bisecting fixing commit since eb575cd5d7f60241d016fdd13a9e86d962093c9b building syzkaller on aba2b2fb3544d9e42991237c13d8cada421deda5 testing commit eb575cd5d7f60241d016fdd13a9e86d962093c9b compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0a09b9eaee220b110b74d5b4735cca290595d4e75fe4631e95c3f42c6c02cfb5 run #0: crashed: WARNING in tcp_cwnd_reduction run #1: crashed: divide error in tcp_reno_cong_avoid run #2: crashed: divide error in tcp_reno_cong_avoid run #3: crashed: divide error in tcp_reno_cong_avoid run #4: crashed: divide error in tcp_reno_cong_avoid run #5: crashed: divide error in tcp_reno_cong_avoid run #6: crashed: divide error in tcp_reno_cong_avoid run #7: crashed: divide error in tcp_reno_cong_avoid run #8: crashed: divide error in tcp_reno_cong_avoid run #9: crashed: divide error in tcp_reno_cong_avoid run #10: crashed: WARNING in tcp_cwnd_reduction run #11: crashed: WARNING in tcp_cwnd_reduction run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK testing current HEAD 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1 testing commit 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 5ff708dd4bf6dc3ce0a697d773bfac389ef681f1f789e46a935f65ae41e4f6f8 run #0: crashed: divide error in tcp_reno_cong_avoid run #1: crashed: divide error in tcp_reno_cong_avoid run #2: crashed: divide error in tcp_reno_cong_avoid run #3: crashed: WARNING in tcp_cwnd_reduction run #4: crashed: divide error in tcp_reno_cong_avoid run #5: crashed: divide error in tcp_reno_cong_avoid run #6: crashed: WARNING in tcp_cwnd_reduction run #7: OK run #8: OK run #9: OK revisions tested: 2, total time: 44m1.507487732s (build: 20m22.582409859s, test: 23m2.643201938s) the crash still happens on HEAD commit msg: Linux 4.19.204 crash: WARNING in tcp_cwnd_reduction nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 WARNING: CPU: 0 PID: 9 at net/ipv4/tcp_input.c:2472 tcp_cwnd_reduction+0x27f/0x3c0 net/ipv4/tcp_input.c:2482 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.204-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x226 lib/dump_stack.c:118 panic+0x1cd/0x375 kernel/panic.c:186 __warn.cold.7+0x1b/0x36 kernel/panic.c:541 report_bug+0x1a1/0x200 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:tcp_cwnd_reduction+0x27f/0x3c0 net/ipv4/tcp_input.c:2472 Code: 31 d2 4b 8d 44 30 ff 49 f7 f0 29 f8 eb 97 c3 41 29 fe 89 f0 41 39 f6 41 0f 4d c6 83 c0 01 44 39 e0 41 0f 4f c4 e9 7b ff ff ff <0f> 0b eb bf 89 55 d0 89 75 d4 e8 32 f6 12 fb 8b 55 d0 8b 75 d4 e9 RSP: 0018:ffff8880b59b7350 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88809d3924c0 RCX: 0000000000000007 RDX: 0000000000005706 RSI: 0000000000000010 RDI: ffff88809d392d6c RBP: ffff8880b59b7390 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000013d09e58 R12: 0000000000000010 R13: ffffffff8abb1360 R14: ffff8880b59b7630 R15: 0000000000001204 tcp_cong_control net/ipv4/tcp_input.c:3322 [inline] tcp_ack+0x2f1f/0x5740 net/ipv4/tcp_input.c:3715 tcp_rcv_established+0x58d/0x1e60 net/ipv4/tcp_input.c:5666 tcp_v4_do_rcv+0x52f/0x790 net/ipv4/tcp_ipv4.c:1547 tcp_v4_rcv+0x2ab8/0x3bb0 net/ipv4/tcp_ipv4.c:1832 ip_local_deliver_finish+0x3be/0x9a0 net/ipv4/ip_input.c:215 NF_HOOK include/linux/netfilter.h:289 [inline] ip_local_deliver+0x164/0x4b0 net/ipv4/ip_input.c:256 dst_input include/net/dst.h:461 [inline] ip_rcv_finish+0x159/0x240 net/ipv4/ip_input.c:414 NF_HOOK include/linux/netfilter.h:289 [inline] ip_rcv+0xc1/0x2f0 net/ipv4/ip_input.c:524 __netif_receive_skb_one_core+0x112/0x1a0 net/core/dev.c:4954 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:5066 process_backlog+0x220/0x710 net/core/dev.c:5849 napi_poll net/core/dev.c:6280 [inline] net_rx_action+0x454/0xe30 net/core/dev.c:6346 __do_softirq+0x25f/0x919 kernel/softirq.c:292 run_ksoftirqd+0x5e/0x100 kernel/softirq.c:653 smpboot_thread_fn+0x55f/0x8a0 kernel/smpboot.c:164 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Kernel Offset: disabled Rebooting in 86400 seconds.. ---------------- Code disassembly (best guess): 0: 31 d2 xor %edx,%edx 2: 4b 8d 44 30 ff lea -0x1(%r8,%r14,1),%rax 7: 49 f7 f0 div %r8 a: 29 f8 sub %edi,%eax c: eb 97 jmp 0xffffffa5 e: c3 retq f: 41 29 fe sub %edi,%r14d 12: 89 f0 mov %esi,%eax 14: 41 39 f6 cmp %esi,%r14d 17: 41 0f 4d c6 cmovge %r14d,%eax 1b: 83 c0 01 add $0x1,%eax 1e: 44 39 e0 cmp %r12d,%eax 21: 41 0f 4f c4 cmovg %r12d,%eax 25: e9 7b ff ff ff jmpq 0xffffffa5 2a: 0f 0b ud2 <-- trapping instruction 2c: eb bf jmp 0xffffffed 2e: 89 55 d0 mov %edx,-0x30(%rbp) 31: 89 75 d4 mov %esi,-0x2c(%rbp) 34: e8 32 f6 12 fb callq 0xfb12f66b 39: 8b 55 d0 mov -0x30(%rbp),%edx 3c: 8b 75 d4 mov -0x2c(%rbp),%esi 3f: e9 .byte 0xe9