------------[ cut here ]------------
WARNING: CPU: 1 PID: 49 at net/mac80211/ibss.c:501 ieee80211_ibss_csa_beacon+0x5bd/0x6a0 net/mac80211/ibss.c:501
Modules linked in:
CPU: 1 PID: 49 Comm: kworker/u4:3 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:ieee80211_ibss_csa_beacon+0x5bd/0x6a0 net/mac80211/ibss.c:501
Code: f7 c6 05 22 d0 7b 04 01 48 c7 c7 a0 dc de 8b be fe 01 00 00 48 c7 c2 40 dd de 8b e8 dd f9 6e f7 e9 5f fe ff ff e8 33 3c 8d f7 <0f> 0b b8 ea ff ff ff e9 7a ff ff ff e8 22 3c 8d f7 0f 0b e9 b2 fa
RSP: 0018:ffffc90000ba72e0 EFLAGS: 00010287
RAX: ffffffff89f9e5cd RBX: ffff88807f8f0700 RCX: 0000000000100000
RDX: ffffc9001878b000 RSI: 000000000000115b RDI: 000000000000115c
RBP: 1ffff1100c5302b3 R08: ffffffff911c65c7 R09: 1ffffffff2238cb8
R10: dffffc0000000000 R11: fffffbfff2238cb9 R12: ffffc90000ba74c0
R13: ffff888062981598 R14: ffff888062981a88 R15: ffff888062980c80
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3501eff8 CR3: 000000005e7c6000 CR4: 00000000003506e0
Call Trace:
 <TASK>
 ieee80211_set_csa_beacon+0x77e/0xa10 net/mac80211/cfg.c:3826
 __ieee80211_channel_switch net/mac80211/cfg.c:3954 [inline]
 ieee80211_channel_switch+0x7e9/0xe70 net/mac80211/cfg.c:3999
 ieee80211_ibss_process_chanswitch+0x9d6/0xd70 net/mac80211/ibss.c:892
 ieee80211_rx_mgmt_spectrum_mgmt net/mac80211/ibss.c:931 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x1045/0x2c80 net/mac80211/ibss.c:1666
 ieee80211_iface_process_skb net/mac80211/iface.c:1655 [inline]
 ieee80211_iface_work+0x717/0xc70 net/mac80211/iface.c:1709
 cfg80211_wiphy_work+0x225/0x260 net/wireless/core.c:437
 process_one_work kernel/workqueue.c:2653 [inline]
 process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>