bisecting cause commit starting from f116b96685a046a89c25d4a6ba2da489145c8888 building syzkaller on d01bb02a96019cda0fa8c46e5c6d5eb66a273f17 testing commit f116b96685a046a89c25d4a6ba2da489145c8888 with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 run #0: crashed: divide error in tabledist run #1: crashed: divide error in tabledist run #2: crashed: divide error in tabledist run #3: crashed: divide error in tabledist run #4: crashed: divide error in tabledist run #5: crashed: divide error in tabledist run #6: crashed: divide error in tabledist run #7: crashed: divide error in tabledist run #8: crashed: divide error in tabledist run #9: crashed: divide error in corrupted testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 run #0: crashed: divide error in tabledist run #1: crashed: divide error in corrupted run #2: crashed: divide error in corrupted run #3: crashed: divide error in tabledist run #4: crashed: divide error in tabledist run #5: crashed: divide error in tabledist run #6: crashed: divide error in tabledist run #7: crashed: divide error in tabledist run #8: crashed: divide error in corrupted run #9: crashed: divide error in tabledist testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: divide error in tabledist testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.15 v4.14 Bisecting: 8497 revisions left to test after this (roughly 13 steps) [5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a] Merge tag 'media/v4.15-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a Bisecting: 3798 revisions left to test after this (roughly 12 steps) [4e4510fec4af08ead21f6934c1410af1f19a8cad] Merge tag 'sound-4.15-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 4e4510fec4af08ead21f6934c1410af1f19a8cad with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4e4510fec4af08ead21f6934c1410af1f19a8cad Bisecting: 1899 revisions left to test after this (roughly 11 steps) [9fb7bd77d11ab03b4a969279de9f54d8fd6fe988] mlxsw: spectrum_ipip: Split accessor functions testing commit 9fb7bd77d11ab03b4a969279de9f54d8fd6fe988 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9fb7bd77d11ab03b4a969279de9f54d8fd6fe988 Bisecting: 947 revisions left to test after this (roughly 10 steps) [22714a2ba4b55737cd7d5299db7aaf1fa8287354] Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup testing commit 22714a2ba4b55737cd7d5299db7aaf1fa8287354 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 22714a2ba4b55737cd7d5299db7aaf1fa8287354 Bisecting: 475 revisions left to test after this (roughly 9 steps) [f6b3716dcdcd1a4c3fa05ecb6ab0a1e52b6785d0] Merge branch 'net-devname_alloc_cleanups' testing commit f6b3716dcdcd1a4c3fa05ecb6ab0a1e52b6785d0 with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor229122083" "root@10.128.15.193:./syz-executor229122083"]: exit status 1 Connection timed out during banner exchange lost connection run #7: OK run #8: OK run #9: OK # git bisect good f6b3716dcdcd1a4c3fa05ecb6ab0a1e52b6785d0 Bisecting: 269 revisions left to test after this (roughly 8 steps) [b293fca43be544483b6488d33ad4b3ed55881064] Merge tag 'riscv-for-linus-4.15-arch-v9-premerge' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/linux testing commit b293fca43be544483b6488d33ad4b3ed55881064 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b293fca43be544483b6488d33ad4b3ed55881064 Bisecting: 122 revisions left to test after this (roughly 7 steps) [892204e06cb9e89fbc4b299a678f9ca358e97cac] Merge tag 'mips_4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips testing commit 892204e06cb9e89fbc4b299a678f9ca358e97cac with gcc (GCC) 8.1.0 all runs: OK # git bisect good 892204e06cb9e89fbc4b299a678f9ca358e97cac Bisecting: 61 revisions left to test after this (roughly 6 steps) [6c4ba00c40d5acb17f32d4b7e02dbcd21f336d9f] Merge tag 'hsi-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi testing commit 6c4ba00c40d5acb17f32d4b7e02dbcd21f336d9f with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 6c4ba00c40d5acb17f32d4b7e02dbcd21f336d9f Bisecting: 30 revisions left to test after this (roughly 5 steps) [bce552fd6f6e37f9567c85c4f0d6d1987eef379f] netem: use 64 bit divide by rate testing commit bce552fd6f6e37f9567c85c4f0d6d1987eef379f with gcc (GCC) 8.1.0 all runs: OK # git bisect good bce552fd6f6e37f9567c85c4f0d6d1987eef379f Bisecting: 11 revisions left to test after this (roughly 4 steps) [f9bab2677ac77622618686b199073978ba263c12] Merge tag 'audit-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit testing commit f9bab2677ac77622618686b199073978ba263c12 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad f9bab2677ac77622618686b199073978ba263c12 Bisecting: 9 revisions left to test after this (roughly 3 steps) [42d5e37654e4cdb9fb2e2f3ab30045fee35c42d8] audit: filter PATH records keyed on filesystem magic testing commit 42d5e37654e4cdb9fb2e2f3ab30045fee35c42d8 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 42d5e37654e4cdb9fb2e2f3ab30045fee35c42d8 Bisecting: 4 revisions left to test after this (roughly 2 steps) [89ad2fa3f043a1e8daae193bcb5fe34d5f8caf28] bpf: fix lockdep splat testing commit 89ad2fa3f043a1e8daae193bcb5fe34d5f8caf28 