------------[ cut here ]------------
wlan1: Dropped data frame as no usable bitrate found while scanning and associated. Target station: 08:02:11:00:00:00 on 5 GHz band
WARNING: net/mac80211/tx.c:753 at ieee80211_tx_h_rate_ctrl+0x12bb/0x1a20 net/mac80211/tx.c:753, CPU#0: kworker/u32:29/9795
Modules linked in:
CPU: 0 UID: 0 PID: 9795 Comm: kworker/u32:29 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:ieee80211_tx_h_rate_ctrl+0x12cb/0x1a20 net/mac80211/tx.c:753
Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 e9 05 00 00 48 8d 3d 15 ee dc 05 48 8b 75 68 89 d9 4c 89 e2 48 81 c6 48 0a 00 00 <67> 48 0f b9 3a bb 01 00 00 00 e9 2a f8 ff ff e8 c1 4c fb f6 e8 dc
RSP: 0018:ffffc90007cf75d8 EFLAGS: 00010282
RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000005
RDX: ffff888035faea84 RSI: ffff888013419808 RDI: ffffffff90ea3ff0
RBP: ffffc90007cf7850 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888035faea84
R13: ffffc90007cf78c0 R14: 0000000000000000 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880d6347000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcc0dde9e80 CR3: 0000000037037000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 invoke_tx_handlers_late+0xfb4/0x2750 net/mac80211/tx.c:1850
 ieee80211_tx+0x304/0x460 net/mac80211/tx.c:1972
 ieee80211_xmit+0x30f/0x3e0 net/mac80211/tx.c:2065
 __ieee80211_tx_skb_tid_band+0x2c2/0x720 net/mac80211/tx.c:6288
 ieee80211_tx_skb_tid_band net/mac80211/ieee80211_i.h:2418 [inline]
 ieee80211_send_scan_probe_req net/mac80211/scan.c:685 [inline]
 ieee80211_scan_state_send_probe+0x33d/0xac0 net/mac80211/scan.c:713
 ieee80211_scan_work+0x750/0x1ff0 net/mac80211/scan.c:1174
 cfg80211_wiphy_work+0x446/0x5c0 net/wireless/core.c:440
 process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
 process_scheduled_works kernel/workqueue.c:3358 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess), 5 bytes skipped:
   0:	48 c1 ea 03          	shr    $0x3,%rdx
   4:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   8:	0f 85 e9 05 00 00    	jne    0x5f7
   e:	48 8d 3d 15 ee dc 05 	lea    0x5dcee15(%rip),%rdi        # 0x5dcee2a
  15:	48 8b 75 68          	mov    0x68(%rbp),%rsi
  19:	89 d9                	mov    %ebx,%ecx
  1b:	4c 89 e2             	mov    %r12,%rdx
  1e:	48 81 c6 48 0a 00 00 	add    $0xa48,%rsi
* 25:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2a:	bb 01 00 00 00       	mov    $0x1,%ebx
  2f:	e9 2a f8 ff ff       	jmp    0xfffff85e
  34:	e8 c1 4c fb f6       	call   0xf6fb4cfa
  39:	e8                   	.byte 0xe8
  3a:	dc                   	.byte 0xdc