ci2 starts bisection 2023-05-25 13:29:15.840673411 +0000 UTC m=+11330.236883931
bisecting fixing commit since 115472395b0a9ea522ba0e106d6dfd7a73df8ba6
building syzkaller on fbf0499acc828df26995835e51d83c3a0117e716
ensuring issue is reproducible on original commit 115472395b0a9ea522ba0e106d6dfd7a73df8ba6

testing commit 115472395b0a9ea522ba0e106d6dfd7a73df8ba6 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 260d45490e81e8187187517f19179005db3b8c84f6e5afe0a82b68b95c2a10cb
run #0: infra problem: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0000344b0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 80.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: infra problem: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0051ba2d0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 80.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: infra problem: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0051ba500] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 80.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #3: infra problem: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0019ac640] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 80.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #4: crashed: WARNING in ieee80211_free_ack_frame
run #5: crashed: WARNING in ieee80211_free_ack_frame
run #6: crashed: WARNING in ieee80211_free_ack_frame
run #7: crashed: WARNING in ieee80211_free_ack_frame
run #8: crashed: WARNING in ieee80211_free_ack_frame
run #9: crashed: WARNING in ieee80211_free_ack_frame
run #10: crashed: WARNING in ieee80211_free_ack_frame
run #11: crashed: WARNING in ieee80211_free_ack_frame
run #12: crashed: WARNING in ieee80211_free_ack_frame
run #13: crashed: WARNING in ieee80211_free_ack_frame
run #14: crashed: WARNING in ieee80211_free_ack_frame
run #15: crashed: WARNING in ieee80211_free_ack_frame
run #16: crashed: WARNING in ieee80211_free_ack_frame
run #17: crashed: WARNING in ieee80211_free_ack_frame
run #18: crashed: WARNING in ieee80211_free_ack_frame
run #19: crashed: WARNING in ieee80211_free_ack_frame
testing current HEAD 1fe619a7d25218e9b9fdcce9fcac6a05cd62abed
testing commit 1fe619a7d25218e9b9fdcce9fcac6a05cd62abed gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8f4521637ef3accbc08e4cec5d17cab2a91df6a4b0c597b4d9a144b099cf02e0
all runs: crashed: WARNING in ieee80211_free_ack_frame
crash still not fixed/happens on the oldest tested release
revisions tested: 2, total time: 45m18.649168655s (build: 37m18.956018283s, test: 7m3.204407541s)
crash still not fixed on HEAD or HEAD had kernel test errors
commit msg: Linux 5.15.113
crash: WARNING in ieee80211_free_ack_frame
------------[ cut here ]------------
Have pending ack frames!
WARNING: CPU: 1 PID: 9 at net/mac80211/main.c:1418 ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418
Modules linked in:
CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 5.15.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Workqueue: netns cleanup_net
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418
lr : ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418
sp : ffff800017437700
x29: ffff800017437700 x28: 0000000000000000 x27: dfff800000000000
x26: 1ffff00002e86eec x25: 0000000000000001 x24: ffff0000e322c2f0
x23: ffff0000c2e8b280 x22: ffff800017437760 x21: 1ffff00002e86eed
x20: ffff800010100ffc x19: ffff0000c9a42c80 x18: 1fffe0003695558e
x17: 1fffe0003695558e x16: ffff8000106d6bdc x15: ffff800013647320
x14: 1ffff000026b606a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000001 x10: 0000000000000000 x9 : e7882124d575db00
x8 : e7882124d575db00 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000a39d048
x2 : ffff0001b4aaad10 x1 : ffff800010cca280 x0 : 0000000000000018
Call trace:
 ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418
 idr_for_each+0x190/0x254 lib/idr.c:208
 ieee80211_free_hw+0xb8/0x30c net/mac80211/main.c:1436
 mac80211_hwsim_del_radio+0x228/0x380 drivers/net/wireless/mac80211_hwsim.c:3476
 hwsim_exit_net+0x388/0x564 drivers/net/wireless/mac80211_hwsim.c:4242
 ops_exit_list net/core/net_namespace.c:169 [inline]
 cleanup_net+0x4dc/0x838 net/core/net_namespace.c:596
 process_one_work+0x698/0xf54 kernel/workqueue.c:2307
 worker_thread+0x7f8/0xe68 kernel/workqueue.c:2454
 kthread+0x318/0x3ec kernel/kthread.c:319
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 3460464
hardirqs last  enabled at (3460463): [<ffff80000820f284>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1338 [inline]
hardirqs last  enabled at (3460463): [<ffff80000820f284>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:4780
hardirqs last disabled at (3460464): [<ffff8000106d2270>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (3458092): [<ffff80000ef2a840>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last  enabled at (3458092): [<ffff80000ef2a840>] netif_addr_unlock_bh include/linux/netdevice.h:4617 [inline]
softirqs last  enabled at (3458092): [<ffff80000ef2a840>] dev_mc_flush+0x184/0x1c8 net/core/dev_addr_lists.c:1001
softirqs last disabled at (3458090): [<ffff80000ef2ad00>] local_bh_disable+0xc/0x2c include/linux/bottom_half.h:18
---[ end trace aa16170f6a86e003 ]---
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
device hsr_slave_0 left promiscuous mode
device hsr_slave_1 left promiscuous mode
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0