bisecting fixing commit since c14d30dc9987047b439b03d6e6db7d54d9f7f180
building syzkaller on e1c29030da37d46475ab5babe68abc4afe085799
testing commit c14d30dc9987047b439b03d6e6db7d54d9f7f180 with gcc (GCC) 8.1.0
kernel signature: 66cc6b9c78e461ad6c5814d47be35b79402cb2750bbc7a458085396eea36e952
all runs: crashed: divide error in tabledist
testing current HEAD 31acccdc877486a649a86d37725a15175fcd5ed6
testing commit 31acccdc877486a649a86d37725a15175fcd5ed6 with gcc (GCC) 8.1.0
kernel signature: f6c35275a8c38ce1d7c76d72a378f535bbc5190510acffb94adb0eb24e3d4fef
all runs: OK
# git bisect start 31acccdc877486a649a86d37725a15175fcd5ed6 c14d30dc9987047b439b03d6e6db7d54d9f7f180
Bisecting: 804 revisions left to test after this (roughly 10 steps)
[345dc71a5c7efe99b5990a8c3a15bc29dd053521] perf test: Fix test trace+probe_vfs_getname.sh on s390
testing commit 345dc71a5c7efe99b5990a8c3a15bc29dd053521 with gcc (GCC) 8.1.0
kernel signature: ac56d0da4e1c1900ebc7a6d563492233e7aced180e730e24e95e57a6d5f436e9
all runs: crashed: divide error in tabledist
# git bisect good 345dc71a5c7efe99b5990a8c3a15bc29dd053521
Bisecting: 402 revisions left to test after this (roughly 9 steps)
[878cb32a0f197fc8ec897ab334cf5abe449ee6c3] IB/mlx4: Fix starvation in paravirt mux/demux
testing commit 878cb32a0f197fc8ec897ab334cf5abe449ee6c3 with gcc (GCC) 8.1.0
kernel signature: 548474ee95f712228f844377cb897b0515a250043bc861c87bef88a4d3843ea0
all runs: crashed: divide error in tabledist
# git bisect good 878cb32a0f197fc8ec897ab334cf5abe449ee6c3
Bisecting: 201 revisions left to test after this (roughly 8 steps)
[ae20c9f54daa944cd3f16e5b421049aab83a6a7c] power: supply: bq27xxx: report "not charging" on all types
testing commit ae20c9f54daa944cd3f16e5b421049aab83a6a7c with gcc (GCC) 8.1.0
kernel signature: f7840c7fe1d69518d435d44ebc693d1e6d98982bb45c8d17195969aae8e68cac
all runs: OK
# git bisect bad ae20c9f54daa944cd3f16e5b421049aab83a6a7c
Bisecting: 100 revisions left to test after this (roughly 7 steps)
[e8db1c3496ae7031dc2048e927226399970a5fdb] PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
testing commit e8db1c3496ae7031dc2048e927226399970a5fdb with gcc (GCC) 8.1.0
kernel signature: a2fb32c6cfafd45cabfc743a004eeecded1e6d420701b59a20aa1b68b16e42cb
all runs: crashed: divide error in tabledist
# git bisect good e8db1c3496ae7031dc2048e927226399970a5fdb
Bisecting: 50 revisions left to test after this (roughly 6 steps)
[32ac9183ede9b4384c3ec1b285a46ba540b01a81] ravb: Fix bit fields checking in ravb_hwtstamp_get()
testing commit 32ac9183ede9b4384c3ec1b285a46ba540b01a81 with gcc (GCC) 8.1.0
kernel signature: 98f897d61738ad8c795b6588f4f58038357ab121a1f0d7ce74ad71d74ef5f922
all runs: OK
# git bisect bad 32ac9183ede9b4384c3ec1b285a46ba540b01a81
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[7f1fabf39f739543ee7a518b5c42566a2c0d5efd] reiserfs: Fix memory leak in reiserfs_parse_options()
testing commit 7f1fabf39f739543ee7a518b5c42566a2c0d5efd with gcc (GCC) 8.1.0
kernel signature: d51839576286bf7748896bcb0d01de4fd14a6de9b33f21051329207f6ad40401
all runs: crashed: divide error in tabledist
# git bisect good 7f1fabf39f739543ee7a518b5c42566a2c0d5efd
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[f5d8eef067acee3fda37137f4a08c0d3f6427a8e] Linux 4.19.154
testing commit f5d8eef067acee3fda37137f4a08c0d3f6427a8e with gcc (GCC) 8.1.0
kernel signature: 27b6122a980bf077bbbce7179b18faa3071303bb4fd10131eb4602d1a2287cf8
all runs: crashed: divide error in tabledist
# git bisect good f5d8eef067acee3fda37137f4a08c0d3f6427a8e
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[02bb497cd6de22e9ce17396957e76fa5aa11102f] efivarfs: Replace invalid slashes with exclamation marks in dentries.
testing commit 02bb497cd6de22e9ce17396957e76fa5aa11102f with gcc (GCC) 8.1.0
kernel signature: 27b6122a980bf077bbbce7179b18faa3071303bb4fd10131eb4602d1a2287cf8
all runs: crashed: divide error in tabledist
# git bisect good 02bb497cd6de22e9ce17396957e76fa5aa11102f
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[efea090aff4b690cb5c3175724ea69de23d9ea19] chelsio/chtls: fix tls record info to user
testing commit efea090aff4b690cb5c3175724ea69de23d9ea19 with gcc (GCC) 8.1.0
kernel signature: 27b6122a980bf077bbbce7179b18faa3071303bb4fd10131eb4602d1a2287cf8
all runs: crashed: divide error in tabledist
# git bisect good efea090aff4b690cb5c3175724ea69de23d9ea19
Bisecting: 1 revision left to test after this (roughly 1 step)
[84013ba77c1704c1461b299fbd336d6d6b6d3a9f] mlxsw: core: Fix memory leak on module removal
testing commit 84013ba77c1704c1461b299fbd336d6d6b6d3a9f with gcc (GCC) 8.1.0
kernel signature: c1c54eac2972a01cec2e3663dfbbf29af19c31a5279110dc849e6ac7feb55a03
all runs: crashed: divide error in tabledist
# git bisect good 84013ba77c1704c1461b299fbd336d6d6b6d3a9f
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[95ba2236b8e69de3cb9b12e1cd6c4252a1574a19] netem: fix zero division in tabledist
testing commit 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 with gcc (GCC) 8.1.0
kernel signature: 98f897d61738ad8c795b6588f4f58038357ab121a1f0d7ce74ad71d74ef5f922
all runs: OK
# git bisect bad 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19
95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 is the first bad commit
commit 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19
Author: Aleksandr Nogikh <nogikh@google.com>
Date:   Wed Oct 28 17:07:31 2020 +0000

