divide error in netem_enqueue
67 views
Skip to first unread message
syzbot
Dec 26, 2019, 6:17:11 PM12/26/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e1f7d50a Linux 4.14.160
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11c1bc3ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=46599517442ad9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=fdfb67fdb9be00877d3b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fdfb67...@syzkaller.appspotmail.com
Unknown ioctl 21376
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
divide error: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7011 Comm: syz-fuzzer Not tainted 4.14.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88808c80e3c0 task.stack: ffff888091c50000
RIP: 0010:packet_len_2_sched_time net/sched/sch_netem.c:352 [inline]
RIP: 0010:netem_enqueue+0x976/0x27b0 net/sched/sch_netem.c:561
RSP: 0000:ffff8880aec07210 EFLAGS: 00010246
RAX: 1aedcbe189692000 RBX: 0000000073a8a150 RCX: 000000000000001e
RDX: 0000000000000000 RSI: 000000000000206e RDI: ffff88808a591da8
RBP: ffff8880aec072a0 R08: 000000001cf06adb R09: ffff88821fff7008
R10: ffff88821fff7010 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000073000000 R15: ffff88808a591b40
FS: 0000000001958550(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f23432f2314 CR3: 00000000896e9000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__dev_xmit_skb net/core/dev.c:3229 [inline]
__dev_queue_xmit+0x12da/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x9a4/0xd40 net/bridge/br_device.c:83
__netdev_start_xmit include/linux/netdevice.h:4038 [inline]
netdev_start_xmit include/linux/netdevice.h:4047 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0x10bd/0x21b0 net/ipv6/ip6_output.c:120
ip6_finish_output+0x4f4/0xb50 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x20f/0x6d0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
mld_sendpack+0x8d1/0xd60 net/ipv6/mcast.c:1660
mld_send_cr net/ipv6/mcast.c:1956 [inline]
mld_ifc_timer_expire+0x3b6/0x7b0 net/ipv6/mcast.c:2455
call_timer_fn+0x161/0x670 kernel/time/timer.c:1279
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x5b7/0x1520 kernel/time/timer.c:1649
__do_softirq+0x244/0x9a0 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x160/0x1b0 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x146/0x5e0 arch/x86/kernel/apic/apic.c:1102
apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792
</IRQ>
RIP: 0033:0x409e9e
RSP: 002b:000000c456cb5c88 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff10
RAX: 988e97f3ed44ebb9 RBX: 0000000000000012 RCX: 000000c4201d4ba0
RDX: 000000000098c0a8 RSI: 000000c4201d4ba0 RDI: 0000000000000038
RBP: 000000c456cb5ca0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000009bb552 R11: 0000000000000004 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100
Code: 85 4d 1c 00 00 45 8b b7 5c 02 00 00 89 f3 89 75 c0 45 85 f6 0f 85 5f
0a 00 00 e8 b6 7d 29 fc 48 69 c3 00 ca 9a 3b 45 89 e4 31 d2 <49> f7 f4 48
c1 e8 06 48 01 45 b8 e8 9a 7d 29 fc 48 8b 45 d0 48
RIP: packet_len_2_sched_time net/sched/sch_netem.c:352 [inline] RSP:
ffff8880aec07210
RIP: netem_enqueue+0x976/0x27b0 net/sched/sch_netem.c:561 RSP:
ffff8880aec07210
---[ end trace a06f2ebfddfc0352 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: e1f7d50a Linux 4.14.160
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11c1bc3ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=46599517442ad9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=fdfb67fdb9be00877d3b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fdfb67...@syzkaller.appspotmail.com
Unknown ioctl 21376
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
divide error: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7011 Comm: syz-fuzzer Not tainted 4.14.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88808c80e3c0 task.stack: ffff888091c50000
RIP: 0010:packet_len_2_sched_time net/sched/sch_netem.c:352 [inline]
