc4b299a678f9ca358e97cac] Merge tag 'mips_4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips testing commit 892204e06cb9e89fbc4b299a678f9ca358e97cac with gcc (GCC) 8.1.0 all runs: OK # git bisect good 892204e06cb9e89fbc4b299a678f9ca358e97cac Bisecting: 61 revisions left to test after this (roughly 6 steps) [6c4ba00c40d5acb17f32d4b7e02dbcd21f336d9f] Merge tag 'hsi-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi testing commit 6c4ba00c40d5acb17f32d4b7e02dbcd21f336d9f with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 6c4ba00c40d5acb17f32d4b7e02dbcd21f336d9f Bisecting: 30 revisions left to test after this (roughly 5 steps) [bce552fd6f6e37f9567c85c4f0d6d1987eef379f] netem: use 64 bit divide by rate testing commit bce552fd6f6e37f9567c85c4f0d6d1987eef379f with gcc (GCC) 8.1.0 all runs: OK # git bisect good bce552fd6f6e37f9567c85c4f0d6d1987eef379f Bisecting: 11 revisions left to test after this (roughly 4 steps) [f9bab2677ac77622618686b199073978ba263c12] Merge tag 'audit-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit testing commit f9bab2677ac77622618686b199073978ba263c12 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad f9bab2677ac77622618686b199073978ba263c12 Bisecting: 9 revisions left to test after this (roughly 3 steps) [42d5e37654e4cdb9fb2e2f3ab30045fee35c42d8] audit: filter PATH records keyed on filesystem magic testing commit 42d5e37654e4cdb9fb2e2f3ab30045fee35c42d8 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 42d5e37654e4cdb9fb2e2f3ab30045fee35c42d8 Bisecting: 4 revisions left to test after this (roughly 2 steps) [89ad2fa3f043a1e8daae193bcb5fe34d5f8caf28] bpf: fix lockdep splat testing commit 89ad2fa3f043a1e8daae193bcb5fe34d5f8caf28 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 89ad2fa3f043a1e8daae193bcb5fe34d5f8caf28 Bisecting: 2 revisions left to test after this (roughly 1 step) [69d481791f38f692707254406945d35591d12f40] Merge branch 'netem-fix-compilation-on-32-bit' testing commit 69d481791f38f692707254406945d35591d12f40 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 69d481791f38f692707254406945d35591d12f40 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9b0ed89172efec1d9f214d173ad6046f10f6b742] netem: remove unnecessary 64 bit modulus testing commit 9b0ed89172efec1d9f214d173ad6046f10f6b742 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 9b0ed89172efec1d9f214d173ad6046f10f6b742 9b0ed89172efec1d9f214d173ad6046f10f6b742 is the first bad commit commit 9b0ed89172efec1d9f214d173ad6046f10f6b742 Author: Stephen Hemminger Date: Tue Nov 14 11:27:02 2017 -0800 netem: remove unnecessary 64 bit modulus Fix compilation on 32 bit platforms (where doing modulus operation with 64 bit requires extra glibc functions) by truncation. The jitter for table distribution is limited to a 32 bit value because random numbers are scaled as 32 bit value. Also fix some whitespace. Fixes: 99803171ef04 ("netem: add uapi to express delay and jitter in nanoseconds") Reported-by: Randy Dunlap Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller :040000 040000 724411296c183ffde4b9544cfed0d1ae570d6dd4 d3e653557918f28b3c697d130f6d354251710830 M net revisions tested: 26, total time: 4h45m16.874268545s (build: 2h16m37.741991486s, test: 2h20m45.20397211s) first bad commit: 9b0ed89172efec1d9f214d173ad6046f10f6b742 netem: remove unnecessary 64 bit modulus cc: ["davem@davemloft.net" "jhs@mojatatu.com" "jiri@resnulli.us" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netem@lists.linux-foundation.org" "stephen@networkplumber.org" "xiyou.wangcong@gmail.com"] crash: divide error in netem_enqueue IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready bridge0: port 2(bridge_slave_1) entered blocking state bridge0: port 2(bridge_slave_1) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready divide error: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 6560 Comm: syz-executor.4 Not tainted 4.14.0-rc8+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88011fb06380 task.stack: ffff88010f7d8000 RIP: 0010:tabledist net/sched/sch_netem.c:330 [inline] RIP: 0010:netem_enqueue+0x1e30/0x2dd0 net/sched/sch_netem.c:523 RSP: 0018:ffff88012c105fe8 EFLAGS: 00010246 RAX: 0000000068a9e03f RBX: ffff88011d18e4a8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff877c78a0 RDI: ffffffff89f89260 RBP: ffff88012c106160 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88012c106568 R11: ffff88011fb06380 