bisecting fixing commit since 36a21d51725af2ce0700c6ebcb6b9594aac658a6
building syzkaller on 6972b10616d785401dea17cec890cca8916424a7
testing commit 36a21d51725af2ce0700c6ebcb6b9594aac658a6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 861a1edb0c9dac3975e852a96122f60160a4fa575a54ec1bfb5b214c95b81335
all runs: crashed: divide error in ath9k_htc_swba
testing current HEAD 136057256686de39cc3a07c2e39ef6bc43003ff6
testing commit 136057256686de39cc3a07c2e39ef6bc43003ff6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b79324c4ad011d3396366cf91594c724613510f7a2a3583a7e0083b1c7280429
all runs: crashed: divide error in ath9k_htc_swba
revisions tested: 2, total time: 20m43.791883992s (build: 13m2.048059118s, test: 6m58.062157102s)
the crash still happens on HEAD
commit msg: Linux 5.16-rc2
crash: divide error in ath9k_htc_swba
divide error: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8743 Comm: kworker/1:6 Not tainted 5.16.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events request_firmware_work_func
RIP: 0010:ath9k_htc_choose_bslot drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:277 [inline]
RIP: 0010:ath9k_htc_swba+0x18b/0xb10 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:310
Code: c0 40 84 c6 0f 85 b1 08 00 00 48 8b 55 00 0f b7 c9 bd 01 00 00 00 48 0f ca 48 89 d0 c1 ea 0a 48 c1 e8 20 c1 e0 16 09 d0 31 d2 <f7> f1 8d 04 12 31 d2 f7 f1 29 c5 48 8d 83 b0 03 00 00 48 89 c7 48
RSP: 0018:ffffc90000dc0dc8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88805da132e0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: ffffffff8ee66947
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000001002 R14: ffff88805da132e0 R15: ffff8880729d5000
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1b0214f000 CR3: 000000001c2aa000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 ath9k_wmi_event_tasklet+0x28f/0x3f0 drivers/net/wireless/ath/ath9k/wmi.c:165
 tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:783
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:console_unlock+0x4df/0x870 kernel/printk/printk.c:2716
Code: 77 2a fe ff e8 a2 29 00 00 48 83 3c 24 00 0f 85 e0 01 00 00 9c 58 f6 c4 02 0f 85 d3 02 00 00 48 83 3c 24 00 74 01 fb 45 85 e4 <0f> 85 27 02 00 00 8b 54 24 30 85 d2 0f 84 70 fc ff ff 31 d2 be a0
RSP: 0018:ffffc9000b6ef538 EFLAGS: 00000246
RAX: 0000000000000006 RBX: dffffc0000000000 RCX: 1ffffffff1dcce16
RDX: 0000000000000000 RSI: ffffffff88cb5520 RDI: ffffffff89216460
RBP: ffffc9000b6ef590 R08: 0000000000000001 R09: ffffffff8ee66947
R10: 0000000000000001 R11: 0000000020627375 R12: 0000000000000000
R13: ffffffff8b7edd68 R14: ffffffff8b7edd30 R15: 0000000000000000
 vprintk_emit+0x99/0x2f0 kernel/printk/printk.c:2245
 dev_vprintk_emit+0x2c9/0x30d drivers/base/core.c:4594
 dev_printk_emit+0x9d/0xce drivers/base/core.c:4605
 _dev_err+0xc8/0xf6 drivers/base/core.c:4660
 hif_usb_send.cold+0x37/0x49 drivers/net/wireless/ath/ath9k/hif_usb.c:482
 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]
 htc_connect_service+0x697/0x970 drivers/net/wireless/ath/ath9k/htc_hst.c:275
 ath9k_htc_connect_svc drivers/net/wireless/ath/ath9k/htc_drv_init.c:137 [inline]
 ath9k_init_htc_services.constprop.0+0x11a/0x540 drivers/net/wireless/ath/ath9k/htc_drv_init.c:151
 ath9k_htc_probe_device+0x237/0x1e30 drivers/net/wireless/ath/ath9k/htc_drv_init.c:960
 ath9k_htc_hw_init+0x8/0x20 drivers/net/wireless/ath/ath9k/htc_hst.c:503
 ath9k_hif_usb_firmware_cb+0x23b/0x4d0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239
 request_firmware_work_func+0x126/0x230 drivers/base/firmware_loader/main.c:1022
 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298
 worker_thread+0x598/0x1040 kernel/workqueue.c:2445
 kthread+0x3ab/0x480 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 2e0575ae8086ea61 ]---
RIP: 0010:ath9k_htc_choose_bslot drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:277 [inline]
RIP: 0010:ath9k_htc_swba+0x18b/0xb10 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:310
Code: c0 40 84 c6 0f 85 b1 08 00 00 48 8b 55 00 0f b7 c9 bd 01 00 00 00 48 0f ca 48 89 d0 c1 ea 0a 48 c1 e8 20 c1 e0 16 09 d0 31 d2 <f7> f1 8d 04 12 31 d2 f7 f1 29 c5 48 8d 83 b0 03 00 00 48 89 c7 48
RSP: 0018:ffffc90000dc0dc8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88805da132e0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: ffffffff8ee66947
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000001002 R14: ffff88805da132e0 R15: ffff8880729d5000
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1b0214f000 CR3: 000000001c2aa000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	c0 40 84 c6          	rolb   $0xc6,-0x7c(%rax)
   4:	0f 85 b1 08 00 00    	jne    0x8bb
   a:	48 8b 55 00          	mov    0x0(%rbp),%rdx
   e:	0f b7 c9             	movzwl %cx,%ecx
  11:	bd 01 00 00 00       	mov    $0x1,%ebp
  16:	48 0f ca             	bswap  %rdx
  19:	48 89 d0             	mov    %rdx,%rax
  1c:	c1 ea 0a             	shr    $0xa,%edx
  1f:	48 c1 e8 20          	shr    $0x20,%rax
  23:	c1 e0 16             	shl    $0x16,%eax
  26:	09 d0                	or     %edx,%eax
  28:	31 d2                	xor    %edx,%edx
* 2a:	f7 f1                	div    %ecx <-- trapping instruction
  2c:	8d 04 12             	lea    (%rdx,%rdx,1),%eax
  2f:	31 d2                	xor    %edx,%edx
  31:	f7 f1                	div    %ecx
  33:	29 c5                	sub    %eax,%ebp
  35:	48 8d 83 b0 03 00 00 	lea    0x3b0(%rbx),%rax
  3c:	48 89 c7             	mov    %rax,%rdi
  3f:	48                   	rex.W