RIP: 0010:netem_enqueue+0x976/0x27b0 net/sched/sch_netem.c:561
RSP: 0000:ffff8880aec07210 EFLAGS: 00010246
RAX: 1aedcbe189692000 RBX: 0000000073a8a150 RCX: 000000000000001e
RDX: 0000000000000000 RSI: 000000000000206e RDI: ffff88808a591da8
RBP: ffff8880aec072a0 R08: 000000001cf06adb R09: ffff88821fff7008
R10: ffff88821fff7010 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000073000000 R15: ffff88808a591b40
FS: 0000000001958550(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f23432f2314 CR3: 00000000896e9000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__dev_xmit_skb net/core/dev.c:3229 [inline]
__dev_queue_xmit+0x12da/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x9a4/0xd40 net/bridge/br_device.c:83
__netdev_start_xmit include/linux/netdevice.h:4038 [inline]
netdev_start_xmit include/linux/netdevice.h:4047 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0x10bd/0x21b0 net/ipv6/ip6_output.c:120
ip6_finish_output+0x4f4/0xb50 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x20f/0x6d0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
mld_sendpack+0x8d1/0xd60 net/ipv6/mcast.c:1660
mld_send_cr net/ipv6/mcast.c:1956 [inline]
mld_ifc_timer_expire+0x3b6/0x7b0 net/ipv6/mcast.c:2455
call_timer_fn+0x161/0x670 kernel/time/timer.c:1279
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x5b7/0x1520 kernel/time/timer.c:1649
__do_softirq+0x244/0x9a0 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x160/0x1b0 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x146/0x5e0 arch/x86/kernel/apic/apic.c:1102
apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792
</IRQ>
RIP: 0033:0x409e9e
RSP: 002b:000000c456cb5c88 EFLAGS: 00000206 ORIG_RAX: ffffffffffffff10
RAX: 988e97f3ed44ebb9 RBX: 0000000000000012 RCX: 000000c4201d4ba0
RDX: 000000000098c0a8 RSI: 000000c4201d4ba0 RDI: 0000000000000038
RBP: 000000c456cb5ca0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000009bb552 R11: 0000000000000004 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100
Code: 85 4d 1c 00 00 45 8b b7 5c 02 00 00 89 f3 89 75 c0 45 85 f6 0f 85 5f
0a 00 00 e8 b6 7d 29 fc 48 69 c3 00 ca 9a 3b 45 89 e4 31 d2 <49> f7 f4 48
c1 e8 06 48 01 45 b8 e8 9a 7d 29 fc 48 8b 45 d0 48
RIP: packet_len_2_sched_time net/sched/sch_netem.c:352 [inline] RSP:
ffff8880aec07210
RIP: netem_enqueue+0x976/0x27b0 net/sched/sch_netem.c:561 RSP:
ffff8880aec07210
---[ end trace a06f2ebfddfc0352 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 26, 2019, 6:52:09 PM12/26/19
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: e1f7d50a Linux 4.14.160
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14a93ec1e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17f8d4e1e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fdfb67...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
task: ffff8880a9ecc640 task.stack: ffff8880a9ed8000
RBP: ffff8880aec06ea0 R08: 000000001cf06adb R09: ffff88821fff7008
FS: 0000000000000000(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline]
nf_hook_slow+0xaf/0x1b0 net/netfilter/core.c:467
nf_hook include/linux/netfilter.h:205 [inline]
NF_HOOK include/linux/netfilter.h:248 [inline]
br_forward_finish+0x1b7/0x320 net/bridge/br_forward.c:67
br_nf_hook_thresh+0x25b/0x2e0 net/bridge/br_netfilter_hooks.c:1005
br_nf_forward_finish+0x264/0x640 net/bridge/br_netfilter_hooks.c:550
br_nf_forward_ip+0x5fc/0x1190 net/bridge/br_netfilter_hooks.c:561
nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline]
nf_hook_slow+0xaf/0x1b0 net/netfilter/core.c:467
nf_hook include/linux/netfilter.h:205 [inline]
NF_HOOK include/linux/netfilter.h:248 [inline]
__br_forward+0x312/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
br_flood+0x43c/0x530 net/bridge/br_forward.c:222
br_handle_frame_finish+0xaf0/0x1800 net/bridge/br_input.c:210
br_nf_hook_thresh+0x25b/0x2e0 net/bridge/br_netfilter_hooks.c:1005
br_nf_pre_routing_finish_ipv6+0x621/0xc50
