netlink: 'syz.4.2908': attribute type 17 has an invalid length.
batman_adv: batadv0: Interface activated: vlan2
bridge0: entered promiscuous mode
vlan5: entered promiscuous mode
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:609
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 17566, name: syz.4.2908
preempt_count: 201, expected: 0
RCU nest depth: 0, expected: 0
2 locks held by syz.4.2908/17566:
 #0: ffffffff8fdceac0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8fdceac0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8fdceac0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4107
 #1: ffff888031700370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: netif_addr_lock_bh include/linux/netdevice.h:4935 [inline]
 #1: ffff888031700370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: dev_set_rx_mode+0x65/0x2d0 net/core/dev.c:9736
Preemption disabled at:
[<ffffffff89806214>] local_bh_disable include/linux/bottom_half.h:20 [inline]
[<ffffffff89806214>] netif_addr_lock_bh include/linux/netdevice.h:4934 [inline]
[<ffffffff89806214>] dev_set_rx_mode+0x54/0x2d0 net/core/dev.c:9736
CPU: 1 UID: 0 PID: 17566 Comm: syz.4.2908 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 __might_resched+0x378/0x4d0 kernel/sched/core.c:9157
 __mutex_lock_common kernel/locking/mutex.c:609 [inline]
 __mutex_lock+0x11c/0x1550 kernel/locking/mutex.c:806
 netdev_lock include/linux/netdevice.h:2801 [inline]
 netdev_lock_ops include/net/netdev_lock.h:42 [inline]
 dev_set_promiscuity+0x10e/0x260 net/core/dev_api.c:286
 dev_change_rx_flags net/core/dev.c:9593 [inline]
 __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9637
 netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9657
 dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:287
 br_port_set_promisc net/bridge/br_if.c:108 [inline]
 br_manage_promisc+0x180/0x560 net/bridge/br_if.c:157
 dev_change_rx_flags net/core/dev.c:9593 [inline]
 __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9637
 __dev_set_rx_mode net/core/dev.c:-1 [inline]
 dev_set_rx_mode+0x1c9/0x2d0 net/core/dev.c:9737
 __dev_open+0x672/0x830 net/core/dev.c:1710
 __dev_change_flags+0x1f7/0x690 net/core/dev.c:9810
 netif_change_flags+0x88/0x1a0 net/core/dev.c:9873
 do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3180
 rtnl_group_changelink net/core/rtnetlink.c:3812 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3980 [inline]
 rtnl_newlink+0x14ca/0x1bb0 net/core/rtnetlink.c:4108
 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6994
 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x75c/0x8e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0x972/0x9f0 net/socket.c:2698
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
 __sys_sendmsg net/socket.c:2784 [inline]
 __do_sys_sendmsg net/socket.c:2789 [inline]
 __se_sys_sendmsg net/socket.c:2787 [inline]
 __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2787
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38ee79c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f38ef633028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f38eea15fa0 RCX: 00007f38ee79c819
RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
RBP: 00007f38ee832c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f38eea16038 R14: 00007f38eea15fa0 R15: 00007fffe187e548
 </TASK>

=============================
[ BUG: Invalid wait context ]
syzkaller #0 Tainted: G        W          
-----------------------------
syz.4.2908/17566 is trying to lock:
ffff88805b34ed88 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock include/linux/netdevice.h:2801 [inline]
ffff88805b34ed88 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock_ops include/net/netdev_lock.h:42 [inline]
ffff88805b34ed88 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: dev_set_promiscuity+0x10e/0x260 net/core/dev_api.c:286
other info that might help us debug this:
context-{5:5}
2 locks held by syz.4.2908/17566:
 #0: ffffffff8fdceac0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff8fdceac0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff8fdceac0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 net/core/rtnetlink.c:4107
 #1: ffff888031700370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: netif_addr_lock_bh include/linux/netdevice.h:4935 [inline]
 #1: ffff888031700370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: dev_set_rx_mode+0x65/0x2d0 net/core/dev.c:9736
stack backtrace:
CPU: 1 UID: 0 PID: 17566 Comm: syz.4.2908 Tainted: G        W           syzkaller #0 PREEMPT(full) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline]
 check_wait_context kernel/locking/lockdep.c:4902 [inline]
 __lock_acquire+0xec1/0x2cf0 kernel/locking/lockdep.c:5187
 lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
 __mutex_lock_common kernel/locking/mutex.c:632 [inline]
 __mutex_lock+0x1a3/0x1550 kernel/locking/mutex.c:806
 netdev_lock include/linux/netdevice.h:2801 [inline]
 netdev_lock_ops include/net/netdev_lock.h:42 [inline]
 dev_set_promiscuity+0x10e/0x260 net/core/dev_api.c:286
 dev_change_rx_flags net/core/dev.c:9593 [inline]
 __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9637
 netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9657
 dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:287
 br_port_set_promisc net/bridge/br_if.c:108 [inline]
 br_manage_promisc+0x180/0x560 net/bridge/br_if.c:157
 dev_change_rx_flags net/core/dev.c:9593 [inline]
 __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9637
 __dev_set_rx_mode net/core/dev.c:-1 [inline]
 dev_set_rx_mode+0x1c9/0x2d0 net/core/dev.c:9737
 __dev_open+0x672/0x830 net/core/dev.c:1710
 __dev_change_flags+0x1f7/0x690 net/core/dev.c:9810
 netif_change_flags+0x88/0x1a0 net/core/dev.c:9873
 do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3180
 rtnl_group_changelink net/core/rtnetlink.c:3812 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3980 [inline]
 rtnl_newlink+0x14ca/0x1bb0 net/core/rtnetlink.c:4108
 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6994
 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x75c/0x8e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0x972/0x9f0 net/socket.c:2698
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
 __sys_sendmsg net/socket.c:2784 [inline]
 __do_sys_sendmsg net/socket.c:2789 [inline]
 __se_sys_sendmsg net/socket.c:2787 [inline]
 __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2787
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38ee79c819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f38ef633028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f38eea15fa0 RCX: 00007f38ee79c819
RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
RBP: 00007f38ee832c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f38eea16038 R14: 00007f38eea15fa0 R15: 00007fffe187e548
 </TASK>
dummy0: entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device team0
bridge0: port 3(vlan5) entered blocking state
bridge0: port 3(vlan5) entered listening state
chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19
caif:caif_disconnect_client(): nothing to disconnect
chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT
chnl_net:chnl_net_open(): state disconnected
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.