ci2 starts bisection 2023-04-25 11:49:24.103606811 +0000 UTC m=+41319.821505782 bisecting fixing commit since 115472395b0a9ea522ba0e106d6dfd7a73df8ba6 building syzkaller on fbf0499acc828df26995835e51d83c3a0117e716 ensuring issue is reproducible on original commit 115472395b0a9ea522ba0e106d6dfd7a73df8ba6 testing commit 115472395b0a9ea522ba0e106d6dfd7a73df8ba6 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 260d45490e81e8187187517f19179005db3b8c84f6e5afe0a82b68b95c2a10cb run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000b20b90] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00113ed70] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #2: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000b20cd0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #3: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00113eeb0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #4: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00113f040] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #5: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00113f0e0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #6: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000b20e10] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #7: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000b20eb0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #8: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000b20f50] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #9: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0097fc050] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #10: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000c220a0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #11: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00074a0f0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #12: crashed: WARNING in ieee80211_free_ack_frame run #13: crashed: WARNING in ieee80211_free_ack_frame run #14: crashed: WARNING in ieee80211_free_ack_frame run #15: crashed: WARNING in ieee80211_free_ack_frame run #16: crashed: WARNING in ieee80211_free_ack_frame run #17: crashed: WARNING in ieee80211_free_ack_frame run #18: crashed: WARNING in ieee80211_free_ack_frame run #19: crashed: WARNING in ieee80211_free_ack_frame testing current HEAD 3299fb36854fdc288bddc2c4d265f8a2e5105944 testing commit 3299fb36854fdc288bddc2c4d265f8a2e5105944 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0b771210e063e7891b2c70d90e4dba942f014dfb62e0ae796b54db3a36503c1d run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00a290500] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc005d9a910] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #2: crashed: WARNING in ieee80211_free_ack_frame run #3: crashed: WARNING in ieee80211_free_ack_frame run #4: crashed: WARNING in ieee80211_free_ack_frame run #5: crashed: WARNING in ieee80211_free_ack_frame run #6: crashed: WARNING in ieee80211_free_ack_frame run #7: crashed: WARNING in ieee80211_free_ack_frame run #8: crashed: WARNING in ieee80211_free_ack_frame run #9: crashed: WARNING in ieee80211_free_ack_frame revisions tested: 2, total time: 44m54.412732649s (build: 35m40.19268079s, test: 8m46.318617949s) the crash still happens on HEAD commit msg: Linux 5.15.108 crash: WARNING in ieee80211_free_ack_frame ------------[ cut here ]------------ Have pending ack frames! WARNING: CPU: 0 PID: 9 at net/mac80211/main.c:1418 ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418 Modules linked in: CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 5.15.108-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 Workqueue: netns cleanup_net pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418 lr : ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418 sp : ffff800017427700 x29: ffff800017427700 x28: 0000000000000000 x27: dfff800000000000 x26: 1ffff00002e84eec x25: 0000000000000001 x24: ffff0000c04c1370 x23: ffff0000ca42b280 x22: ffff800017427760 x21: 1ffff00002e84eed x20: ffff8000100f8f44 x19: ffff0000ce7443c0 x18: ffffffffffffffff x17: ffffffffffffffff x16: ffff8000106ce8cc x15: 0000000000000001 x14: 1ffff000026b406a x13: 0000000000000001 x12: 0000000000000001 x11: 0000000000000001 x10: 0000000000000000 x9 : 79ed862d2bce2400 x8 : 79ed862d2bce2400 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800017426e58 x4 : ffff800013677b20 x3 : ffff80000849a6a0 x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000018 Call trace: ieee80211_free_ack_frame+0x54/0x5c net/mac80211/main.c:1418 idr_for_each+0x190/0x254 lib/idr.c:208 ieee80211_free_hw+0xb8/0x30c net/mac80211/main.c:1436 mac80211_hwsim_del_radio+0x228/0x380 drivers/net/wireless/mac80211_hwsim.c:3476 hwsim_exit_net+0x388/0x564 drivers/net/wireless/mac80211_hwsim.c:4242 ops_exit_list net/core/net_namespace.c:169 [inline] cleanup_net+0x4dc/0x838 net/core/net_namespace.c:596 process_one_work+0x698/0xf54 kernel/workqueue.c:2306 worker_thread+0x7f8/0xe68 kernel/workqueue.c:2453 kthread+0x318/0x3ec kernel/kthread.c:319 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 irq event stamp: 2741456 hardirqs last enabled at (2741455): [] __up_console_sem+0x54/0xa4 kernel/printk/printk.c:257 hardirqs last disabled at (2741456): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387 softirqs last enabled at (2738512): [] spin_unlock_bh include/linux/spinlock.h:408 [inline] softirqs last enabled at (2738512): [] netif_addr_unlock_bh include/linux/netdevice.h:4617 [inline] softirqs last enabled at (2738512): [] dev_mc_flush+0x184/0x1c8 net/core/dev_addr_lists.c:1001 softirqs last disabled at (2738510): [] local_bh_disable+0xc/0x2c include/linux/bottom_half.h:18 ---[ end trace dbcc4c319613626f ]--- device hsr_slave_0 left promiscuous mode device hsr_slave_1 left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device hsr_slave_0 left promiscuous mode device hsr_slave_1 left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 device hsr_slave_0 left promiscuous mode device hsr_slave_1 left promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves