syzbot

------------[ cut here ]------------
WARNING: CPU: 1 PID: 5705 at net/mac80211/offchannel.c:404 ieee80211_start_next_roc+0x24c/0x2c0 net/mac80211/offchannel.c:404
Modules linked in:
CPU: 1 PID: 5705 Comm: syz-executor244 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:ieee80211_start_next_roc+0x24c/0x2c0 net/mac80211/offchannel.c:404
Code: 7b 40 e8 f7 5b dd ff 48 83 c4 10 5b 5d e9 5c 34 4d f7 e8 57 34 4d f7 48 89 df e8 7f 60 ff ff e9 40 ff ff ff e8 45 34 4d f7 90 <0f> 0b 90 e9 32 ff ff ff 48 c7 c7 b8 76 9f 8f e8 70 16 a8 f7 e9 db
RSP: 0018:ffffc900092d73a0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880227c8e20 RCX: ffffffff8a4106b6
RDX: ffff88802a2dda00 RSI: ffffffff8a4107eb RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000003 R12: 0000000000000001
R13: ffff8880227ca8a0 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000555555ce9380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200001c0 CR3: 000000002d61e000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __ieee80211_scan_completed+0x4fe/0xe20 net/mac80211/scan.c:512
 ieee80211_scan_cancel+0x1cf/0x950 net/mac80211/scan.c:1294
 ieee80211_do_stop+0x19d8/0x21f0 net/mac80211/iface.c:480
 ieee80211_runtime_change_iftype net/mac80211/iface.c:1870 [inline]
 ieee80211_if_change_type+0x360/0x790 net/mac80211/iface.c:1908
 ieee80211_change_iface+0xa5/0x500 net/mac80211/cfg.c:219
 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline]
 cfg80211_change_iface+0x589/0xd60 net/wireless/util.c:1215
 nl80211_set_interface+0x6a4/0x980 net/wireless/nl80211.c:4234
 genl_family_rcv_msg_doit+0x205/0x2f0 net/netlink/genetlink.c:1113
 genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline]
 genl_rcv_msg+0x56c/0x810 net/netlink/genetlink.c:1208
 netlink_rcv_skb+0x16e/0x440 net/netlink/af_netlink.c:2559
 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1217
 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
 netlink_unicast+0x545/0x820 net/netlink/af_netlink.c:1361
 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1905
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 __sys_sendto+0x482/0x4e0 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2199
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f69ac720ab3
Code: 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d 31 b6 07 00 00 41 89 ca 74 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 55 48 83 ec 30 44 89 4c 24
RSP: 002b:00007fffd04259f8 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fffd0425ad0 RCX: 00007f69ac720ab3
RDX: 0000000000000024 RSI: 00007fffd0425b20 RDI: 0000000000000006
RBP: 0000000000000006 R08: 00007fffd0425a14 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fffd0425b20 R15: 0000000000000000
 </TASK>