wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 ------------[ cut here ]------------ no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 WARNING: CPU: 0 PID: 298622 at net/mac80211/rate.c:375 __rate_control_send_low+0x4be/0x680 net/mac80211/rate.c:375 Modules linked in: CPU: 0 PID: 298622 Comm: syz-executor.0 Not tainted 5.10.78 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__rate_control_send_low+0x4be/0x680 net/mac80211/rate.c:375 Code: 14 48 89 44 24 18 e8 f1 61 90 fd 44 8b 44 24 2c 45 89 e9 44 89 e1 48 8b 74 24 18 44 89 f2 48 c7 c7 00 1b 75 84 e8 eb d5 1c 00 <0f> 0b e9 29 fe ff ff e8 c6 61 90 fd 48 8b 44 24 10 48 8d 78 7f 48 RSP: 0018:ffff88806ce08db8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88800dded7a8 RCX: 0000000000000000 RDX: ffff888030bb9940 RSI: ffffffff81290d43 RDI: ffffed100d9c11a9 RBP: ffff888031bdb1e8 R08: 0000000000000001 R09: ffff88806ce2fb4f R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000 FS: 00007fe19b695700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe19e22f000 CR3: 000000003bdfe000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: rate_control_send_low+0x1f5/0x600 net/mac80211/rate.c:400 rate_control_get_rate+0x18b/0x510 net/mac80211/rate.c:913 ieee80211_tx_h_rate_ctrl+0x956/0x1650 net/mac80211/tx.c:753 invoke_tx_handlers_early+0xb23/0x2520 net/mac80211/tx.c:1788 ieee80211_tx+0x244/0x410 net/mac80211/tx.c:1930 ieee80211_xmit+0x222/0x2b0 net/mac80211/tx.c:2030 __ieee80211_subif_start_xmit+0x748/0xc30 net/mac80211/tx.c:4060 ieee80211_subif_start_xmit+0x126/0xf40 net/mac80211/tx.c:4196 __netdev_start_xmit include/linux/netdevice.h:4776 [inline] netdev_start_xmit include/linux/netdevice.h:4790 [inline] xmit_one net/core/dev.c:3582 [inline] dev_hard_start_xmit+0x1ba/0x800 net/core/dev.c:3598 sch_direct_xmit+0x262/0x780 net/sched/sch_generic.c:336 qdisc_restart net/sched/sch_generic.c:401 [inline] __qdisc_run+0x4b3/0x1640 net/sched/sch_generic.c:409 qdisc_run include/net/pkt_sched.h:127 [inline] qdisc_run include/net/pkt_sched.h:124 [inline] __dev_xmit_skb net/core/dev.c:3774 [inline] __dev_queue_xmit+0xd9a/0x27f0 net/core/dev.c:4128 neigh_resolve_output net/core/neighbour.c:1497 [inline] neigh_resolve_output+0x511/0x820 net/core/neighbour.c:1477 neigh_output include/net/neighbour.h:510 [inline] ip6_finish_output2+0xc3f/0x22c0 net/ipv6/ip6_output.c:145 __ip6_finish_output.part.0+0x4fc/0xb60 net/ipv6/ip6_output.c:210 __ip6_finish_output include/linux/skbuff.h:964 [inline] ip6_finish_output net/ipv6/ip6_output.c:220 [inline] NF_HOOK_COND include/linux/netfilter.h:290 [inline] ip6_output+0x47b/0xb80 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK.constprop.0+0x10a/0x4e0 include/linux/netfilter.h:295 mld_sendpack+0x609/0xc20 net/ipv6/mcast.c:1676 mld_send_cr net/ipv6/mcast.c:1972 [inline] mld_ifc_timer_expire+0x609/0xf10 net/ipv6/mcast.c:2471 call_timer_fn+0x182/0x580 kernel/time/timer.c:1414 expire_timers kernel/time/timer.c:1459 [inline] __run_timers.part.0+0x666/0x9d0 kernel/time/timer.c:1750 __run_timers kernel/time/timer.c:1731 [inline] run_timer_softirq+0x80/0x120 kernel/time/timer.c:1763 __do_softirq+0x1b6/0x86a kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 RIP: 0010:get_current arch/x86/include/asm/current.h:15 [inline] RIP: 0010:debug_check_no_locks_freed+0x2e/0x190 kernel/locking/lockdep.c:6326 Code: c0 bc 42 47 85 48 ba 00 00 00 00 00 fc ff df 41 56 48 89 c1 83 e0 07 49 89 f6 41 55 48 c1 e9 03 83 c0 03 41 54 49 89 fc 55 53 <65> 4c 8b 2c 25 80 ef 01 00 48 83 ec 08 0f b6 14 11 38 d0 7c 08 84 RSP: 0018:ffff888043f0fcd8 EFLAGS: 00000202 RAX: 0000000000000007 RBX: ffff888035080168 RCX: 1ffffffff0a8e857 RDX: dffffc0000000000 RSI: 0000000000000040 RDI: ffff888035080168 RBP: ffffffff84695e00 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff888035080168 R13: 0000000000000002 R14: 0000000000000040 R15: 0000000000000000 __raw_spin_lock_init+0x1c/0x110 kernel/locking/spinlock_debug.c:23 skb_queue_head_init include/linux/skbuff.h:1883 [inline] sk_init_common+0x17c/0x620 net/core/sock.c:1859 sock_init_data+0x1b/0xcd0 net/core/sock.c:2974 __netlink_create+0x7f/0x2c0 net/netlink/af_netlink.c:639 netlink_create+0x3ac/0x5e0 net/netlink/af_netlink.c:698 __sock_create+0x355/0x760 net/socket.c:1416 sock_create net/socket.c:1467 [inline] __sys_socket+0xef/0x200 net/socket.c:1509 __do_sys_socket net/socket.c:1518 [inline] __se_sys_socket net/socket.c:1516 [inline] __x64_sys_socket+0x6e/0xb0 net/socket.c:1516 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fe19e121197 Code: f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fe19b6940c8 EFLAGS: 00000287 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007fe19e232f60 RCX: 00007fe19e121197 RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 RBP: 00007fe19e179f6d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000287 R12: 0000000000000000 R13: 0000000000000036 R14: 00000000200000c0 R15: 0000000000022000 irq event stamp: 5296 hardirqs last enabled at (5306): [] console_unlock+0x926/0xb30 kernel/printk/printk.c:2552 hardirqs last disabled at (5315): [] console_unlock+0x832/0xb30 kernel/printk/printk.c:2467 softirqs last enabled at (3808): [] read_pnet include/net/net_namespace.h:337 [inline] softirqs last enabled at (3808): [] sock_net include/net/sock.h:2552 [inline] softirqs last enabled at (3808): [] netlink_release+0xd2e/0x1c70 net/netlink/af_netlink.c:805 softirqs last disabled at (3973): [] asm_call_irq_on_stack+0x12/0x20 ---[ end trace 4a46a5c6056d3902 ]--- mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=299048 comm=syz-executor.0 Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed ---------------- Code disassembly (best guess), 5 bytes skipped: 0: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 7: fc ff df a: 41 56 push %r14 c: 48 89 c1 mov %rax,%rcx f: 83 e0 07 and $0x7,%eax 12: 49 89 f6 mov %rsi,%r14 15: 41 55 push %r13 17: 48 c1 e9 03 shr $0x3,%rcx 1b: 83 c0 03 add $0x3,%eax 1e: 41 54 push %r12 20: 49 89 fc mov %rdi,%r12 23: 55 push %rbp 24: 53 push %rbx * 25: 65 4c 8b 2c 25 80 ef mov %gs:0x1ef80,%r13 <-- trapping instruction 2c: 01 00 2e: 48 83 ec 08 sub $0x8,%rsp 32: 0f b6 14 11 movzbl (%rcx,%rdx,1),%edx 36: 38 d0 cmp %dl,%al 38: 7c 08 jl 0x42 3a: 84 .byte 0x84