./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1077869616
<...>
Warning: Permanently added '10.128.1.66' (ED25519) to the list of known hosts.
execve("./syz-executor1077869616", ["./syz-executor1077869616"], 0x7fff79acca40 /* 10 vars */) = 0
brk(NULL) = 0x55555667f000
brk(0x55555667fd00) = 0x55555667fd00
arch_prctl(ARCH_SET_FS, 0x55555667f380) = 0
set_tid_address(0x55555667f650) = 5036
set_robust_list(0x55555667f660, 24) = 0
rseq(0x55555667fca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1077869616", 4096) = 28
getrandom("\xc2\x27\x54\x6d\xfb\x04\xd6\x7b", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555667fd00
brk(0x5555566a0d00) = 0x5555566a0d00
brk(0x5555566a1000) = 0x5555566a1000
mprotect(0x7f4288940000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555667f650) = 5037
./strace-static-x86_64: Process 5037 attached
[pid 5037] set_robust_list(0x55555667f660, 24) = 0
[pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5037] setpgid(0, 0) = 0
[pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5037] write(3, "1000", 4) = 4
[pid 5037] close(3) = 0
[pid 5037] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5037] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5037] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5037] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5037] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5037}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5037] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5037}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5037] close(4) = 0
[pid 5037] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x14\x00\x5a\x80\x10\x00\x00\x80\x06\x00\x02\x00\x00\x00\x00\x00\x04\x00\x01\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5037] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5037] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid 5037] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5037] recvfrom(5, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-2121745819}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5037] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-2121745819}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5037] close(5) = 0
[pid 5037] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5
[pid 5037] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5037] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE}, 0) = 36
[pid 5037] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid 5037] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7
[pid 5037] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5037] recvfrom(7, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1182448486}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5037] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1182448486}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5037] close(7) = 0
[pid 5037] ioctl(6, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5037] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x2c\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x05\x00\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=44}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 44
[pid 5037] exit_group(0) = ?
[pid 5037] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5038 attached
, child_tidptr=0x55555667f650) = 5038
[pid 5038] set_robust_list(0x55555667f660, 24) = 0
[pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5038] setpgid(0, 0) = 0
[pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1000", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5038] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5038] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5038] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5038] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5038}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5038] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5038}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5038] close(4) = 0
[pid 5038] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x14\x00\x5a\x80\x10\x00\x00\x80\x06\x00\x02\x00\x00\x00\x00\x00\x04\x00\x01\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5038] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5038] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid 5038] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5038] recvfrom(5, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1474375136}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5038] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1474375136}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5038] close(5) = 0
[pid 5038] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5
[pid 5038] ioctl(5, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5038] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x08\x00\x05\x00\x02\x00\x00\x00", iov_len=36}], msg_iovlen=1, msg_controllen=0, msg_flags=MSG_DONTROUTE}, 0) = 36
[pid 5038] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6
[pid 5038] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7
[ 63.047432][ T5037] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[pid 5038] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5038] recvfrom(7, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-1715739088}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5038] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=-1715739088}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5038] close(7) = 0
[pid 5038] ioctl(6, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5038] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x2c\x00\x00\x00\x23\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x05\x00\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=44}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 44
[pid 5038] exit_group(0) = ?
[pid 5038] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555667f650) = 5039
[ 63.089792][ T59] ------------[ cut here ]------------
[ 63.095438][ T59] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0
[ 63.105336][ T5038] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.105858][ T59] WARNING: CPU: 0 PID: 59 at net/mac80211/rate.c:379 __rate_control_send_low+0x6d7/0x800
[ 63.124560][ T59] Modules linked in:
[ 63.128494][ T59] CPU: 0 PID: 59 Comm: kworker/u4:4 Not tainted 6.6.0-rc3-syzkaller #0
[ 63.136779][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 63.146912][ T59] Workqueue: phy1 ieee80211_scan_work
[ 63.152423][ T59] RIP: 0010:__rate_control_send_low+0x6d7/0x800
[ 63.158760][ T59] Code: 8b a4 a0 d4 00 00 00 e8 67 1d d0 f7 44 8b 44 24 3c 45 89 e9 89 d9 48 8b 74 24 18 44 89 e2 48 c7 c7 a0 08 c5 8b e8 a9 45 96 f7 <0f> 0b e9 03 fd ff ff 48 8b 7c 24 30 e8 a8 d2 25 f8 e9 e5 fb ff ff
[ 63.178460][ T59] RSP: 0018:ffffc900015a7578 EFLAGS: 00010282
./strace-static-x86_64: Process 5039 attached
[pid 5039] set_robust_list(0x55555667f660, 24) = 0
[pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5039] setpgid(0, 0) = 0
[pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5039] write(3, "1000", 4) = 4
[pid 5039] close(3) = 0
[pid 5039] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid 5039] ioctl(3, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=9}) = 0
[pid 5039] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5039] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5039] recvfrom(4, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5039}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid 5039] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5039}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 5039] close(4) = 0
[pid 5039] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x30\x00\x00\x00\x23\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x08\x00\x03\x00\x09\x00\x00\x00\x14\x00\x5a\x80\x10\x00\x00\x80\x06\x00\x02\x00\x00\x00\x00\x00\x04\x00\x01\x00", iov_len=48}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 48
[pid 5039] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 5039] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid 5039] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 5039] recvfrom(5, [{nlmsg_len=2496, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=-2082749267}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x46\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[ 63.184588][ T59] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 63.192659][ T59] RDX: ffff888014ae3b80 RSI: ffffffff814df0c6 RDI: 0000000000000001
[ 63.200714][ T59] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 63.208755][ T59] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000ffffffff
[ 63.216846][ T59] R13: 0000000000000000 R14: 000000000000000c R15: dffffc0000000000
[ 63.223311][ T5039] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.224887][ T59] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 63.243188][ T59] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 63.249843][ T59] CR2: 0000000020000040 CR3: 000000000c976000 CR4: 0000000000350ef0
[ 63.257854][ T59] Call Trace:
[ 63.261193][ T59]
[ 63.264135][ T59] ? show_regs+0x8f/0xa0
[ 63.268417][ T59] ? __warn+0xe6/0x380
[ 63.272571][ T59] ? __rate_control_send_low+0x6d7/0x800
[ 63.273232][ T5040] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.278229][ T59] ? report_bug+0x3bc/0x580
[ 63.278258][ T59] ? handle_bug+0x3c/0x70
[ 63.296456][ T59] ? exc_invalid_op+0x17/0x40
[ 63.301235][ T59] ? asm_exc_invalid_op+0x1a/0x20
[ 63.306325][ T59] ? __warn_printk+0x1a6/0x350
[ 63.311207][ T59] ? __rate_control_send_low+0x6d7/0x800
[ 63.316883][ T59] ? __rate_control_send_low+0x6d7/0x800
[ 63.322599][ T59] rate_control_send_low+0x296/0x820
[ 63.327970][ T59] rate_control_get_rate+0x1be/0x590
[ 63.330631][ T5041] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.333334][ T59] ieee80211_tx_h_rate_ctrl+0xa70/0x19d0
[ 63.348277][ T59] ? mark_lock+0x105/0x1950
[ 63.352875][ T59] ? ieee80211_probereq_get+0x290/0x290
[ 63.358511][ T59] invoke_tx_handlers_late+0xd15/0x2c90
[ 63.364141][ T59] ? ieee80211_queue_skb+0x472/0x1fb0
[ 63.369593][ T59] ? ieee80211_ie_build_eht_cap+0x3e0/0x3e0
[ 63.375565][ T59] ? invoke_tx_handlers_early+0x663/0x26c0
[ 63.379465][ T5042] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.381413][ T59] ieee80211_tx+0x2ff/0x420
[ 63.395326][ T59] ? ieee80211_tx_prepare_skb+0x470/0x470
[ 63.401141][ T59] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 63.407177][ T59] ? ieee80211_skb_resize+0x22a/0x620
[ 63.412616][ T59] ? ieee80211_set_qos_hdr+0xba/0x3e0
[ 63.418027][ T59] ieee80211_xmit+0x30e/0x3e0
[ 63.422766][ T59] __ieee80211_tx_skb_tid_band+0x29b/0x6f0
[ 63.428632][ T59] ieee80211_scan_state_send_probe+0x33a/0x970
[ 63.434875][ T59] ieee80211_scan_work+0x6f8/0x1fb0
[ 63.440142][ T59] ? lock_sync+0x190/0x190
[ 63.440404][ T5043] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.444575][ T59] ? lock_sync+0x190/0x190
[ 63.458396][ T59] ? reacquire_held_locks+0x4b0/0x4b0
[ 63.463844][ T59] ? ieee80211_run_deferred_scan+0x340/0x340
[ 63.469915][ T59] process_one_work+0x884/0x15c0
[ 63.474919][ T59] ? lock_sync+0x190/0x190
[ 63.479415][ T59] ? init_worker_pool+0x770/0x770
[ 63.484493][ T59] ? assign_work+0x1a0/0x240
[ 63.489112][ T59] worker_thread+0x8b9/0x1290
[ 63.493880][ T59] ? process_one_work+0x15c0/0x15c0
[ 63.494593][ T5044] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.499102][ T59] kthread+0x33c/0x440
[ 63.499129][ T59] ? _raw_spin_unlock_irq+0x23/0x50
[ 63.517748][ T59] ? kthread_complete_and_exit+0x40/0x40
[ 63.523467][ T59] ret_from_fork+0x45/0x80
[ 63.528019][ T59] ? kthread_complete_and_exit+0x40/0x40
[ 63.533736][ T59] ret_from_fork_asm+0x11/0x20
[ 63.538573][ T59]
[ 63.541663][ T59] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 63.543885][ T5045] netlink: 8 bytes leftover after parsing attributes in process `syz-executor107'.
[ 63.558288][ T59] CPU: 0 PID: 59 Comm: kworker/u4:4 Not tainted 6.6.0-rc3-syzkaller #0
[ 63.566553][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 63.576618][ T59] Workqueue: phy1 ieee80211_scan_work
[ 63.582008][ T59] Call Trace:
[ 63.585282][ T59]
[ 63.588200][ T59] dump_stack_lvl+0xd9/0x1b0
[ 63.592793][ T59] panic+0x6a6/0x750
[ 63.596684][ T59] ? panic_smp_self_stop+0xa0/0xa0
[ 63.601799][ T59] ? __rate_control_send_low+0x6d7/0x800
[ 63.607431][ T59] check_panic_on_warn+0xab/0xb0
[ 63.612379][ T59] __warn+0xf2/0x380
[ 63.616279][ T59] ? __rate_control_send_low+0x6d7/0x800
[ 63.621911][ T59] report_bug+0x3bc/0x580
[ 63.626237][ T59] handle_bug+0x3c/0x70
[ 63.630390][ T59] exc_invalid_op+0x17/0x40
[ 63.635178][ T59] asm_exc_invalid_op+0x1a/0x20
[ 63.640027][ T59] RIP: 0010:__rate_control_send_low+0x6d7/0x800
[ 63.646265][ T59] Code: 8b a4 a0 d4 00 00 00 e8 67 1d d0 f7 44 8b 44 24 3c 45 89 e9 89 d9 48 8b 74 24 18 44 89 e2 48 c7 c7 a0 08 c5 8b e8 a9 45 96 f7 <0f> 0b e9 03 fd ff ff 48 8b 7c 24 30 e8 a8 d2 25 f8 e9 e5 fb ff ff
[ 63.665884][ T59] RSP: 0018:ffffc900015a7578 EFLAGS: 00010282
[ 63.671953][ T59] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 63.679920][ T59] RDX: ffff888014ae3b80 RSI: ffffffff814df0c6 RDI: 0000000000000001
[ 63.687893][ T59] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[ 63.695884][ T59] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000ffffffff
[ 63.703941][ T59] R13: 0000000000000000 R14: 000000000000000c R15: dffffc0000000000
[ 63.711924][ T59] ? __warn_printk+0x1a6/0x350
[ 63.716697][ T59] ? __rate_control_send_low+0x6d7/0x800
[ 63.722338][ T59] rate_control_send_low+0x296/0x820
[ 63.727622][ T59] rate_control_get_rate+0x1be/0x590
[ 63.732908][ T59] ieee80211_tx_h_rate_ctrl+0xa70/0x19d0
[ 63.738538][ T59] ? mark_lock+0x105/0x1950
[ 63.743065][ T59] ? ieee80211_probereq_get+0x290/0x290
[ 63.748652][ T59] invoke_tx_handlers_late+0xd15/0x2c90
[ 63.754205][ T59] ? ieee80211_queue_skb+0x472/0x1fb0
[ 63.759577][ T59] ? ieee80211_ie_build_eht_cap+0x3e0/0x3e0
[ 63.765464][ T59] ? invoke_tx_handlers_early+0x663/0x26c0
[ 63.771273][ T59] ieee80211_tx+0x2ff/0x420
[ 63.775811][ T59] ? ieee80211_tx_prepare_skb+0x470/0x470
[ 63.781526][ T59] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 63.787514][ T59] ? ieee80211_skb_resize+0x22a/0x620
[ 63.792971][ T59] ? ieee80211_set_qos_hdr+0xba/0x3e0
[ 63.798424][ T59] ieee80211_xmit+0x30e/0x3e0
[ 63.803103][ T59] __ieee80211_tx_skb_tid_band+0x29b/0x6f0
[ 63.808907][ T59] ieee80211_scan_state_send_probe+0x33a/0x970
[ 63.815116][ T59] ieee80211_scan_work+0x6f8/0x1fb0
[ 63.820326][ T59] ? lock_sync+0x190/0x190
[ 63.824740][ T59] ? lock_sync+0x190/0x190
[ 63.829148][ T59] ? reacquire_held_locks+0x4b0/0x4b0
[ 63.834526][ T59] ? ieee80211_run_deferred_scan+0x340/0x340
[ 63.840538][ T59] process_one_work+0x884/0x15c0
[ 63.845482][ T59] ? lock_sync+0x190/0x190
[ 63.849902][ T59] ? init_worker_pool+0x770/0x770
[ 63.854931][ T59] ? assign_work+0x1a0/0x240
[ 63.859523][ T59] worker_thread+0x8b9/0x1290
[ 63.864208][ T59] ? process_one_work+0x15c0/0x15c0
[ 63.869397][ T59] kthread+0x33c/0x440
[ 63.873465][ T59] ? _raw_spin_unlock_irq+0x23/0x50
[ 63.878660][ T59] ? kthread_complete_and_exit+0x40/0x40
[ 63.884300][ T59] ret_from_fork+0x45/0x80
[ 63.888722][ T59] ? kthread_complete_and_exit+0x40/0x40
[ 63.894352][ T59] ret_from_fork_asm+0x11/0x20
[ 63.899126][ T59]
[ 63.902910][ T59] Kernel Offset: disabled
[ 63.907301][ T59] Rebooting in 86400 seconds..