syzbot

------------[ cut here ]------------
no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xfff with flags 0x20
WARNING: CPU: 1 PID: 5897 at net/mac80211/rate.c:385 __rate_control_send_low+0x635/0x880 net/mac80211/rate.c:380
Modules linked in:
CPU: 1 PID: 5897 Comm: syz-executor Not tainted 6.6.97-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__rate_control_send_low+0x635/0x880 net/mac80211/rate.c:380
Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 c0 87 be 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 db 6e 69 f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff
RSP: 0018:ffffc900001f0560 EFLAGS: 00010246
RAX: 4e21632c1f85dd00 RBX: 000000000000000c RCX: ffff888023a31e00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 0000000000000084 R08: ffffc900001f0167 R09: 1ffff9200003e02c
R10: dffffc0000000000 R11: fffff5200003e02d R12: 0000000000000020
R13: dffffc0000000000 R14: ffff88802caa3358 R15: ffff888077038de8
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb5a81b6078 CR3: 00000000239d4000 CR4: 00000000003506e0
Call Trace:
 <IRQ>
 rate_control_send_low+0x194/0x790 net/mac80211/rate.c:405
 rate_control_get_rate+0x20b/0x5c0 net/mac80211/rate.c:921
 ieee80211_beacon_get_finish+0x38d/0x6b0 net/mac80211/tx.c:5218
 ieee80211_beacon_get_ap+0x1429/0x1970 net/mac80211/tx.c:5321
 __ieee80211_beacon_get+0x10eb/0x1600 net/mac80211/tx.c:5417
 ieee80211_beacon_get_tim+0xb8/0x560 net/mac80211/tx.c:5559
 ieee80211_beacon_get include/net/mac80211.h:5438 [inline]
 mac80211_hwsim_beacon_tx+0x3c7/0x780 drivers/net/wireless/virtual/mac80211_hwsim.c:2265
 __iterate_interfaces+0x243/0x500 net/mac80211/util.c:766
 ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 net/mac80211/util.c:802
 mac80211_hwsim_beacon+0xbb/0x1b0 drivers/net/wireless/virtual/mac80211_hwsim.c:2295
 __run_hrtimer kernel/time/hrtimer.c:1755 [inline]
 __hrtimer_run_queues+0x51e/0xc40 kernel/time/hrtimer.c:1819
 hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1836
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:page_table_check_clear+0x241/0x6a0 mm/page_table_check.c:89
Code: 04 00 00 00 e8 10 26 f5 ff 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 ff 00 00 00 41 8b 2c 24 <31> ff 89 ee e8 f6 78 9c ff 85 ed 0f 85 8d 01 00 00 49 8d 7c 24 04
RSP: 0018:ffffc900033776e0 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801b4dfb70
RBP: 0000000000000000 R08: ffff88801b4dfb73 R09: 1ffff1100369bf6e
R10: dffffc0000000000 R11: ffffed100369bf6f R12: ffff88801b4dfb70
R13: 0000000000000000 R14: ffff88801b4dfb30 R15: 1ffffffff2de2f9c
 ptep_get_and_clear_full arch/x86/include/asm/jump_label.h:-1 [inline]
 zap_pte_range mm/memory.c:1428 [inline]
 zap_pmd_range mm/memory.c:1570 [inline]
 zap_pud_range mm/memory.c:1599 [inline]
 zap_p4d_range mm/memory.c:1620 [inline]
 unmap_page_range+0x1ad1/0x2fe0 mm/memory.c:1641
 unmap_vmas+0x25e/0x3a0 mm/memory.c:1731
 exit_mmap+0x200/0xb50 mm/mmap.c:3298
 __mmput+0x118/0x3c0 kernel/fork.c:1355
 exit_mm+0x1da/0x2c0 kernel/exit.c:569
 do_exit+0x88e/0x23c0 kernel/exit.c:870
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1024
 __do_sys_exit_group kernel/exit.c:1035 [inline]
 __se_sys_exit_group kernel/exit.c:1033 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fb5a7f8e929
Code: Unable to access opcode bytes at 0x7fb5a7f8e8ff.
RSP: 002b:00007ffe0d182108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fb5a801231f RCX: 00007fb5a7f8e929
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 00007fb5a8012331 R08: 00007ffe0d17fea7 R09: 00000000000927c0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
R13: 00000000000927c0 R14: 000000000001a340 R15: 00007ffe0d1822b0
 </TASK>
----------------
Code disassembly (best guess):
   0:	04 00                	add    $0x0,%al
   2:	00 00                	add    %al,(%rax)
   4:	e8 10 26 f5 ff       	call   0xfff52619
   9:	4c 89 e0             	mov    %r12,%rax
   c:	48 c1 e8 03          	shr    $0x3,%rax
  10:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  17:	fc ff df
  1a:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
  1e:	84 c0                	test   %al,%al
  20:	0f 85 ff 00 00 00    	jne    0x125
  26:	41 8b 2c 24          	mov    (%r12),%ebp
* 2a:	31 ff                	xor    %edi,%edi <-- trapping instruction
  2c:	89 ee                	mov    %ebp,%esi
  2e:	e8 f6 78 9c ff       	call   0xff9c7929
  33:	85 ed                	test   %ebp,%ebp
  35:	0f 85 8d 01 00 00    	jne    0x1c8
  3b:	49 8d 7c 24 04       	lea    0x4(%r12),%rdi