bisecting fixing commit since 4143d798313fffa39f05bf24dd560ace42225c26
building syzkaller on c104d4a3bfc1f83e7ed33b4dca70e099402ce39f
testing commit 4143d798313fffa39f05bf24dd560ace42225c26 with gcc (GCC) 8.4.1 20210217
kernel signature: 739360ac830265d7183835b4e3c8538c633e43ae6326f97da2283aa1d3395508
run #0: crashed: WARNING in ieee80211_free_ack_frame
run #1: crashed: WARNING in ieee80211_free_ack_frame
run #2: crashed: WARNING in ieee80211_free_ack_frame
run #3: crashed: WARNING in ieee80211_free_ack_frame
run #4: crashed: WARNING in ieee80211_free_ack_frame
run #5: crashed: WARNING in ieee80211_free_ack_frame
run #6: OK
run #7: crashed: WARNING in ieee80211_free_ack_frame
run #8: crashed: WARNING in ieee80211_free_ack_frame
run #9: crashed: WARNING in ieee80211_free_ack_frame
run #10: crashed: WARNING in ieee80211_free_ack_frame
run #11: crashed: WARNING in ieee80211_free_ack_frame
run #12: crashed: WARNING in ieee80211_free_ack_frame
run #13: crashed: WARNING in ieee80211_free_ack_frame
run #14: crashed: WARNING in ieee80211_free_ack_frame
run #15: crashed: WARNING in ieee80211_free_ack_frame
run #16: crashed: WARNING in ieee80211_free_ack_frame
run #17: crashed: WARNING in ieee80211_free_ack_frame
run #18: crashed: WARNING in ieee80211_free_ack_frame
run #19: crashed: WARNING in ieee80211_free_ack_frame
testing current HEAD 2d19be4653f5e74ed95560b69f94eb6791d49af3
testing commit 2d19be4653f5e74ed95560b69f94eb6791d49af3 with gcc (GCC) 8.4.1 20210217
kernel signature: 78dfe650081819f97a346aa5166e384a79b1525d4e55b4295fafb93bd3b9d3ab
all runs: crashed: WARNING in ieee80211_free_ack_frame
revisions tested: 2, total time: 27m33.059380205s (build: 14m59.38654675s, test: 11m39.344123447s)
the crash still happens on HEAD
commit msg: Linux 4.19.177
crash: WARNING in ieee80211_free_ack_frame
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
------------[ cut here ]------------
Have pending ack frames!
WARNING: CPU: 1 PID: 9111 at net/mac80211/main.c:1265 ieee80211_free_ack_frame+0x34/0x40 net/mac80211/main.c:1265
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 9111 Comm: kworker/u4:6 Not tainted 4.19.177-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x17c/0x226 lib/dump_stack.c:118
 panic+0x1cd/0x375 kernel/panic.c:186
 __warn.cold.7+0x1b/0x36 kernel/panic.c:541
 report_bug+0x1a1/0x200 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:ieee80211_free_ack_frame+0x34/0x40 net/mac80211/main.c:1265
Code: ec 07 7a 03 00 74 0c 48 89 f7 e8 47 29 ea fe 31 c0 c9 c3 48 c7 c7 e0 07 f6 88 48 89 75 f8 c6 05 cc 07 7a 03 01 e8 5d e3 57 00 <0f> 0b 48 8b 75 f8 eb d5 0f 1f 40 00 55 be 04 00 00 00 48 89 e5 41
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
RSP: 0018:ffff888091aaf970 EFLAGS: 00010286
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
RDX: 0000000000000004 RSI: 0000000000000008 RDI: ffffffff8bad7720
RBP: ffff888091aaf978 R08: ffffed1017463d03 R09: ffffed1017463d02
R10: ffffed1017463d02 R11: ffff8880ba31e817 R12: 0000000000000000
R13: ffff888081646330 R14: ffffffff87273ef0 R15: ffff888091aafa38
 idr_for_each+0x114/0x250 lib/idr.c:211
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
 ieee80211_free_hw+0x77/0x130 net/mac80211/main.c:1280
 mac80211_hwsim_del_radio+0x2a7/0x360 drivers/net/wireless/mac80211_hwsim.c:2998
 hwsim_exit_net+0x869/0x1200 drivers/net/wireless/mac80211_hwsim.c:3666
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
 ops_exit_list.isra.0+0x8b/0x120 net/core/net_namespace.c:153
 cleanup_net+0x368/0x850 net/core/net_namespace.c:553
 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
 worker_thread+0x85/0xb60 kernel/workqueue.c:2295
 kthread+0x347/0x410 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Kernel Offset: disabled
Rebooting in 86400 seconds..