syzbot

 sign-in | mailing list | source | docs
🐞 Open [801]
🐞 Fixed [135]
🐞 Invalid [922]
Missing Backports [77]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in ieee80211_free_ack_frame

Status: upstream: reported on 2025/08/03 17:18
Reported-by: syzbot+b8d193f52213886b7e01@syzkaller.appspotmail.com
First crash: 87d, last: 4d05h
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING in ieee80211_free_ack_frame -1 C error 97 983d 1848d 0/1 upstream: reported C repro on 2020/10/07 07:47
upstream WARNING in ieee80211_free_ack_frame (2) wireless -1 C error done 178 7d10h 1444d 0/29 upstream: reported C repro on 2021/11/15 07:38
upstream WARNING in ieee80211_free_ack_frame wireless -1 syz done 117 1454d 1848d 20/29 fixed on 2021/11/10 00:50
linux-5.15 WARNING in ieee80211_free_ack_frame origin:upstream -1 C error 1 102d 948d 0/3 auto-obsoleted due to no activity on 2025/10/27 06:34

Sample crash report:
------------[ cut here ]------------
Have pending ack frames!
WARNING: CPU: 0 PID: 9 at net/mac80211/main.c:1513 ieee80211_free_ack_frame+0x64/0x6c net/mac80211/main.c:1513
Modules linked in:
CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Workqueue: netns cleanup_net
pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ieee80211_free_ack_frame+0x64/0x6c net/mac80211/main.c:1513
lr : ieee80211_free_ack_frame+0x64/0x6c net/mac80211/main.c:1513
sp : ffff80001c867760
x29: ffff80001c867760 x28: 0000000000000000 x27: ffff80001c8677a0
x26: dfff800000000000 x25: dfff800000000000 x24: ffff0000cf3d8000
x23: 0000000000000001 x22: ffff0000e2ad79f0 x21: ffff0000d9c7b288
x20: ffff800017a8b000 x19: ffff0000f58d7780 x18: ffff800011abbcc0
x17: 1fffe00033ed797e x16: ffff8000082d25b8 x15: 0000000040000000
x14: 0000000000000002 x13: 1ffff00002a180b1 x12: 0000000000ff0100
x11: ff0080000a893e94 x10: 0000000000000003 x9 : fe5379574d807f00
x8 : fe5379574d807f00 x7 : ffff800008251e80 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000007 x1 : ffff800011abd7c0 x0 : ffff80018a6a7000
Call trace:
 ieee80211_free_ack_frame+0x64/0x6c net/mac80211/main.c:1513
 idr_for_each+0x17c/0x248 lib/idr.c:208
 ieee80211_free_hw+0xc4/0x40c net/mac80211/main.c:1531
 mac80211_hwsim_del_radio+0x260/0x3a8 drivers/net/wireless/mac80211_hwsim.c:4691
 hwsim_exit_net+0x49c/0x558 drivers/net/wireless/mac80211_hwsim.c:5475
 ops_exit_list net/core/net_namespace.c:172 [inline]
 cleanup_net+0x5c4/0xa74 net/core/net_namespace.c:640
 process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
 worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
irq event stamp: 3671920
hardirqs last  enabled at (3671919): [<ffff800008251f14>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last  enabled at (3671919): [<ffff800008251f14>] finish_lock_switch+0xb0/0x1c4 kernel/sched/core.c:5003
hardirqs last disabled at (3671920): [<ffff80001195c1f0>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (3669448): [<ffff80000fd6f8d8>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (3669448): [<ffff80000fd6f8d8>] netif_addr_unlock_bh include/linux/netdevice.h:4510 [inline]
softirqs last  enabled at (3669448): [<ffff80000fd6f8d8>] dev_mc_flush+0x1b0/0x1f4 net/core/dev_addr_lists.c:1036
softirqs last disabled at (3669446): [<ffff80000fd6fe08>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/25 21:22 linux-6.1.y 8e6e2188d949 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in ieee80211_free_ack_frame
2025/08/03 17:17 linux-6.1.y 3594f306da12 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in ieee80211_free_ack_frame
* Struck through repros no longer work on HEAD.