syzbot

------------[ cut here ]------------
wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band
WARNING: net/mac80211/tx.c:758 at ieee80211_tx_h_rate_ctrl+0xbe9/0x1760 net/mac80211/tx.c:751, CPU#0: kworker/u8:2/43
Modules linked in:
CPU: 0 UID: 0 PID: 43 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:ieee80211_tx_h_rate_ctrl+0xc56/0x1760 net/mac80211/tx.c:751
Code: 00 00 48 8b 44 24 50 8b 30 45 31 ff 83 e6 07 41 0f 95 c7 31 ff e8 6a 32 70 f7 43 8d 0c 7f 83 c1 02 48 89 df 4c 89 f6 4c 89 e2 <67> 48 0f b9 3a 41 be 01 00 00 00 49 bf 00 00 00 00 00 fc ff df e9
RSP: 0018:ffffc90000b57380 EFLAGS: 00010206
RAX: ffffffff8a4f7f66 RBX: ffffffff8eeaf580 RCX: 0000000000000005
RDX: ffff88802a7dea84 RSI: ffff88803c63d9c8 RDI: ffffffff8eeaf580
RBP: ffffc90000b574e8 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed101475865f R12: ffff88802a7dea84
R13: 1ffff9200016ae84 R14: ffff88803c63d9c8 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888126cee000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3101dff8 CR3: 0000000083110000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 invoke_tx_handlers_late+0xbd/0x18b0 net/mac80211/tx.c:1849
 ieee80211_tx+0x2ac/0x460 net/mac80211/tx.c:1971
 __ieee80211_tx_skb_tid_band+0x50f/0x680 net/mac80211/tx.c:6288
 ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:2407 [inline]
 ieee80211_send_scan_probe_req net/mac80211/scan.c:680 [inline]
 ieee80211_scan_state_send_probe+0x594/0xa00 net/mac80211/scan.c:708
 ieee80211_scan_work+0x65f/0x1c50 net/mac80211/scan.c:1169
 cfg80211_wiphy_work+0x2ab/0x450 net/wireless/core.c:438
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	48 8b 44 24 50       	mov    0x50(%rsp),%rax
   7:	8b 30                	mov    (%rax),%esi
   9:	45 31 ff             	xor    %r15d,%r15d
   c:	83 e6 07             	and    $0x7,%esi
   f:	41 0f 95 c7          	setne  %r15b
  13:	31 ff                	xor    %edi,%edi
  15:	e8 6a 32 70 f7       	call   0xf7703284
  1a:	43 8d 0c 7f          	lea    (%r15,%r15,2),%ecx
  1e:	83 c1 02             	add    $0x2,%ecx
  21:	48 89 df             	mov    %rbx,%rdi
  24:	4c 89 f6             	mov    %r14,%rsi
  27:	4c 89 e2             	mov    %r12,%rdx
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	41 be 01 00 00 00    	mov    $0x1,%r14d
  35:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
  3c:	fc ff df
  3f:	e9                   	.byte 0xe9