net/bridge/br_netfilter_ipv6.c:210
NF_HOOK include/linux/netfilter.h:250 [inline]
br_nf_pre_routing_ipv6+0x419/0x7a0 net/bridge/br_netfilter_ipv6.c:240
br_nf_pre_routing+0xdd0/0x12c5 net/bridge/br_netfilter_hooks.c:491
nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline]
nf_hook_slow+0xaf/0x1b0 net/netfilter/core.c:467
nf_hook include/linux/netfilter.h:205 [inline]
NF_HOOK include/linux/netfilter.h:248 [inline]
br_handle_frame+0x80c/0x1110 net/bridge/br_input.c:348
__netif_receive_skb_core+0x78d/0x2cb0 net/core/dev.c:4431
__netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4515
process_backlog+0x21f/0x730 net/core/dev.c:5197
napi_poll net/core/dev.c:5598 [inline]
net_rx_action+0x490/0xf80 net/core/dev.c:5664
__do_softirq+0x244/0x9a0 kernel/softirq.c:288
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1015
</IRQ>
do_softirq.part.0+0x10e/0x160 kernel/softirq.c:332
do_softirq kernel/softirq.c:324 [inline]
__local_bh_enable_ip+0x154/0x1a0 kernel/softirq.c:185
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:725 [inline]
ip6_finish_output2+0x9f3/0x21b0 net/ipv6/ip6_output.c:121
ndisc_send_ns+0x360/0x7e0 net/ipv6/ndisc.c:625
addrconf_dad_work+0xa81/0xfc0 net/ipv6/addrconf.c:3996
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
---[ end trace b20f88a4b87f0761 ]---
HEAD commit: e1f7d50a Linux 4.14.160
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=46599517442ad9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=fdfb67fdb9be00877d3b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11e2790ae00000
dashboard link: https://syzkaller.appspot.com/bug?extid=fdfb67fdb9be00877d3b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17f8d4e1e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fdfb67...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
divide error: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.160-syzkaller #0
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
Google 01/01/2011
task: ffff8880a9ecc640 task.stack: ffff8880a9ed8000
RIP: 0010:packet_len_2_sched_time net/sched/sch_netem.c:352 [inline]
RIP: 0010:netem_enqueue+0x976/0x27b0 net/sched/sch_netem.c:561
RSP: 0018:ffff8880aec06e10 EFLAGS: 00010246
RIP: 0010:netem_enqueue+0x976/0x27b0 net/sched/sch_netem.c:561
RAX: 1aedcbe189692000 RBX: 0000000073a8a150 RCX: 000000000000001e
RDX: 0000000000000000 RSI: 0000000000002056 RDI: ffff88809b915468
RBP: ffff8880aec06ea0 R08: 000000001cf06adb R09: ffff88821fff7008
R10: ffff88821fff7010 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000073000000 R15: ffff88809b915200
FS: 0000000000000000(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000600 CR3: 0000000007e6a000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__dev_xmit_skb net/core/dev.c:3229 [inline]
__dev_queue_xmit+0x12da/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
br_nf_dev_queue_xmit+0x309/0x1440 net/bridge/br_netfilter_hooks.c:776
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__dev_xmit_skb net/core/dev.c:3229 [inline]
__dev_queue_xmit+0x12da/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_nf_post_routing+0xb80/0xf00 net/bridge/br_netfilter_hooks.c:822
NF_HOOK include/linux/netfilter.h:244 [inline]
nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline]
nf_hook_slow+0xaf/0x1b0 net/netfilter/core.c:467
nf_hook include/linux/netfilter.h:205 [inline]
NF_HOOK include/linux/netfilter.h:248 [inline]
br_forward_finish+0x1b7/0x320 net/bridge/br_forward.c:67
br_nf_hook_thresh+0x25b/0x2e0 net/bridge/br_netfilter_hooks.c:1005
br_nf_forward_finish+0x264/0x640 net/bridge/br_netfilter_hooks.c:550
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_nf_forward_ip net/bridge/br_netfilter_hooks.c:617 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_nf_forward_ip+0x5fc/0x1190 net/bridge/br_netfilter_hooks.c:561
nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline]
nf_hook_slow+0xaf/0x1b0 net/netfilter/core.c:467
nf_hook include/linux/netfilter.h:205 [inline]
