WARNING: at rate_control_rate_init, CPU: syz.NUM.NUM/NUM

Linux wireless drivers development
 help / color / mirror / Atom feed

From: sanan.hasanou@gmail.com
To: johannes@sipsolutions.net, linux-wireless@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: syzkaller@googlegroups.com, contact@pgazz.com
Subject: WARNING: at rate_control_rate_init, CPU: syz.NUM.NUM/NUM
Date: Fri, 26 Jun 2026 14:23:55 -0700 (PDT)	[thread overview]
Message-ID: <6a3eedeb.87857ece.10923b.5b31@mx.google.com> (raw)

Good day, dear maintainers,

We found a bug using a modified version of syzkaller.

Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=173DLEAEPKPhhR1TcqofdnkLpdoK7PMFl>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!

Best regards,
Sanan Hasanov

------------[ cut here ]------------
WARNING: at rate_control_rate_init+0x3a4/0x420 net/mac80211/rate.c:53, CPU#0: syz.7.23087/97240
Modules linked in:
CPU: 0 UID: 0 PID: 97240 Comm: syz.7.23087 Tainted: G             L      7.0.0-rc1 #1 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:rate_control_rate_init+0x3a4/0x420 net/mac80211/rate.c:53
Code: 25 f7 f0 80 8b 0a 01 00 00 20 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f8 ad b9 f6 90 0f 0b 90 eb e6 e8 ed ad b9 f6 90 <0f> 0b 90 e9 f3 fe ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c 80 fd ff
RSP: 0018:ffffc9000238efb8 EFLAGS: 00010283
RAX: ffffffff8b08a3e3 RBX: ffff888046d9c050 RCX: 0000000000080000
RDX: ffffc9001071a000 RSI: 00000000000015af RDI: 00000000000015b0
RBP: 0000000000000000 R08: ffff888046d9c10f R09: 1ffff11008db3821
R10: dffffc0000000000 R11: ffffed1008db3822 R12: 0000000000000000
R13: ffff888041e30a00 R14: ffff88804121e660 R15: ffff888037ebe7e0
FS:  00007f10205186c0(0000) GS:ffff8880d98df000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f101f78beb8 CR3: 000000001d065000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 rate_control_rate_init_all_links+0x52/0x380 net/mac80211/rate.c:86
 sta_apply_auth_flags+0x1c7/0x400 net/mac80211/cfg.c:1967
 sta_apply_parameters+0xe9a/0x1600 net/mac80211/cfg.c:2354
 ieee80211_add_station+0x38e/0x5d0 net/mac80211/cfg.c:2420
 rdev_add_station+0xa7/0x170 net/wireless/rdev-ops.h:201
 nl80211_new_station+0x1878/0x1cb0 net/wireless/nl80211.c:8904
 genl_family_rcv_msg_doit+0x20d/0x2f0 net/netlink/genetlink.c:1114
 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline]
 genl_rcv_msg+0x607/0x790 net/netlink/genetlink.c:1209
 netlink_rcv_skb+0x206/0x460 net/netlink/af_netlink.c:2550
 genl_rcv+0x2d/0x40 net/netlink/genetlink.c:1218
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x930/0xae0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x7e0/0xb10 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0x603/0xa20 net/socket.c:2592
 ___sys_sendmsg+0x224/0x2a0 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x1a0/0x260 net/socket.c:2681
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x19a/0x7b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7f101f5a3b6d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1020518018 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f101f815fa0 RCX: 00007f101f5a3b6d
RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005
RBP: 00007f101f647c3e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f101f816038 R14: 00007f101f815fa0 R15: 00007ffcdf1409d0
 </TASK>

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

next             reply	other threads:[~2026-06-26 21:23 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-26 21:23 sanan.hasanou [this message]
2026-06-26 21:35 ` WARNING: at rate_control_rate_init, CPU: syz.NUM.NUM/NUM Johannes Berg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6a3eedeb.87857ece.10923b.5b31@mx.google.com \
    --to=sanan.hasanou@gmail.com \
    --cc=contact@pgazz.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox