./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3394776324 <...> Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. execve("./syz-executor3394776324", ["./syz-executor3394776324"], 0x7fff95c866a0 /* 10 vars */) = 0 brk(NULL) = 0x5555571da000 brk(0x5555571dac40) = 0x5555571dac40 arch_prctl(ARCH_SET_FS, 0x5555571da300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3394776324", 4096) = 28 brk(0x5555571fbc40) = 0x5555571fbc40 brk(0x5555571fc000) = 0x5555571fc000 mprotect(0x7f137c71d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5004 attached , child_tidptr=0x5555571da5d0) = 5004 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5004] setpgid(0, 0) = 0 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5004] write(3, "1000", 4) = 4 [pid 5004] close(3) = 0 [pid 5004] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 5004] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 5004] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 5004] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5004}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496 [pid 5004] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5004}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5004] close(4) = 0 [pid 5004] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 5004] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0 [pid 5004] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x28\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x0c\x00\x5a\x80\x08\x00\x00\x80\x04\x00\x01\x00", iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 40 [pid 5004] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5 [pid 5004] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6 [pid 5004] sendto(6, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 5004] recvfrom(6, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1039622081}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496 [pid 5004] recvfrom(6, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1039622081}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5004] close(6) = 0 [pid 5004] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0 [pid 5004] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36 [pid 5004] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6 [pid 5004] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7 [pid 5004] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 5004] recvfrom(7, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1197149083}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496 [pid 5004] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1197149083}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5004] close(7) = 0 [pid 5004] socket(AF_UNIX, SOCK_STREAM, 0) = 7 [pid 5004] ioctl(7, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0 [pid 5004] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x28\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x0a\x00\x34\x00\x02\x02\x02\x02\x02\x02\x00\x00", iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 40 [pid 5004] exit_group(0) = ? [pid 5004] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5004, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571da5d0) = 5005 ./strace-static-x86_64: Process 5005 attached [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5005] setpgid(0, 0) = 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5005] write(3, "1000", 4) = 4 [pid 5005] close(3) = 0 [pid 5005] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 5005] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 5005] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 5005] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5005}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496 [pid 5005] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5005}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5005] close(4) = 0 [pid 5005] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 5005] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0 [pid 5005] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x28\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x0c\x00\x5a\x80\x08\x00\x00\x80\x04\x00\x01\x00", iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 40 [pid 5005] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5 [pid 5005] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6 [pid 5005] sendto(6, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 