bisecting fixing commit since 4143d798313fffa39f05bf24dd560ace42225c26
building syzkaller on c104d4a3bfc1f83e7ed33b4dca70e099402ce39f
testing commit 4143d798313fffa39f05bf24dd560ace42225c26 with gcc (GCC) 8.4.1 20210217
kernel signature: 9c2adfd7717ca2f7fdd43d3dce5dd0d9fc4d0168ecec382728712af1fb61a991
all runs: crashed: WARNING in ieee80211_free_ack_frame
testing current HEAD 6b7b0056defc6eb5c87bbe4690ccda547b2891aa
testing commit 6b7b0056defc6eb5c87bbe4690ccda547b2891aa with gcc (GCC) 8.4.1 20210217
kernel signature: a5d919e3c7824d5dfb7a5444b1ab1d96eae9b563b801dab7c6e9b6243d0e4afa
all runs: crashed: WARNING in ieee80211_free_ack_frame
revisions tested: 2, total time: 36m54.512707526s (build: 20m52.415465734s, test: 15m35.919734807s)
the crash still happens on HEAD
commit msg: Linux 4.19.192
crash: WARNING in ieee80211_free_ack_frame
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
------------[ cut here ]------------
Have pending ack frames!
WARNING: CPU: 0 PID: 9168 at net/mac80211/main.c:1279 ieee80211_free_ack_frame+0x34/0x40 net/mac80211/main.c:1279
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 9168 Comm: kworker/u4:5 Not tainted 4.19.192-syzkaller #0
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x17c/0x226 lib/dump_stack.c:118
 panic+0x1cd/0x375 kernel/panic.c:186
 __warn.cold.7+0x1b/0x36 kernel/panic.c:541
 report_bug+0x1a1/0x200 lib/bug.c:183
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:ieee80211_free_ack_frame+0x34/0x40 net/mac80211/main.c:1279
Code: 43 6f 78 03 00 74 0c 48 89 f7 e8 97 f3 e9 fe 31 c0 c9 c3 48 c7 c7 e0 5f f6 88 48 89 75 f8 c6 05 23 6f 78 03 01 e8 dd f0 57 00 <0f> 0b 48 8b 75 f8 eb d5 0f 1f 40 00 55 be 04 00 00 00 48 89 e5 41
RSP: 0018:ffff888090c17970 EFLAGS: 00010286
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffffffff88501f40 RDI: ffffffff8bad8720
RBP: ffff888090c17978 R08: ffffed1017444e99 R09: ffffed1017444e98
R10: ffffed1017444e98 R11: ffff8880ba2274c7 R12: 0000000000000000
R13: ffff8880b54afcf0 R14: ffffffff8728d4a0 R15: ffff888090c17a38
 idr_for_each+0x114/0x250 lib/idr.c:211
 ieee80211_free_hw+0x77/0x130 net/mac80211/main.c:1294
 mac80211_hwsim_del_radio+0x2a7/0x360 drivers/net/wireless/mac80211_hwsim.c:2998
 hwsim_exit_net+0x869/0x1200 drivers/net/wireless/mac80211_hwsim.c:3666
 ops_exit_list.isra.0+0x8b/0x120 net/core/net_namespace.c:153
 cleanup_net+0x368/0x850 net/core/net_namespace.c:553
 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2152
 worker_thread+0x85/0xb60 kernel/workqueue.c:2295
 kthread+0x347/0x410 kernel/kthread.c:259
mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Kernel Offset: disabled
Rebooting in 86400 seconds..