bisecting fixing commit since 36a21d51725af2ce0700c6ebcb6b9594aac658a6 building syzkaller on 6972b10616d785401dea17cec890cca8916424a7 testing commit 36a21d51725af2ce0700c6ebcb6b9594aac658a6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 861a1edb0c9dac3975e852a96122f60160a4fa575a54ec1bfb5b214c95b81335 all runs: crashed: divide error in ath9k_htc_swba testing current HEAD 9c0c4d24ac000e52d55348961d3a3ba42065e0cf testing commit 9c0c4d24ac000e52d55348961d3a3ba42065e0cf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 192e189f142ac78ee8961bfd95d805b23040d28435aabc9eeeb4b66442986a86 all runs: crashed: divide error in ath9k_htc_swba revisions tested: 2, total time: 21m2.855704861s (build: 13m19.371045075s, test: 7m9.501912101s) the crash still happens on HEAD commit msg: Merge tag 'block-5.15-2021-10-22' of git://git.kernel.dk/linux-block crash: divide error in ath9k_htc_swba divide error: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 2991 Comm: kworker/1:4 Not tainted 5.15.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events request_firmware_work_func RIP: 0010:ath9k_htc_choose_bslot drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:277 [inline] RIP: 0010:ath9k_htc_swba+0x18b/0xb10 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:310 Code: c0 40 84 c6 0f 85 b1 08 00 00 48 8b 55 00 0f b7 c9 bd 01 00 00 00 48 0f ca 48 89 d0 c1 ea 0a 48 c1 e8 20 c1 e0 16 09 d0 31 d2 f1 8d 04 12 31 d2 f7 f1 29 c5 48 8d 83 b0 03 00 00 48 89 c7 48 RSP: 0018:ffffc90000dc0dc8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888062b9b2a0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000001 R09: ffffffff8ee07927 R10: 0000000000000001 R11: 000000000007a089 R12: 0000000000000000 R13: 0000000000001002 R14: ffff888062b9b2a0 R15: ffff888070c99b40 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005680c0 CR3: 0000000019245000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ath9k_wmi_event_tasklet+0x28f/0x3f0 drivers/net/wireless/ath/ath9k/wmi.c:165 tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:783 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:console_unlock+0x4df/0x870 kernel/printk/printk.c:2715 Code: e7 2a fe ff e8 62 29 00 00 48 83 3c 24 00 0f 85 e0 01 00 00 9c 58 f6 c4 02 0f 85 d3 02 00 00 48 83 3c 24 00 74 01 fb 45 85 e4 <0f> 85 27 02 00 00 8b 54 24 30 85 d2 0f 84 70 fc ff ff 31 d2 be 9f RSP: 0018:ffffc9000ccbf5e8 EFLAGS: 00000246 RAX: 0000000000000002 RBX: dffffc0000000000 RCX: 1ffffffff1dc1012 RDX: 0000000000000000 RSI: ffffffff88cb47a0 RDI: ffffffff89208720 RBP: ffffc9000ccbf640 R08: 0000000000000001 R09: ffffffff8ee07927 R10: 0000000000000001 R11: 74685f6b39687461 R12: 0000000000000000 R13: ffffffff8b7d0248 R14: ffffffff8b7d0210 R15: 0000000000000000 vprintk_emit+0x99/0x2f0 kernel/printk/printk.c:2244 dev_vprintk_emit+0x2c9/0x30d drivers/base/core.c:4596 dev_printk_emit+0x9d/0xce drivers/base/core.c:4607 _dev_err+0xc8/0xf6 drivers/base/core.c:4662 ath9k_init_htc_services.constprop.0.cold+0x28/0x133 drivers/net/wireless/ath/ath9k/htc_drv_init.c:220 ath9k_htc_probe_device+0x237/0x1d80 drivers/net/wireless/ath/ath9k/htc_drv_init.c:960 ath9k_htc_hw_init+0x8/0x20 drivers/net/wireless/ath/ath9k/htc_hst.c:503 ath9k_hif_usb_firmware_cb+0x23b/0x4d0 drivers/net/wireless/ath/ath9k/hif_usb.c:1239 request_firmware_work_func+0x126/0x230 drivers/base/firmware_loader/main.c:1081 process_one_work+0x87f/0x1450 kernel/workqueue.c:2297 worker_thread+0x598/0x1040 kernel/workqueue.c:2444 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Modules linked in: ---[ end trace 3598d31a07825687 ]--- RIP: 0010:ath9k_htc_choose_bslot drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:277 [inline] RIP: 0010:ath9k_htc_swba+0x18b/0xb10 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c:310 Code: c0 40 84 c6 0f 85 b1 08 00 00 48 8b 55 00 0f b7 c9 bd 01 00 00 00 48 0f ca 48 89 d0 c1 ea 0a 48 c1 e8 20 c1 e0 16 09 d0 31 d2 f1 8d 04 12 31 d2 f7 f1 29 c5 48 8d 83 b0 03 00 00 48 89 c7 48 RSP: 0018:ffffc90000dc0dc8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888062b9b2a0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 RBP: 0000000000000001 R08: 0000000000000001 R09: ffffffff8ee07927 R10: 0000000000000001 R11: 000000000007a089 R12: 0000000000000000 R13: 0000000000001002 R14: ffff888062b9b2a0 R15: ffff888070c99b40 FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005680c0 CR3: 0000000019245000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: c0 40 84 c6 rolb $0xc6,-0x7c(%rax) 4: 0f 85 b1 08 00 00 jne 0x8bb a: 48 8b 55 00 mov 0x0(%rbp),%rdx e: 0f b7 c9 movzwl %cx,%ecx 11: bd 01 00 00 00 mov $0x1,%ebp 16: 48 0f ca bswap %rdx 19: 48 89 d0 mov %rdx,%rax 1c: c1 ea 0a shr $0xa,%edx 1f: 48 c1 e8 20 shr $0x20,%rax 23: c1 e0 16 shl $0x16,%eax 26: 09 d0 or %edx,%eax 28: 31 d2 xor %edx,%edx * 2a: f7 f1 div %ecx <-- trapping instruction 2c: 8d 04 12 lea (%rdx,%rdx,1),%eax 2f: 31 d2 xor %edx,%edx 31: f7 f1 div %ecx 33: 29 c5 sub %eax,%ebp 35: 48 8d 83 b0 03 00 00 lea 0x3b0(%rbx),%rax 3c: 48 89 c7 mov %rax,%rdi 3f: 48 rex.W