5005] recvfrom(6, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1611488202}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496 [pid 5005] recvfrom(6, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1611488202}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5005] close(6) = 0 [pid 5005] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0 [pid 5005] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 36 [pid 5005] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6 [pid 5005] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7 [pid 5005] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 5005] recvfrom(7, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-292527998}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496 [pid 5005] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-292527998}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5005] close(7) = 0 [pid 5005] socket(AF_UNIX, SOCK_STREAM, 0) = 7 [pid 5005] ioctl(7, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0 [pid 5005] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x28\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x0a\x00\x34\x00\x02\x02\x02\x02\x02\x02\x00\x00", iov_len=40}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 40 [pid 5005] exit_group(0) = ? [pid 5005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- syzkaller login: [ 56.652203][ T10] ------------[ cut here ]------------ [ 56.657775][ T10] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 56.668471][ T10] WARNING: CPU: 0 PID: 10 at net/mac80211/rate.c:379 __rate_control_send_low+0x6b5/0x7e0 [ 56.678393][ T10] Modules linked in: [ 56.682347][ T10] CPU: 0 PID: 10 Comm: kworker/u4:0 Not tainted 6.4.0-rc4-syzkaller-00014-gac2263b588df #0 [ 56.692379][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571da5d0) = 5006 ./strace-static-x86_64: Process 5006 attached [pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5006] setpgid(0, 0) = 0 [pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5006] write(3, "1000", 4) = 4 [pid 5006] close(3) = 0 [pid 5006] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 5006] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [ 56.702514][ T10] Workqueue: phy1 ieee80211_scan_work [ 56.707947][ T10] RIP: 0010:__rate_control_send_low+0x6b5/0x7e0 [ 56.714284][ T10] Code: b4 a8 d4 00 00 00 e8 fa 08 f8 f7 44 8b 44 24 2c 45 89 e9 44 89 e1 48 8b 74 24 10 44 89 f2 48 c7 c7 80 57 7f 8b e8 1b c7 bf f7 <0f> 0b e9 30 fd ff ff e8 0f d3 4a f8 e9 fd fd ff ff 48 89 df e8 a2 [ 56.733959][ T10] RSP: 0018:ffffc900000f75a8 EFLAGS: 00010282 [ 56.740067][ T10] RAX: 0000000000000000 RBX: ffff8880721c7168 RCX: 0000000000000000 [ 56.748123][ T10] RDX: ffff888016641dc0 RSI: ffffffff814c03e7 RDI: 0000000000000001 [ 56.756179][ T10] RBP: ffff8880214c3408 R08: 0000000000000001 R09: 0000000000000000 [ 56.764236][ T10] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 56.772269][ T10] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff8880214c0de0 [ 56.780277][ T10] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 56.789296][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.795955][ T10] CR2: 00007ffedcfb1238 CR3: 000000001670a000 CR4: 00000000003506f0 [ 56.804015][ T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.812080][ T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.820093][ T10] Call Trace: [ 56.823450][ T10] [ 56.826412][ T10] ? __warn+0xe6/0x390 [ 56.830526][ T10] ? __wake_up_klogd.part.0+0x99/0xf0 [ 56.836004][ T10] ? __rate_control_send_low+0x6b5/0x7e0 [ 56.841711][ T10] ? report_bug+0x2da/0x500 [ 56.846281][ T10] ? handle_bug+0x3c/0x70 [ 56.850646][ T10] ? exc_invalid_op+0x18/0x50 [ 56.855409][ T10] ? asm_exc_invalid_op+0x1a/0x20 [ 56.860491][ T10] ? __warn_printk+0x187/0x310 [ 56.865355][ T10] ? __rate_control_send_low+0x6b5/0x7e0 [ 56.871031][ T10] ? __rate_control_send_low+0x6b5/0x7e0 [ 56.876777][ T10] rate_control_send_low+0x29e/0x830 [ 56.882143][ T10] rate_control_get_rate+0x1bd/0x5a0 [ 56.887477][ T10] ? mark_lock.part.0+0xee/0x1970 [ 56.892601][ T10] ieee80211_tx_h_rate_ctrl+0xb3d/0x18e0 [ 56.898291][ T10] ? mark_lock.part.0+0xee/0x1970 [ 56.903419][ T10] ? ieee80211_beacon_cntdwn_is_complete+0x750/0x750 [ 56.910154][ T10] invoke_tx_handlers_late+0x11b5/0x2c80 [ 56.915884][ T10] ? ieee80211_queue_skb+0x917/0x2040 [ 56.921295][ T10] ? ieee80211_tx_h_select_key+0x281/0x1660 [ 56.927285][ T10] ? invoke_tx_handlers_early+0xf18/0x26a0 [ 56.933197][ T10] ieee80211_tx+0x2f3/0x420 [ 56.937752][ T10] ? ieee80211_tx_prepare_skb+0x460/0x460 [ 56.943604][ T10] ? ieee80211_skb_resize+0x116/0x680 [ 56.949021][ T10] ? ieee80211_set_qos_hdr+0x8b/0x3e0 [ 56.954498][ T10] ieee80211_xmit+0x30e/0x3e0 [ 56.959228][ T10] __ieee80211_tx_skb_tid_band+0x2b4/0x720 [ 56.965140][ T10] ieee80211_scan_state_send_probe+0x34e/0x9a0 [ 56.971369][ T10] ieee80211_scan_work+0x6b1/0x1d90 [ 56.976684][ T10] ? lock_downgrade+0x690/0x690 [ 56.981627][ T10] ? ieee80211_run_deferred_scan+0x340/0x340 [ 56.987665][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 56.992981][ T10] process_one_work+0x99a/0x15e0 [ 56.997982][ T10] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 57.003468][ T10] ? spin_bug+0x1c0/0x1c0 [ 57.007847][ T10] ? _raw_spin_lock_irq+0x45/0x50 [ 57.012979][ T10] worker_thread+0x67d/0x10c0 [ 57.017720][ T10] ? process_one_work+0x15e0/0x15e0 [ 57.023032][ T10] kthread+0x344/0x440 [ 57.027149][ T10] ? kthread_complete_and_exit+0x40/0x40 [ 57.032878][ T10] ret_from_fork+0x1f/0x30 [ 57.037389][ T10] [ 57.040443][ T10] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 57.047756][ T10] CPU: 0 PID: 10 Comm: kworker/u4:0 Not tainted 6.4.0-rc4-syzkaller-00014-gac2263b588df #0 [ 57.057783][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 57.067874][ T10] Workqueue: phy1 ieee80211_scan_work [ 57.073302][ T10] Call Trace: [ 57.076606][ T10] [ 57.079564][ T10] dump_stack_lvl+0xd9/0x150 [ 57.084207][ T10] panic+0x686/0x730 [ 57.088146][ T10] ? panic_smp_self_stop+0xa0/0xa0 [ 57.093304][ T10] ? show_trace_log_lvl+0x284/0x390 [ 57.098570][ T10] ? __rate_control_send_low+0x6b5/0x7e0 [ 57.104246][ T10] check_panic_on_warn+0xb1/0xc0 [ 57.109233][ T10] __warn+0xf2/0x390 [ 57.113178][ T10] ? __wake_up_klogd.part.0+0x99/0xf0 [ 57.118591][ T10] ? __rate_control_send_low+0x6b5/0x7e0 [ 57.124261][ T10] report_bug+0x2da/0x500 [ 57.128641][ T10] handle_bug+0x3c/0x70 [ 57.132826][ T10] exc_invalid_op+0x18/0x50 [ 57.137363][ T10] asm_exc_invalid_op+0x1a/0x20 [ 57.142262][ T10] RIP: 0010:__rate_control_send_low+0x6b5/0x7e0 [ 57.148536][ T10] Code: b4 a8 d4 00 00 00 e8 fa 08 f8 f7 44 8b 44 24 2c 45 89 e9 44 89 e1 48 8b 74 24 10 44 89 f2 48 c7 c7 80 57 7f 8b e8 1b c7 bf f7 <0f> 0b e9 30 fd ff ff e8 0f d3 4a f8 e9 fd fd ff ff 48 89 df e8 a2 [ 57.168177][ T10] RSP: 0018:ffffc900000f75a8 EFLAGS: 00010282 [ 57.174280][ T10] RAX: 0000000000000000 RBX: ffff8880721c7168 RCX: 0000000000000000 [ 57.182279][ T10] RDX: ffff888016641dc0 RSI: ffffffff814c03e7 RDI: 0000000000000001 [ 57.190282][ T10] RBP: ffff8880214c3408 R08: 0000000000000001 R09: 0000000000000000 [ 57.198289][ T10] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 57.206293][ T10] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff8880214c0de0 [ 57.214306][ T10] ? __warn_printk+0x187/0x310 [ 57.219125][ T10] ? __rate_control_send_low+0x6b5/0x7e0 [ 57.224817][ T10] rate_control_send_low+0x29e/0x830 [ 57.230154][ T10] rate_control_get_rate+0x1bd/0x5a0 [ 57.235485][ T10] ? mark_lock.part.0+0xee/0x1970 [ 57.240561][ T10] ieee80211_tx_h_rate_ctrl+0xb3d/0x18e0 [ 57.246246][ T10] ? mark_lock.part.0+0xee/0x1970 [ 57.251327][ T10] ? ieee80211_beacon_cntdwn_is_complete+0x750/0x750 [ 57.258067][ T10] invoke_tx_handlers_late+0x11b5/0x2c80 [ 57.263752][ T10] ? ieee80211_queue_skb+0x917/0x2040 [ 57.269171][ T10] ? ieee80211_tx_h_select_key+0x281/0x1660 [ 57.275122][ T10] ? invoke_tx_handlers_early+0xf18/0x26a0 [ 57.280986][ T10] ieee80211_tx+0x2f3/0x420 [ 57.285528][ T10] ? ieee80211_tx_prepare_skb+0x460/0x460 [ 57.291314][ T10] ? ieee80211_skb_resize+0x116/0x680 [ 57.296729][ T10] ? ieee80211_set_qos_hdr+0x8b/0x3e0 [ 57.302143][ T10] ieee80211_xmit+0x30e/0x3e0 [ 57.306866][ T10] __ieee80211_tx_skb_tid_band+0x2b4/0x720 [ 57.312743][ T10] ieee80211_scan_state_send_probe+0x34e/0x9a0 [ 57.318974][ T10] ieee80211_scan_work+0x6b1/0x1d90 [ 57.324241][ T10] ? lock_downgrade+0x690/0x690 [ 57.329142][ T10] ? ieee80211_run_deferred_scan+0x340/0x340 [ 57.335172][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 57.340430][ T10] process_one_work+0x99a/0x15e0 [ 57.345428][ T10] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 57.350856][ T10] ? spin_bug+0x1c0/0x1c0 [ 57.355236][ T10] ? _raw_spin_lock_irq+0x45/0x50 [ 57.360321][ T10] worker_thread+0x67d/0x10c0 [ 57.365058][ T10] ? process_one_work+0x15e0/0x15e0 [ 57.370304][ T10] kthread+0x344/0x440 [ 57.374412][ T10] ? kthread_complete_and_exit+0x40/0x40 [ 57.380079][ T10] ret_from_fork+0x1f/0x30 [ 57.384512][ T10] [ 57.387591][ T10] Kernel Offset: disabled [ 57.391991][ T10] Rebooting in 86400 seconds..