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 89ad2fa3f043a1e8daae193bcb5fe34d5f8caf28 Bisecting: 2 revisions left to test after this (roughly 1 step) [69d481791f38f692707254406945d35591d12f40] Merge branch 'netem-fix-compilation-on-32-bit' testing commit 69d481791f38f692707254406945d35591d12f40 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 69d481791f38f692707254406945d35591d12f40 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9b0ed89172efec1d9f214d173ad6046f10f6b742] netem: remove unnecessary 64 bit modulus testing commit 9b0ed89172efec1d9f214d173ad6046f10f6b742 with gcc (GCC) 8.1.0 all runs: crashed: divide error in netem_enqueue # git bisect bad 9b0ed89172efec1d9f214d173ad6046f10f6b742 9b0ed89172efec1d9f214d173ad6046f10f6b742 is the first bad commit commit 9b0ed89172efec1d9f214d173ad6046f10f6b742 Author: Stephen Hemminger Date: Tue Nov 14 11:27:02 2017 -0800 netem: remove unnecessary 64 bit modulus Fix compilation on 32 bit platforms (where doing modulus operation with 64 bit requires extra glibc functions) by truncation. The jitter for table distribution is limited to a 32 bit value because random numbers are scaled as 32 bit value. Also fix some whitespace. Fixes: 99803171ef04 ("netem: add uapi to express delay and jitter in nanoseconds") Reported-by: Randy Dunlap Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller :040000 040000 724411296c183ffde4b9544cfed0d1ae570d6dd4 d3e653557918f28b3c697d130f6d354251710830 M net revisions tested: 26, total time: 4h51m52.496578078s (build: 2h20m56.865220008s, test: 2h23m31.636555234s) first bad commit: 9b0ed89172efec1d9f214d173ad6046f10f6b742 netem: remove unnecessary 64 bit modulus cc: ["davem@davemloft.net" "jhs@mojatatu.com" "jiri@resnulli.us" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netem@lists.linux-foundation.org" "stephen@networkplumber.org" "xiyou.wangcong@gmail.com"] crash: divide error in netem_enqueue kobject: 'loop3' (ffff88012585d1e0): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop5' (ffff8801258aa1a0): kobject_uevent_env kobject: 'loop5' (ffff8801258aa1a0): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (ffff88012585d1e0): kobject_uevent_env kobject: 'loop3' (ffff88012585d1e0): fill_kobj_path: path = '/devices/virtual/block/loop3' divide error: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 6769 Comm: kworker/0:3 Not tainted 4.14.0-rc8+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work task: ffff8801283da580 task.stack: ffff880110868000 RIP: 0010:tabledist net/sched/sch_netem.c:330 [inline] RIP: 0010:netem_enqueue+0x1e30/0x2dd0 net/sched/sch_netem.c:523 RSP: 0018:ffff88011086da98 EFLAGS: 00010246 RAX: 00000000d483c798 RBX: ffff88011d5580e8 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff877c78a0 RDI: ffffffff89f89260 RBP: ffff88011086dc10 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88011086e018 R11: ffff8801283da580 R12: 0000000000000000 R13: 0000000080000000 R14: ffff88011d5580c0 R15: ffff88010a92ed80 FS: 0000000000000000(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6531354000 CR3: 000000011c5e7000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __dev_xmit_skb net/core/dev.c:3199 [inline] __dev_queue_xmit+0x1388/0x27a0 net/core/dev.c:3455 dev_queue_xmit+0xb/0x10 net/core/dev.c:3520 br_dev_queue_push_xmit+0x14b/0x570 net/bridge/br_forward.c:55 NF_HOOK include/linux/netfilter.h:250 [inline] br_forward_finish+0xba/0x530 net/bridge/br_forward.c:67 NF_HOOK include/linux/netfilter.h:250 [inline] __br_forward+0x6a8/0xc00 net/bridge/br_forward.c:112 deliver_clone+0x54/0xa0 net/bridge/br_forward.c:128 maybe_deliver net/bridge/br_forward.c:169 [inline] br_flood+0x582/0x7b0 net/bridge/br_forward.c:211 br_dev_xmit+0xe48/0x1530 net/bridge/br_device.c:103 __netdev_start_xmit include/linux/netdevice.h:4042 [inline] netdev_start_xmit include/linux/netdevice.h:4051 [inline] xmit_one net/core/dev.c:2990 [inline] dev_hard_start_xmit+0x229/0xa80 net/core/dev.c:3006 __dev_queue_xmit+0x20a6/0x27a0 net/core/dev.c:3487 dev_queue_xmit+0xb/0x10 net/core/dev.c:3520 neigh_resolve_output+0x54d/0x9c0 net/core/neighbour.c:1350 neigh_output include/net/neighbour.h:482 [inline] ip6_finish_output2+0xad0/0x2570 net/ipv6/ip6_output.c:120 ip6_finish_output+0x35b/0x8e0 net/ipv6/ip6_output.c:146 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1c6/0x910 net/ipv6/ip6_output.c:163 dst_output include/net/dst.h:460 [inline] NF_HOOK include/linux/netfilter.h:250 [inline] ndisc_send_skb+0xd3f/0x1300 net/ipv6/ndisc.c:491 ndisc_send_ns+0x2bf/0x7c0 net/ipv6/ndisc.c:628 addrconf_dad_work+0x71f/0x1090 net/ipv6/addrconf.c:3993 process_one_work+0x9c3/0x1a40 kernel/workqueue.c:2113 worker_thread+0x212/0x18f0 kernel/workqueue.c:2247 kthread+0x338/0x400 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:432 Code: ff fb 00 00 31 c0 81 f9 fe ff 00 00 0f 97 c0 83 ca 03 01 c8 41 88 54 24 01 66 41 89 44 24 0a e9 60 fb ff ff 43 8d 4c 2d 00 31 d2 f1 89 d0 44 29 e8 49 01 c4 e9 d4 e6 ff ff 49 8d bf c0 02 00 RIP: tabledist net/sched/sch_netem.c:330 [inline] RSP: ffff88011086da98 RIP: netem_enqueue+0x1e30/0x2dd0 net/sched/sch_netem.c:523 RSP: ffff88011086da98 ---[ end trace a328ac8b236a8991 ]---