------------[ cut here ]------------ no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 WARNING: net/mac80211/rate.c:404 at __rate_control_send_low+0x60c/0x8a0 net/mac80211/rate.c:399, CPU#1: kworker/1:3/5360 Modules linked in: CPU: 1 UID: 0 PID: 5360 Comm: kworker/1:3 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: mld mld_ifc_work RIP: 0010:__rate_control_send_low+0x638/0x8a0 net/mac80211/rate.c:399 Code: 7c 24 10 48 8b 44 24 28 42 0f b6 04 28 84 c0 0f 85 c4 01 00 00 41 8b 0f 4c 89 f7 48 8b 74 24 18 44 8b 44 24 24 44 8b 4c 24 0c <67> 48 0f b9 3a e9 46 fe ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 0f RSP: 0018:ffffc900033ae738 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000000 RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffffffff90696d40 RBP: ffff88804d500f40 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000004 R11: 0000000000000000 R12: ffff888033b2d2a8 R13: dffffc0000000000 R14: ffffffff90696d40 R15: ffff88804d503258 FS: 0000000000000000(0000) GS:ffff888125063000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb818000020 CR3: 0000000084bf0000 CR4: 00000000003526f0 Call Trace: rate_control_send_low+0x1a7/0x7b0 net/mac80211/rate.c:427 rate_control_get_rate+0x20b/0x5d0 net/mac80211/rate.c:935 ieee80211_tx_h_rate_ctrl+0xafa/0x1760 net/mac80211/tx.c:764 invoke_tx_handlers_late+0xb5/0x1830 net/mac80211/tx.c:1859 ieee80211_tx_dequeue+0x3fb6/0x55a0 net/mac80211/tx.c:3988 ieee80211_hwsim_wake_tx_queue+0xbb/0x150 drivers/net/wireless/virtual/mac80211_hwsim_main.c:2290 drv_wake_tx_queue net/mac80211/driver-ops.h:1394 [inline] schedule_and_wake_txq net/mac80211/driver-ops.h:1401 [inline] ieee80211_queue_skb+0x1923/0x22c0 net/mac80211/tx.c:1674 ieee80211_tx+0x2c2/0x4b0 net/mac80211/tx.c:1980 __ieee80211_subif_start_xmit+0xf06/0x1690 net/mac80211/tx.c:4396 ieee80211_subif_start_xmit+0xf1/0x570 net/mac80211/tx.c:4592 __netdev_start_xmit include/linux/netdevice.h:5400 [inline] netdev_start_xmit include/linux/netdevice.h:5409 [inline] xmit_one net/core/dev.c:3889 [inline] dev_hard_start_xmit+0x2cd/0x830 net/core/dev.c:3905 __dev_queue_xmit+0x1435/0x37f0 net/core/dev.c:4872 NF_HOOK_COND include/linux/netfilter.h:307 [inline] ip6_output+0x337/0x540 net/ipv6/ip6_output.c:246 dst_output include/net/dst.h:471 [inline] NF_HOOK+0x177/0x4f0 include/linux/netfilter.h:318 mld_sendpack+0x890/0xe10 net/ipv6/mcast.c:1853 mld_send_cr net/ipv6/mcast.c:2154 [inline] mld_ifc_work+0x839/0xe70 net/ipv6/mcast.c:2694 process_one_work kernel/workqueue.c:3322 [inline] process_scheduled_works+0xa8e/0x14e0 kernel/workqueue.c:3405 worker_thread+0xa47/0xfb0 kernel/workqueue.c:3486 kthread+0x388/0x470 kernel/kthread.c:436 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 ---------------- Code disassembly (best guess): 0: 7c 24 jl 0x26 2: 10 48 8b adc %cl,-0x75(%rax) 5: 44 24 28 rex.R and $0x28,%al 8: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax d: 84 c0 test %al,%al f: 0f 85 c4 01 00 00 jne 0x1d9 15: 41 8b 0f mov (%r15),%ecx 18: 4c 89 f7 mov %r14,%rdi 1b: 48 8b 74 24 18 mov 0x18(%rsp),%rsi 20: 44 8b 44 24 24 mov 0x24(%rsp),%r8d 25: 44 8b 4c 24 0c mov 0xc(%rsp),%r9d * 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: e9 46 fe ff ff jmp 0xfffffe7a 34: 44 89 f1 mov %r14d,%ecx 37: 80 e1 07 and $0x7,%cl 3a: 80 c1 03 add $0x3,%cl 3d: 38 c1 cmp %al,%cl 3f: 0f .byte 0xf