------------[ cut here ]------------
no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0
WARNING: net/mac80211/rate.c:401 at __rate_control_send_low+0x610/0x760 net/mac80211/rate.c:401, CPU#0: cmp/23746
Modules linked in:
CPU: 0 UID: 0 PID: 23746 Comm: cmp Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:__rate_control_send_low+0x621/0x760 net/mac80211/rate.c:401
Code: f7 48 8b 44 24 10 8b ac a8 d4 00 00 00 e8 57 db 18 f7 48 8d 3d 00 8f d9 05 44 8b 44 24 04 48 8b 74 24 10 45 89 f1 89 d9 89 ea <67> 48 0f b9 3a e9 2f fd ff ff 48 8b 7c 24 08 e8 5b 29 83 f7 e9 03
RSP: 0000:ffffc90000007898 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffffffff90c7b3b0
RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000000c R11: 0000000000000000 R12: ffff8880341e3ba8
R13: ffff8880636bb128 R14: 0000000000000000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880d65dc000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2879380263 CR3: 0000000044995000 CR4: 0000000000352ef0
Call Trace:
rate_control_send_low+0x2a8/0x7e0 net/mac80211/rate.c:429
rate_control_get_rate+0x1be/0x5c0 net/mac80211/rate.c:943
ieee80211_beacon_get_finish+0x45a/0x690 net/mac80211/tx.c:5364
__ieee80211_beacon_get_ap+0x76e/0x10d0 net/mac80211/tx.c:5467
ieee80211_beacon_get_ap net/mac80211/tx.c:5529 [inline]
__ieee80211_beacon_get+0x14fa/0x1ee0 net/mac80211/tx.c:5636
ieee80211_beacon_get_tim+0xa6/0x280 net/mac80211/tx.c:5778
ieee80211_beacon_get include/net/mac80211.h:5669 [inline]
mac80211_hwsim_beacon_tx+0x4d6/0xa00 drivers/net/wireless/virtual/mac80211_hwsim.c:2361
__iterate_interfaces+0x2e6/0x650 net/mac80211/util.c:761
ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 net/mac80211/util.c:797
mac80211_hwsim_beacon+0x105/0x1b0 drivers/net/wireless/virtual/mac80211_hwsim.c:2395
__run_hrtimer kernel/time/hrtimer.c:1777 [inline]
__hrtimer_run_queues+0x516/0x990 kernel/time/hrtimer.c:1841
hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1858
handle_softirqs+0x1ea/0x910 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:debug_lockdep_rcu_enabled+0x28/0x40 kernel/rcu/update.c:320
Code: 90 90 f3 0f 1e fa 8b 05 06 91 40 05 85 c0 74 20 8b 05 b0 c0 40 05 85 c0 74 16 65 48 8b 05 48 98 6d 08 8b 80 2c 0b 00 00 85 c0 <0f> 94 c0 0f b6 c0 e9 3d 28 03 00 66 2e 0f 1f 84 00 00 00 00 00 0f
RSP: 0000:ffffc900043f7730 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffc900043f78d8 RCX: ffffffff9159b701
RDX: ffffc900043f78e0 RSI: 0000000000000001 RDI: ffffc900043f77b8
RBP: 0000000000000001 R08: ffffffff9159b7a4 R09: 0000000000000007
R10: 0000000000000200 R11: 000000000000f1ac R12: ffffc900043f77f8
R13: ffffc900043f77a8 R14: ffffc900043f78d8 R15: ffffc900043f77dc
rcu_read_unlock include/linux/rcupdate.h:895 [inline]
class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
unwind_next_frame+0x3a8/0x1ea0 arch/x86/kernel/unwind_orc.c:495
arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
kasan_save_track+0x14/0x30 mm/kasan/common.c:78
unpoison_slab_object mm/kasan/common.c:340 [inline]
__kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4953 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270
anon_vma_alloc mm/rmap.c:93 [inline]
__anon_vma_prepare+0x344/0x5e0 mm/rmap.c:201
__vmf_anon_prepare+0x11f/0x250 mm/memory.c:3676
vmf_anon_prepare mm/internal.h:432 [inline]
do_cow_fault mm/memory.c:5778 [inline]
do_fault+0x152/0x1990 mm/memory.c:5894
do_pte_missing mm/memory.c:4404 [inline]
handle_pte_fault mm/memory.c:6276 [inline]
__handle_mm_fault+0x1807/0x2b50 mm/memory.c:6414
handle_mm_fault+0x36d/0xa20 mm/memory.c:6583
do_user_addr_fault+0x5a3/0x12f0 arch/x86/mm/fault.c:1334
handle_page_fault arch/x86/mm/fault.c:1474 [inline]
exc_page_fault+0x6f/0xd0 arch/x86/mm/fault.c:1527
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f28793adff2
Code: 0f 60 c0 66 0f 61 c0 66 0f 70 c0 00 48 83 fa 10 72 76 48 83 fa 20 77 12 0f 11 44 17 f0 0f 11 07 c3 0f 11 47 e0 0f 11 47 f0 c3 <0f> 11 07 0f 11 47 10 48 01 d7 48 83 fa 40 76 e7 0f 11 40 20 0f 11
RSP: 002b:00007ffd60c2d2b8 EFLAGS: 00010206
RAX: 00007f2879380263 RBX: 0000000000000004 RCX: 00007f2879380918
RDX: 00000000000006b5 RSI: 0000000000000000 RDI: 00007f2879380263
RBP: 00007ffd60c2d610 R08: 00007f2879380263 R09: 0000000000000003
R10: 0000000000000812 R11: 00007ffd60c2d6f8 R12: 00007ffd60c2d368
R13: 00007f28793810c0 R14: 00007ffd60c2d6b0 R15: 00007f2879380918
----------------
Code disassembly (best guess):
0: f7 48 8b 44 24 10 8b testl $0x8b102444,-0x75(%rax)
7: ac lods %ds:(%rsi),%al
8: a8 d4 test $0xd4,%al
a: 00 00 add %al,(%rax)
c: 00 e8 add %ch,%al
e: 57 push %rdi
f: db 18 fistpl (%rax)
11: f7 48 8d 3d 00 8f d9 testl $0xd98f003d,-0x73(%rax)
18: 05 44 8b 44 24 add $0x24448b44,%eax
1d: 04 48 add $0x48,%al
1f: 8b 74 24 10 mov 0x10(%rsp),%esi
23: 45 89 f1 mov %r14d,%r9d
26: 89 d9 mov %ebx,%ecx
28: 89 ea mov %ebp,%edx
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: e9 2f fd ff ff jmp 0xfffffd63
34: 48 8b 7c 24 08 mov 0x8(%rsp),%rdi
39: e8 5b 29 83 f7 call 0xf7832999
3e: e9 .byte 0xe9
3f: 03 .byte 0x3