divide error in comedi_buf_write

Title	Replies (including bot)	Last reply
[syzbot] [kernel?] divide error in comedi_buf_write_free	0 (1)	2025/07/09 17:38

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	divide error in comedi_buf_write_free	2				1	2d09h	2d09h	0/3	upstream: reported on 2025/07/09 05:29

Kernel

Title

Rank 🛈

linux-5.15

divide error in comedi_buf_write_free

2d09h

0/3

upstream: reported on 2025/07/09 05:29

Oops: divide error: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc5-next-20250708-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:comedi_buf_munge drivers/comedi/comedi_buf.c:347 [inline] RIP: 0010:comedi_buf_write_free+0x3c8/0x7e0 drivers/comedi/comedi_buf.c:391 Code: 41 03 45 00 48 8b 4c 24 78 42 0f b6 0c 21 84 c9 4c 8b bc 24 90 00 00 00 44 8b 74 24 54 0f 85 02 01 00 00 31 d2 48 8b 4c 24 30 <f7> 31 41 89 55 00 48 8b 44 24 70 42 0f b6 04 20 84 c0 0f 85 09 01 RSP: 0018:ffffc90000007bd8 EFLAGS: 00010046 RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffff888030a20880 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88806b192000 RBP: 0000000000000002 R08: 0000000000000000 R09: 00000000000000ff R10: dffffc0000000000 R11: ffffffff88e91b20 R12: dffffc0000000000 R13: ffff888030a20838 R14: 0000000000000000 R15: ffff888030a20800 FS: 0000000000000000(0000) GS:ffff888125bd7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007faab2ff5f98 CR3: 0000000033708000 CR4: 00000000003526f0 Call Trace: <IRQ> comedi_buf_write_samples+0x369/0x5a0 drivers/comedi/comedi_buf.c:602 das16m1_handler+0x213/0x4b0 drivers/comedi/drivers/das16m1.c:413 das16m1_interrupt+0xaf/0x180 drivers/comedi/drivers/das16m1.c:470 __handle_irq_event_percpu+0x289/0x980 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x267/0x9c0 kernel/irq/chip.c:797 generic_handle_irq_desc include/linux/irqdesc.h:173 [inline] handle_irq arch/x86/kernel/irq.c:254 [inline] call_irq_handler arch/x86/kernel/irq.c:266 [inline] __common_interrupt+0x140/0x250 arch/x86/kernel/irq.c:292 common_interrupt+0xb6/0xe0 arch/x86/kernel/irq.c:285 </IRQ> <TASK> asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82 Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d c3 ec 0f 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 RAX: 709f8e7c1b77cc00 RBX: ffffffff8196cd28 RCX: 709f8e7c1b77cc00 RDX: 0000000000000001 RSI: ffffffff8d9aefc8 RDI: ffffffff8be33740 RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa35430 R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:757 default_idle_call+0x74/0xb0 kernel/sched/idle.c:122 cpuidle_idle_call kernel/sched/idle.c:190 [inline] do_idle+0x1e8/0x510 kernel/sched/idle.c:330 cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:428 rest_init+0x2de/0x300 init/main.c:744 start_kernel+0x47d/0x500 init/main.c:1097 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:307 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:288 common_startup_64+0x13e/0x147 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:comedi_buf_munge drivers/comedi/comedi_buf.c:347 [inline] RIP: 0010:comedi_buf_write_free+0x3c8/0x7e0 drivers/comedi/comedi_buf.c:391 Code: 41 03 45 00 48 8b 4c 24 78 42 0f b6 0c 21 84 c9 4c 8b bc 24 90 00 00 00 44 8b 74 24 54 0f 85 02 01 00 00 31 d2 48 8b 4c 24 30 <f7> 31 41 89 55 00 48 8b 44 24 70 42 0f b6 04 20 84 c0 0f 85 09 01 RSP: 0018:ffffc90000007bd8 EFLAGS: 00010046 RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffff888030a20880 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88806b192000 RBP: 0000000000000002 R08: 0000000000000000 R09: 00000000000000ff R10: dffffc0000000000 R11: ffffffff88e91b20 R12: dffffc0000000000 R13: ffff888030a20838 R14: 0000000000000000 R15: ffff888030a20800 FS: 0000000000000000(0000) GS:ffff888125bd7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007faab2ff5f98 CR3: 0000000033708000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 41 03 45 00 add 0x0(%r13),%eax 4: 48 8b 4c 24 78 mov 0x78(%rsp),%rcx 9: 42 0f b6 0c 21 movzbl (%rcx,%r12,1),%ecx e: 84 c9 test %cl,%cl 10: 4c 8b bc 24 90 00 00 mov 0x90(%rsp),%r15 17: 00 18: 44 8b 74 24 54 mov 0x54(%rsp),%r14d 1d: 0f 85 02 01 00 00 jne 0x125 23: 31 d2 xor %edx,%edx 25: 48 8b 4c 24 30 mov 0x30(%rsp),%rcx * 2a: f7 31 divl (%rcx) <-- trapping instruction 2c: 41 89 55 00 mov %edx,0x0(%r13) 30: 48 8b 44 24 70 mov 0x70(%rsp),%rax 35: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax 3a: 84 c0 test %al,%al 3c: 0f .byte 0xf 3d: 85 09 test %ecx,(%rcx) 3f: 01 .byte 0x1

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2025/07/09 09:36	linux-next	58ba80c47402	abade794	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	divide error in comedi_buf_write_free
2025/07/09 06:13	linux-next	58ba80c47402	abade794	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	divide error in comedi_buf_write_free
2025/07/09 04:56	linux-next	58ba80c47402	abade794	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	divide error in comedi_buf_write_free

Crashes (3):

Assets (help?)