syzbot

netdevsim netdevsim1 netdevsim0: left allmulticast mode
------------[ cut here ]------------
sdata->crypto_tx_tailroom_needed_cnt != master->crypto_tx_tailroom_needed_cnt
WARNING: net/mac80211/key.c:1169 at ieee80211_free_keys+0x7b8/0x8e0 net/mac80211/key.c:1168, CPU#0: syz.1.2804/16508
Modules linked in:
CPU: 0 UID: 0 PID: 16508 Comm: syz.1.2804 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
RIP: 0010:ieee80211_free_keys+0x7b8/0x8e0 net/mac80211/key.c:1168
Code: 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 a7 46 ab f6 90 0f 0b 90 e9 04 fa ff ff e8 99 46 ab f6 90 <0f> 0b 90 e9 32 fe ff ff e8 8b 46 ab f6 e9 d4 fd ff ff 48 c7 c1 b0
RSP: 0018:ffffc9001041e3a0 EFLAGS: 00010246
RAX: ffffffff8b193157 RBX: 0000000000000001 RCX: 0000000000080000
RDX: ffffc9000f985000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc9001041e470 R08: ffffc9001041e187 R09: 1ffff92002083c30
R10: dffffc0000000000 R11: fffff52002083c31 R12: 0000000000000001
R13: ffff888053bccd80 R14: ffff8880538b1730 R15: 0000000000000002
FS:  00007f0a911d56c0(0000) GS:ffff8881256c8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f43ab54da08 CR3: 0000000053c6c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 ieee80211_do_stop+0xf4c/0x2010 net/mac80211/iface.c:605
 ieee80211_stop+0x1b1/0x240 net/mac80211/iface.c:832
 __dev_close_many+0x368/0x6d0 net/core/dev.c:1769
 netif_close_many+0x225/0x420 net/core/dev.c:1794
 netif_close+0x160/0x220 net/core/dev.c:1811
 dev_close+0x10a/0x220 net/core/dev_api.c:220
 ieee80211_stop+0xcc/0x240 net/mac80211/iface.c:819
 __dev_close_many+0x368/0x6d0 net/core/dev.c:1769
 __dev_close net/core/dev.c:1781 [inline]
 __dev_change_flags+0x2cb/0x690 net/core/dev.c:9747
 netif_change_flags+0x88/0x1a0 net/core/dev.c:9812
 do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158
 rtnl_group_changelink net/core/rtnetlink.c:3790 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3944 [inline]
 rtnl_newlink+0x147a/0x1be0 net/core/rtnetlink.c:4072
 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 ____sys_sendmsg+0xa68/0xad0 net/socket.c:2592
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2646
 __sys_sendmsg net/socket.c:2678 [inline]
 __do_sys_sendmsg net/socket.c:2683 [inline]
 __se_sys_sendmsg net/socket.c:2681 [inline]
 __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2681
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a92f9bf79
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0a911d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f0a93216180 RCX: 00007f0a92f9bf79
RDX: 0000000000004004 RSI: 0000200000000200 RDI: 0000000000000009
RBP: 00007f0a930327e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f0a93216218 R14: 00007f0a93216180 R15: 00007f0a9333fa48
 </TASK>