mtk: mac80211: fix CSA crash with dynamic VLAN

When using dynamic VLAN (AP_VLAN) on 5 GHz, CSA finalize may call
_ieee80211_sta_cap_rx_bw() with a non-NULL chandef whose ->chan is NULL.
This leads to a NULL pointer dereference at chandef->chan->band and a
kernel panic.

Avoid the crash by validating chandef->chan before accessing the band and
fall back to the existing non-chandef path when the channel pointer is not
available during CSA.

Trace:
Unable to handle kernel read from unreadable memory at virtual address 0000000000000000
Internal error: Oops: 0000000096000005 [#1] SMP
CPU: 0 PID: 59 Comm: kworker/u4:2
Workqueue: events_unbound wiphy_delayed_work_pending [cfg80211]
Hardware name: Edgecore EAP111 (DT)
pc : _ieee80211_sta_cap_rx_bw+0x14/0xcc [mac80211]
lr : _ieee80211_sta_cur_vht_bw+0x20/0xb0 [mac80211]

Call trace:
  _ieee80211_sta_cap_rx_bw+0x14/0xcc [mac80211]
  ieee80211_iter_chan_contexts_atomic+0x260/0xf38 [mac80211]
  ieee80211_link_unreserve_chanctx+0x430/0xab8 [mac80211]
  ieee80211_link_use_reserved_context+0xac/0xf4 [mac80211]
  ieee80211_nan_func_terminated+0x3f8c/0x4f00 [mac80211]
  ieee80211_csa_finalize_work+0x2c/0x34 [mac80211]
  wiphy_delayed_work_pending+0x298/0x3bc [cfg80211]
  process_one_work+0x178/0x2f0
  worker_thread+0x2e8/0x4d4
  kthread+0xdc/0xe0
  ret_from_fork+0x10/0x20

  Kernel panic - not syncing: Oops: Fatal exception

Fixes: WIFI-15312

Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>

feeds/mediatek/mac80211/patches/subsys/342-wifi-mac80211-fix-csa-crash.patch

@@ -0,0 +1,13 @@
+Index: backports-6.12.6/net/mac80211/vht.c
+===================================================================
+--- backports-6.12.6.orig/net/mac80211/vht.c
++++ backports-6.12.6/net/mac80211/vht.c
+@@ -365,7 +365,7 @@ _ieee80211_sta_cap_rx_bw(struct link_sta
+ 		enum nl80211_band band;
+ 		u8 info;
+ 
+-		if (chandef) {
++		if (chandef && chandef->chan) {
+ 			band = chandef->chan->band;
+ 		} else {
+ 			struct ieee80211_bss_conf *link_conf;