R12: 0000000000000000 R13: 0000000080000000 R14: ffff88011d18e480 R15: ffff88011cc4e040 FS: 0000000000000000(0000) GS:ffff88012c100000(0063) knlGS:0000000009fbc900 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000000625208 CR3: 000000011d512000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __dev_xmit_skb net/core/dev.c:3199 [inline] __dev_queue_xmit+0x1388/0x27a0 net/core/dev.c:3455 dev_queue_xmit+0xb/0x10 net/core/dev.c:3520 br_dev_queue_push_xmit+0x14b/0x570 net/bridge/br_forward.c:55 NF_HOOK include/linux/netfilter.h:250 [inline] br_forward_finish+0xba/0x530 net/bridge/br_forward.c:67 NF_HOOK include/linux/netfilter.h:250 [inline] __br_forward+0x6a8/0xc00 net/bridge/br_forward.c:112 deliver_clone+0x54/0xa0 net/bridge/br_forward.c:128 maybe_deliver net/bridge/br_forward.c:169 [inline] br_flood+0x582/0x7b0 net/bridge/br_forward.c:211 br_dev_xmit+0xe48/0x1530 net/bridge/br_device.c:103 __netdev_start_xmit include/linux/netdevice.h:4042 [inline] netdev_start_xmit include/linux/netdevice.h:4051 [inline] xmit_one net/core/dev.c:2990 [inline] dev_hard_start_xmit+0x229/0xa80 net/core/dev.c:3006 __dev_queue_xmit+0x20a6/0x27a0 net/core/dev.c:3487 dev_queue_xmit+0xb/0x10 net/core/dev.c:3520 neigh_hh_output include/net/neighbour.h:472 [inline] neigh_output include/net/neighbour.h:480 [inline] ip6_finish_output2+0x1004/0x2570 net/ipv6/ip6_output.c:120 ip6_finish_output+0x35b/0x8e0 net/ipv6/ip6_output.c:146 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c6/0x910 net/ipv6/ip6_output.c:163 dst_output include/net/dst.h:460 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] mld_sendpack+0x8f8/0xda0 net/ipv6/mcast.c:1660 mld_send_cr net/ipv6/mcast.c:1951 [inline] mld_ifc_timer_expire+0x354/0x6c0 net/ipv6/mcast.c:2448 call_timer_fn+0x211/0x7a0 kernel/time/timer.c:1281 expire_timers kernel/time/timer.c:1320 [inline] __run_timers+0x6df/0xb30 kernel/time/timer.c:1620 run_timer_softirq+0x79/0x130 kernel/time/timer.c:1646 __do_softirq+0x2e2/0xb17 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x18e/0x1e0 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:638 [inline] smp_apic_timer_interrupt+0x1ae/0x7c0 arch/x86/kernel/apic/apic.c:1059 apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:771 RIP: 0010:linkwatch_fire_event+0x1/0x360 net/core/link_watch.c:243 RSP: 0018:ffff88010f7de898 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: ffff88012409c380 RCX: 00000000fffff8f8 RDX: 1ffff1002481391d RSI: 000000000000000d RDI: ffff88012409c380 RBP: ffff88010f7de8b0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88010cc937c0 R11: ffff88011fb06380 R12: ffff88012409c380 R13: 0000000000000000 R14: ffffffff87a070c0 R15: ffff88010f7de950 veth_open+0x98/0x100 drivers/net/veth.c:191 __dev_open+0x1e5/0x320 net/core/dev.c:1380 __dev_change_flags+0x594/0x7f0 net/core/dev.c:6816 dev_change_flags+0x7b/0x150 net/core/dev.c:6885 do_setlink+0xc89/0x3880 net/core/rtnetlink.c:2186 rtnl_newlink+0x10a0/0x1a70 net/core/rtnetlink.c:2747 rtnetlink_rcv_msg+0x50e/0xed0 net/core/rtnetlink.c:4411 netlink_rcv_skb+0x211/0x490 net/netlink/af_netlink.c:2405 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4423 netlink_unicast_kernel net/netlink/af_netlink.c:1272 [inline] netlink_unicast+0x426/0x630 net/netlink/af_netlink.c:1298 netlink_sendmsg+0x8c3/0xe80 net/netlink/af_netlink.c:1861 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:643 SYSC_sendto+0x345/0x6a0 net/socket.c:1750 SyS_sendto+0x9/0x10 net/socket.c:1718 C_SYSC_socketcall net/compat.c:840 [inline] compat_SyS_socketcall+0x837/0x1767 net/compat.c:788 do_syscall_32_irqs_on arch/x86/entry/common.c:329 [inline] do_fast_syscall_32+0x3cb/0xef1 arch/x86/entry/common.c:391 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:125 RIP: 0023:0xf7f6dca9 RSP: 002b:00000000ff8cd060 EFLAGS: 00000282 ORIG_RAX: 0000000000000066 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000ff8cd078 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000ff8cd148 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Code: ff fb 00 00 31 c0 81 f9 fe ff 00 00 0f 97 c0 83 ca 03 01 c8 41 88 54 24 01 66 41 89 44 24 0a e9 60 fb ff ff 43 8d 4c 2d 00 31 d2 f1 89 d0 44 29 e8 49 01 c4 e9 d4 e6 ff ff 49 8d bf c0 02 00 RIP: tabledist net/sched/sch_netem.c:330 [inline] RSP: ffff88012c105fe8 RIP: netem_enqueue+0x1e30/0x2dd0 net/sched/sch_netem.c:523 RSP: ffff88012c105fe8 ---[ end trace 616f11351d338615 ]---