------------[ cut here ]------------
Have pending ack frames!
WARNING: net/mac80211/main.c:1722 at ieee80211_free_ack_frame+0x14/0x30 net/mac80211/main.c:1722, CPU#0: kworker/u32:4/79
Modules linked in:
CPU: 0 UID: 0 PID: 79 Comm: kworker/u32:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: netns cleanup_net
RIP: 0010:ieee80211_free_ack_frame+0x14/0x30 net/mac80211/main.c:1722
Code: ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 48 89 f3 e8 03 22 0d f7 48 8d 3d 2c 74 ee 05 <67> 48 0f b9 3a ba 02 00 00 00 48 89 de 31 ff e8 58 a3 5e fe 31 c0
RSP: 0018:ffffc9000162f860 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880400d8dc0 RCX: ffffffff8b858833
RDX: ffff8880235624c0 RSI: ffffffff8afb935d RDI: ffffffff90ea0790
RBP: ffff88803bb43cb0 R08: 0000000000000007 R09: 000000007fffffff
R10: 0000000000000001 R11: 000000000000760b R12: dffffc0000000000
R13: ffffffff8afb9350 R14: 0000000080000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880d6345000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c2a51ac CR3: 0000000033ef9000 CR4: 0000000000352ef0
DR0: 0000000040000005 DR1: 0000000100000000 DR2: 0000000000000898
DR3: 0000000000000006 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 idr_for_each+0x143/0x270 lib/idr.c:210
 ieee80211_free_hw+0x59/0x1d0 net/mac80211/main.c:1734
 mac80211_hwsim_del_radio drivers/net/wireless/virtual/mac80211_hwsim.c:5919 [inline]
 hwsim_exit_net+0x8df/0x1530 drivers/net/wireless/virtual/mac80211_hwsim.c:6807
 ops_exit_list net/core/net_namespace.c:199 [inline]
 ops_undo_list+0x2ee/0xab0 net/core/net_namespace.c:252
 cleanup_net+0x499/0x920 net/core/net_namespace.c:704
 process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
 process_scheduled_works kernel/workqueue.c:3358 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	0f 1f 40 00          	nopl   0x0(%rax)
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	f3 0f 1e fa          	endbr64
  18:	53                   	push   %rbx
  19:	48 89 f3             	mov    %rsi,%rbx
  1c:	e8 03 22 0d f7       	call   0xf70d2224
  21:	48 8d 3d 2c 74 ee 05 	lea    0x5ee742c(%rip),%rdi        # 0x5ee7454
* 28:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2d:	ba 02 00 00 00       	mov    $0x2,%edx
  32:	48 89 de             	mov    %rbx,%rsi
  35:	31 ff                	xor    %edi,%edi
  37:	e8 58 a3 5e fe       	call   0xfe5ea394
  3c:	31 c0                	xor    %eax,%eax