------------[ cut here ]------------
wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band
WARNING: net/mac80211/tx.c:751 at ieee80211_tx_h_rate_ctrl+0x139c/0x1ad0 net/mac80211/tx.c:751, CPU#0: kworker/u8:0/12
Modules linked in:
CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:ieee80211_tx_h_rate_ctrl+0x13ac/0x1ad0 net/mac80211/tx.c:751
Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 60 06 00 00 48 8d 3d 44 c0 a3 05 49 8b 77 68 89 d9 48 89 ea 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 94 f8 ff ff e8 c0 2d ca f6 e8 ab
RSP: 0018:ffffc90000117588 EFLAGS: 00010282
RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005
RDX: ffff888057e23784 RSI: ffff88809adb97c8 RDI: ffffffff90988e30
RBP: ffff888057e23784 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88801d6cd4b0 R12: ffff88804e614000
R13: 0000000000000000 R14: ffff888035d1253d R15: ffffc900001177e8
FS:  0000000000000000(0000) GS:ffff8881248f4000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000000b030 CR3: 000000007eb04000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 invoke_tx_handlers_late+0x1172/0x27d0 net/mac80211/tx.c:1849
 ieee80211_tx+0x304/0x460 net/mac80211/tx.c:1971
 ieee80211_xmit+0x30f/0x3e0 net/mac80211/tx.c:2064
 __ieee80211_tx_skb_tid_band+0x2c2/0x720 net/mac80211/tx.c:6288
 ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:2407 [inline]
 ieee80211_send_scan_probe_req net/mac80211/scan.c:680 [inline]
 ieee80211_scan_state_send_probe+0x34c/0xad0 net/mac80211/scan.c:708
 ieee80211_scan_work+0x772/0x2080 net/mac80211/scan.c:1169
 cfg80211_wiphy_work+0x3fb/0x560 net/wireless/core.c:438
 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess), 5 bytes skipped:
   0:	48 c1 ea 03          	shr    $0x3,%rdx
   4:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   8:	0f 85 60 06 00 00    	jne    0x66e
   e:	48 8d 3d 44 c0 a3 05 	lea    0x5a3c044(%rip),%rdi        # 0x5a3c059
  15:	49 8b 77 68          	mov    0x68(%r15),%rsi
  19:	89 d9                	mov    %ebx,%ecx
  1b:	48 89 ea             	mov    %rbp,%rdx
  1e:	48 81 c6 48 0a 00 00 	add    $0xa48,%rsi
* 25:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2a:	bb 01 00 00 00       	mov    $0x1,%ebx
  2f:	e9 94 f8 ff ff       	jmp    0xfffff8c8
  34:	e8 c0 2d ca f6       	call   0xf6ca2df9
  39:	e8                   	.byte 0xe8
  3a:	ab                   	stos   %eax,%es:(%rdi)