------------[ cut here ]------------ WARNING: net/mac80211/offchannel.c:404 at ieee80211_start_next_roc+0x1bc/0x224 net/mac80211/offchannel.c:404, CPU#0: syz-executor112/22305 Modules linked in: CPU: 0 UID: 0 PID: 22305 Comm: syz-executor112 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : ieee80211_start_next_roc+0x1bc/0x224 net/mac80211/offchannel.c:404 lr : ieee80211_start_next_roc+0x1bc/0x224 net/mac80211/offchannel.c:404 sp : ffff800096ac6f50 x29: ffff800096ac6f50 x28: dfff800000000000 x27: ffff0000cd654018 x26: ffff0000d03a2be8 x25: 0000000000000001 x24: ffff0000d03a0f88 x23: ffff0000cb3f5880 x22: ffff0000d03a2a00 x21: dfff800000000000 x20: ffff0000d3834520 x19: ffff0000d03a0f40 x18: 1fffe00035c1ea20 x17: ffff8000888eb000 x16: ffff80008899dba0 x15: ffff0001ae0f510c x14: ffff0001ae0f5108 x13: 0000000000000001 x12: 0000000000000000 x11: ffff80008a356d08 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000000 x7 : ffff80008618dea8 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008600c23c x2 : 0000000000000001 x1 : ffff0000dc75d700 x0 : 0000000000000000 Call trace: ieee80211_start_next_roc+0x1bc/0x224 net/mac80211/offchannel.c:404 (P) __ieee80211_scan_completed+0x6f8/0xbc8 net/mac80211/scan.c:537 ieee80211_scan_cancel+0x1a0/0x924 net/mac80211/scan.c:1328 ieee80211_do_stop+0x1e8/0x1a6c net/mac80211/iface.c:500 ieee80211_runtime_change_iftype net/mac80211/iface.c:2070 [inline] ieee80211_if_change_type+0x3b8/0x630 net/mac80211/iface.c:2108 ieee80211_change_iface+0xdc/0x438 net/mac80211/cfg.c:271 rdev_change_virtual_intf net/wireless/rdev-ops.h:74 [inline] cfg80211_change_iface+0x3e4/0xaa4 net/wireless/util.c:1233 nl80211_set_interface+0x458/0x6b0 net/wireless/nl80211.c:4914 genl_family_rcv_msg_doit+0x1e4/0x2d8 net/netlink/genetlink.c:1114 genl_family_rcv_msg net/netlink/genetlink.c:1194 [inline] genl_rcv_msg+0x444/0x620 net/netlink/genetlink.c:1209 netlink_rcv_skb+0x22c/0x410 net/netlink/af_netlink.c:2550 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1218 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x610/0x800 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x63c/0x920 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg+0xc8/0x138 net/socket.c:802 __sys_sendto+0x254/0x338 net/socket.c:2265 __do_sys_sendto net/socket.c:2272 [inline] __se_sys_sendto net/socket.c:2268 [inline] __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2268 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 irq event stamp: 2634 hardirqs last enabled at (2633): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (2633): [] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198 hardirqs last disabled at (2634): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:429 softirqs last enabled at (2628): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (2628): [] ieee80211_configure_filter+0x4e4/0x1110 net/mac80211/main.c:75 softirqs last disabled at (2626): [] spin_lock_bh include/linux/spinlock.h:348 [inline] softirqs last disabled at (2626): [] ieee80211_configure_filter+0x330/0x1110 net/mac80211/main.c:71 ---[ end trace 0000000000000000 ]---