NF_HOOK include/linux/netfilter.h:248 [inline]
__br_forward+0x312/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
br_flood+0x43c/0x530 net/bridge/br_forward.c:222
br_handle_frame_finish+0xaf0/0x1800 net/bridge/br_input.c:210
br_nf_hook_thresh+0x25b/0x2e0 net/bridge/br_netfilter_hooks.c:1005
br_nf_pre_routing_finish_ipv6+0x621/0xc50
net/bridge/br_netfilter_ipv6.c:210
NF_HOOK include/linux/netfilter.h:250 [inline]
br_nf_pre_routing_ipv6+0x419/0x7a0 net/bridge/br_netfilter_ipv6.c:240
br_nf_pre_routing+0xdd0/0x12c5 net/bridge/br_netfilter_hooks.c:491
nf_hook_entry_hookfn include/linux/netfilter.h:108 [inline]
nf_hook_slow+0xaf/0x1b0 net/netfilter/core.c:467
nf_hook include/linux/netfilter.h:205 [inline]
NF_HOOK include/linux/netfilter.h:248 [inline]
br_handle_frame+0x80c/0x1110 net/bridge/br_input.c:348
__netif_receive_skb_core+0x78d/0x2cb0 net/core/dev.c:4431
__netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4515
process_backlog+0x21f/0x730 net/core/dev.c:5197
napi_poll net/core/dev.c:5598 [inline]
net_rx_action+0x490/0xf80 net/core/dev.c:5664
__do_softirq+0x244/0x9a0 kernel/softirq.c:288
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1015
</IRQ>
do_softirq.part.0+0x10e/0x160 kernel/softirq.c:332
do_softirq kernel/softirq.c:324 [inline]
__local_bh_enable_ip+0x154/0x1a0 kernel/softirq.c:185
local_bh_enable include/linux/bottom_half.h:32 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:725 [inline]
ip6_finish_output2+0x9f3/0x21b0 net/ipv6/ip6_output.c:121
ip6_finish_output+0x4f4/0xb50 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x20f/0x6d0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
ndisc_send_skb+0xb56/0x11e0 net/ipv6/ndisc.c:483
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x20f/0x6d0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:462 [inline]
NF_HOOK include/linux/netfilter.h:250 [inline]
ndisc_send_ns+0x360/0x7e0 net/ipv6/ndisc.c:625
addrconf_dad_work+0xa81/0xfc0 net/ipv6/addrconf.c:3996
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 85 4d 1c 00 00 45 8b b7 5c 02 00 00 89 f3 89 75 c0 45 85 f6 0f 85 5f
0a 00 00 e8 b6 7d 29 fc 48 69 c3 00 ca 9a 3b 45 89 e4 31 d2 <49> f7 f4 48
c1 e8 06 48 01 45 b8 e8 9a 7d 29 fc 48 8b 45 d0 48
RIP: packet_len_2_sched_time net/sched/sch_netem.c:352 [inline] RSP:
ffff8880aec06e10
0a 00 00 e8 b6 7d 29 fc 48 69 c3 00 ca 9a 3b 45 89 e4 31 d2 <49> f7 f4 48
c1 e8 06 48 01 45 b8 e8 9a 7d 29 fc 48 8b 45 d0 48
RIP: packet_len_2_sched_time net/sched/sch_netem.c:352 [inline] RSP:
RIP: netem_enqueue+0x976/0x27b0 net/sched/sch_netem.c:561 RSP:
ffff8880aec06e10
---[ end trace b20f88a4b87f0761 ]---
Harshit Mogalapalli
Nov 9, 2021, 2:44:12 AM11/9/21
to syzkaller-lts-bugs
Hi,
I am new to working with syzkaller. I have a doubt in dashboard for this bug.
The current dashboard for this https://syzkaller.appspot.com/bug?extid=fdfb67fdb9be00877d3b has two different reproducers and reports addressed in the same page. I am referring to first and third entry on Crashes table.
I am new to working with syzkaller. I have a doubt in dashboard for this bug.
The current dashboard for this https://syzkaller.appspot.com/bug?extid=fdfb67fdb9be00877d3b has two different reproducers and reports addressed in the same page. I am referring to first and third entry on Crashes table.
Crashes (29):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/12/19 12:46 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report syz C
ci2-linux-4-14 2020/12/17 23:49 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report syz C
ci2-linux-4-14 2019/12/26 23:51 linux-4.14.y e1f7d50ae3a3 be5c2c81 .config log report syz C
The first entry and third entry points to different divide errors in same function. Could someone please confirm if the crashes correspond to different divide errors in which case they should be reported by different ids?
Thanks,
Harshit
Reply all
Reply to author
Forward
0 new messages