------------[ cut here ]------------ WARNING: CPU: 0 PID: 5848 at net/mac80211/ibss.c:501 ieee80211_ibss_csa_beacon+0x5bd/0x6a0 net/mac80211/ibss.c:501 Modules linked in: CPU: 0 PID: 5848 Comm: kworker/u4:9 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 Workqueue: events_unbound cfg80211_wiphy_work RIP: 0010:ieee80211_ibss_csa_beacon+0x5bd/0x6a0 net/mac80211/ibss.c:501 Code: f7 c6 05 67 3b 7a 04 01 48 c7 c7 00 18 df 8b be fe 01 00 00 48 c7 c2 a0 18 df 8b e8 3d 1e 6d f7 e9 5f fe ff ff e8 f3 64 8b f7 <0f> 0b b8 ea ff ff ff e9 7a ff ff ff e8 e2 64 8b f7 0f 0b e9 b2 fa RSP: 0018:ffffc90004a8f2e0 EFLAGS: 00010283 RAX: ffffffff89fbc69d RBX: ffff8880590c8700 RCX: 0000000000100000 RDX: ffffc90016ee9000 RSI: 00000000000010fc RDI: 00000000000010fd RBP: 1ffff1100f9a6ac3 R08: ffffffff911cd5c7 R09: 1ffffffff2239ab8 R10: dffffc0000000000 R11: fffffbfff2239ab9 R12: ffffc90004a8f4c0 R13: ffff88807cd35618 R14: ffff88807cd35b08 R15: ffff88807cd34d00 FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000020000005f030 CR3: 0000000066375000 CR4: 00000000003506f0 Call Trace: ieee80211_set_csa_beacon+0x77e/0xa10 net/mac80211/cfg.c:3826 __ieee80211_channel_switch net/mac80211/cfg.c:3954 [inline] ieee80211_channel_switch+0x7e9/0xe70 net/mac80211/cfg.c:3999 ieee80211_ibss_process_chanswitch+0x9d6/0xd70 net/mac80211/ibss.c:892 ieee80211_rx_mgmt_spectrum_mgmt net/mac80211/ibss.c:931 [inline] ieee80211_ibss_rx_queued_mgmt+0x1045/0x2c80 net/mac80211/ibss.c:1666 ieee80211_iface_process_skb net/mac80211/iface.c:1655 [inline] ieee80211_iface_work+0x717/0xc70 net/mac80211/iface.c:1709 cfg80211_wiphy_work+0x225/0x260 net/wireless/core.c:437 process_one_work kernel/workqueue.c:2653 [inline] process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811 kthread+0x2fa/0x390 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293