------------[ cut here ]------------
no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0
WARNING: net/mac80211/rate.c:401 at __rate_control_send_low+0x610/0x760 net/mac80211/rate.c:401, CPU#1: syz.1.429/7595
Modules linked in:
CPU: 1 UID: 0 PID: 7595 Comm: syz.1.429 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
RIP: 0010:__rate_control_send_low+0x621/0x760 net/mac80211/rate.c:401
Code: f7 48 8b 44 24 10 8b ac a8 d4 00 00 00 e8 c7 e0 18 f7 48 8d 3d 60 92 d9 05 44 8b 44 24 04 48 8b 74 24 10 45 89 f1 89 d9 89 ea <67> 48 0f b9 3a e9 2f fd ff ff 48 8b 7c 24 08 e8 cb 2e 83 f7 e9 03
RSP: 0018:ffffc90000a08940 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 00000000ffffffff RSI: 0000000000000000 RDI: ffffffff90c7b1e0
RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000000c R11: 0617aaaaaaaaaaff R12: ffff888033fa7de8
R13: ffff888076623128 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8881246dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f11b5a4e020 CR3: 000000005fd26000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rate_control_send_low+0x2a8/0x7e0 net/mac80211/rate.c:429
 rate_control_get_rate+0x1be/0x5c0 net/mac80211/rate.c:943
 ieee80211_beacon_get_finish+0x45a/0x690 net/mac80211/tx.c:5364
 __ieee80211_beacon_get+0x795/0x1ee0 net/mac80211/tx.c:5667
 ieee80211_beacon_get_tim+0xa6/0x280 net/mac80211/tx.c:5778
 ieee80211_beacon_get include/net/mac80211.h:5669 [inline]
 mac80211_hwsim_beacon_tx+0x4d6/0xa00 drivers/net/wireless/virtual/mac80211_hwsim.c:2361
 __iterate_interfaces+0x2e6/0x650 net/mac80211/util.c:761
 ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 net/mac80211/util.c:797
 mac80211_hwsim_beacon+0x105/0x1b0 drivers/net/wireless/virtual/mac80211_hwsim.c:2395
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x516/0x990 kernel/time/hrtimer.c:1841
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1858
 handle_softirqs+0x1ea/0x910 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xef/0x150 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194
Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 e6 b2 69 f6 48 89 df e8 ce 00 6a f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 65 49 5a f6 65 8b 05 3e ca 6a 08 85 c0 74 16 5b
RSP: 0018:ffffc9000f4ff788 EFLAGS: 00000246
RAX: 0000000000000002 RBX: ffff88801daf29d8 RCX: 0000000000000040
RDX: 0000000000000000 RSI: ffffffff8dc44a41 RDI: ffffffff8bfa35a0
RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 000000000000007c
R13: dffffc0000000000 R14: ffffc9000f4ffa58 R15: ffffc9000f4ffb58
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 unlock_page_lruvec_irqrestore include/linux/memcontrol.h:1481 [inline]
 folios_put_refs+0x4df/0x840 mm/swap.c:994
 folio_batch_release include/linux/pagevec.h:101 [inline]
 truncate_inode_pages_range+0x30c/0x1050 mm/truncate.c:408
 kill_bdev block/bdev.c:91 [inline]
 blkdev_flush_mapping+0xfb/0x2e0 block/bdev.c:729
 blkdev_put_whole+0xc9/0xf0 block/bdev.c:736
 bdev_release+0x47f/0x6d0 block/bdev.c:1161
 blkdev_release+0x15/0x20 block/fops.c:706
 __fput+0x3ff/0xb40 fs/file_table.c:468
 task_work_run+0x150/0x240 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x829/0x2a30 kernel/exit.c:971
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1121
 x64_sys_call+0x14fd/0x1510 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb332b9acb9
Code: Unable to access opcode bytes at 0x7fb332b9ac8f.
RSP: 002b:00007ffedda9a4f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb332b9acb9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffedda9a55c R08: 0000000000000000 R09: 00000000000927c0
R10: 00007fb332e16038 R11: 0000000000000246 R12: 0000000000000050
R13: 00000000000927c0 R14: 0000000000029d42 R15: 00007ffedda9a5b0
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	48 8b 44 24 10       	mov    0x10(%rsp),%rax
   5:	8b ac a8 d4 00 00 00 	mov    0xd4(%rax,%rbp,4),%ebp
   c:	e8 c7 e0 18 f7       	call   0xf718e0d8
  11:	48 8d 3d 60 92 d9 05 	lea    0x5d99260(%rip),%rdi        # 0x5d99278
  18:	44 8b 44 24 04       	mov    0x4(%rsp),%r8d
  1d:	48 8b 74 24 10       	mov    0x10(%rsp),%rsi
  22:	45 89 f1             	mov    %r14d,%r9d
  25:	89 d9                	mov    %ebx,%ecx
  27:	89 ea                	mov    %ebp,%edx
* 29:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2e:	e9 2f fd ff ff       	jmp    0xfffffd62
  33:	48 8b 7c 24 08       	mov    0x8(%rsp),%rdi
  38:	e8 cb 2e 83 f7       	call   0xf7832f08
  3d:	e9                   	.byte 0xe9
  3e:	03                   	.byte 0x3