------------[ cut here ]------------
WARNING: CPU: 0 PID: 8458 at net/mac80211/ibss.c:500 ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
Modules linked in:
CPU: 0 PID: 8458 Comm: syz.1.1495 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
lr : ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
sp : ffff800021a56e60
x29: ffff800021a56e70 x28: 1fffe0001ead8ab5 x27: dfff800000000000
x26: 0000000000000000 x25: ffff0000f56c5af8 x24: ffff0000c3978760
x23: ffff0000f56c55a8 x22: ffff0000f56c5b08 x21: 0000000000000002
x20: ffff0000f56c4c80 x19: ffff800021a571a0 x18: ffff8000176b3140
x17: ffff800018184000 x16: ffff8000082d3a08 x15: 0000000000000002
x14: 0000000000000003 x13: 0000000000ff0100 x12: 0000000000080000
x11: 000000000000353a x10: ffff80002b7a8000 x9 : ffff80001116421c
x8 : 000000000000353b x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80001842ec70 x4 : 0000000000000008 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff800011a5d840 x0 : 0000000000000000
Call trace:
 ieee80211_ibss_csa_beacon+0x4e4/0x590 net/mac80211/ibss.c:500
 ieee80211_set_csa_beacon+0x604/0xa1c net/mac80211/cfg.c:3698
 __ieee80211_channel_switch net/mac80211/cfg.c:3828 [inline]
 ieee80211_channel_switch+0x69c/0xaf0 net/mac80211/cfg.c:3868
 rdev_channel_switch+0x140/0x370 net/wireless/rdev-ops.h:1098
 nl80211_channel_switch+0x720/0xc80 net/wireless/nl80211.c:10111
 genl_family_rcv_msg_doit+0x1f8/0x2f4 net/netlink/genetlink.c:756
 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
 genl_rcv_msg+0x444/0x62c net/netlink/genetlink.c:850
 netlink_rcv_skb+0x208/0x3c4 net/netlink/af_netlink.c:2511
 genl_rcv+0x38/0x50 net/netlink/genetlink.c:861
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x60c/0x824 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x6e8/0x9b0 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg net/socket.c:730 [inline]
 ____sys_sendmsg+0x5b8/0x918 net/socket.c:2519
 ___sys_sendmsg net/socket.c:2573 [inline]
 __sys_sendmsg+0x25c/0x320 net/socket.c:2602
 __do_sys_sendmsg net/socket.c:2611 [inline]
 __se_sys_sendmsg net/socket.c:2609 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 226
hardirqs last  enabled at (225): [<ffff8000081a95b4>] __local_bh_enable_ip+0x1f8/0x380 kernel/softirq.c:426
hardirqs last disabled at (226): [<ffff8000118fa220>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (224): [<ffff800010fc6fe0>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (224): [<ffff800010fc6fe0>] cfg80211_get_bss+0x48c/0x850 net/wireless/scan.c:1564
softirqs last disabled at (222): [<ffff800010fc6c90>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (222): [<ffff800010fc6c90>] cfg80211_get_bss+0x13c/0x850 net/wireless/scan.c:1538
---[ end trace 0000000000000000 ]---