    netem: fix zero division in tabledist
    
    [ Upstream commit eadd1befdd778a1eca57fad058782bd22b4db804 ]
    
    Currently it is possible to craft a special netlink RTM_NEWQDISC
    command that can result in jitter being equal to 0x80000000. It is
    enough to set the 32 bit jitter to 0x02000000 (it will later be
    multiplied by 2^6) or just set the 64 bit jitter via
    TCA_NETEM_JITTER64. This causes an overflow during the generation of
    uniformly distributed numbers in tabledist(), which in turn leads to
    division by zero (sigma != 0, but sigma * 2 is 0).
    
    The related fragment of code needs 32-bit division - see commit
    9b0ed89 ("netem: remove unnecessary 64 bit modulus"), so switching to
    64 bit is not an option.
    
    Fix the issue by keeping the value of jitter within the range that can
    be adequately handled by tabledist() - [0;INT_MAX]. As negative std
    deviation makes no sense, take the absolute value of the passed value
    and cap it at INT_MAX. Inside tabledist(), switch to unsigned 32 bit
    arithmetic in order to prevent overflows.
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Signed-off-by: Aleksandr Nogikh <nogikh@google.com>
    Reported-by: syzbot+ec762a6342ad0d3c0d8f@syzkaller.appspotmail.com
    Acked-by: Stephen Hemminger <stephen@networkplumber.org>
    Link: https://lore.kernel.org/r/20201028170731.1383332-1-aleksandrnogikh@gmail.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 net/sched/sch_netem.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
culprit signature: 98f897d61738ad8c795b6588f4f58038357ab121a1f0d7ce74ad71d74ef5f922
parent  signature: c1c54eac2972a01cec2e3663dfbbf29af19c31a5279110dc849e6ac7feb55a03
revisions tested: 13, total time: 3h1m34.057254261s (build: 1h56m29.069595061s, test: 1h3m36.007785545s)
first good commit: 95ba2236b8e69de3cb9b12e1cd6c4252a1574a19 netem: fix zero division in tabledist
recipients (to): ["gregkh@linuxfoundation.org" "kuba@kernel.org" "nogikh@google.com" "stephen@networkplumber.org"]
recipients (cc): []