------------[ cut here ]------------
no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xfff with flags 0x40
WARNING: CPU: 1 PID: 10692 at net/mac80211/rate.c:385 __rate_control_send_low+0x635/0x880 net/mac80211/rate.c:380
Modules linked in:
CPU: 1 PID: 10692 Comm: syz.1.1455 Not tainted 6.6.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__rate_control_send_low+0x635/0x880 net/mac80211/rate.c:380
Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 60 7b be 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 5b ef 6a f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff
RSP: 0018:ffffc900001f0560 EFLAGS: 00010246
RAX: 66f278ec96342700 RBX: 000000000000000c RCX: ffff88802455bc00
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 0000000000000084 R08: ffffc900001f0167 R09: 1ffff9200003e02c
R10: dffffc0000000000 R11: fffff5200003e02d R12: 0000000000000040
R13: dffffc0000000000 R14: ffff888030be3358 R15: ffff888079a89ca8
FS:  00007fdefd1bc6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdef1cf6e00 CR3: 000000002f3a6000 CR4: 00000000003506e0
Call Trace:
 <IRQ>
 rate_control_send_low+0x194/0x790 net/mac80211/rate.c:405
 rate_control_get_rate+0x20b/0x5c0 net/mac80211/rate.c:921
 ieee80211_beacon_get_finish+0x38d/0x6b0 net/mac80211/tx.c:5218
 ieee80211_beacon_get_ap+0x1429/0x1970 net/mac80211/tx.c:5321
 __ieee80211_beacon_get+0x10eb/0x1600 net/mac80211/tx.c:5417
 ieee80211_beacon_get_tim+0xb8/0x560 net/mac80211/tx.c:5559
 ieee80211_beacon_get include/net/mac80211.h:5438 [inline]
 mac80211_hwsim_beacon_tx+0x3c7/0x780 drivers/net/wireless/virtual/mac80211_hwsim.c:2265
 __iterate_interfaces+0x243/0x500 net/mac80211/util.c:766
 ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 net/mac80211/util.c:802
 mac80211_hwsim_beacon+0xbb/0x1b0 drivers/net/wireless/virtual/mac80211_hwsim.c:2295
 __run_hrtimer kernel/time/hrtimer.c:1755 [inline]
 __hrtimer_run_queues+0x51e/0xc40 kernel/time/hrtimer.c:1819
 hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1836
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:xas_descend+0x2f/0x490 lib/xarray.c:205
Code: 41 55 41 54 53 48 83 ec 18 48 89 34 24 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 1c 03 26 f7 4c 8d 73 08 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 02 49 7d f7 4d 8b 36 4c 8b 3c 24
RSP: 0018:ffffc900037bf820 EFLAGS: 00000a06
RAX: 1ffff920006f7f21 RBX: ffffc900037bf900 RCX: 0000000000080000
RDX: ffffc9000b9e1000 RSI: 0000000000011dae RDI: 0000000000011daf
RBP: 0000000000000000 R08: dffffc0000000000 R09: 1ffffffff21b46a4
R10: dffffc0000000000 R11: fffffbfff21b46a5 R12: 1ffff1100bd2e2c0
R13: 0000000000000000 R14: ffffc900037bf908 R15: dffffc0000000000
 xas_load+0xbe/0x140 lib/xarray.c:244
 filemap_get_entry+0x165/0x3c0 mm/filemap.c:1852
 shmem_get_folio_gfp+0x2a5/0x2ac0 mm/shmem.c:1976
 shmem_get_folio mm/shmem.c:2165 [inline]
 shmem_write_begin+0xf2/0x420 mm/shmem.c:2707
 generic_perform_write+0x2fb/0x5b0 mm/filemap.c:4016
 shmem_file_write_iter+0xfb/0x120 mm/shmem.c:2884
 call_write_iter include/linux/fs.h:2018 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x43b/0x940 fs/read_write.c:584
 ksys_write+0x147/0x250 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fdefc38d45f
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
RSP: 002b:00007fdefd1bbdf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007fdefc38d45f
RDX: 0000000000100000 RSI: 00007fdef1bf7000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000c4e
R10: 0000000000000fd2 R11: 0000000000000293 R12: 0000000000000003
R13: 00007fdefd1bbef0 R14: 00007fdefd1bbeb0 R15: 00007fdef1bf7000
 </TASK>
----------------
Code disassembly (best guess):
   0:	41 55                	push   %r13
   2:	41 54                	push   %r12
   4:	53                   	push   %rbx
   5:	48 83 ec 18          	sub    $0x18,%rsp
   9:	48 89 34 24          	mov    %rsi,(%rsp)
   d:	48 89 fb             	mov    %rdi,%rbx
  10:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
  17:	fc ff df
  1a:	e8 1c 03 26 f7       	call   0xf726033b
  1f:	4c 8d 73 08          	lea    0x8(%rbx),%r14
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 f7             	mov    %r14,%rdi
  34:	e8 02 49 7d f7       	call   0xf77d493b
  39:	4d 8b 36             	mov    (%r14),%r14
  3c:	4c 8b 3c 24          	mov    (%rsp),%r15