bridge0: left promiscuous mode vlan2: left promiscuous mode BUG: sleeping function called from invalid context at kernel/locking/mutex.c:591 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 23027, name: syz.3.4516 preempt_count: 201, expected: 0 RCU nest depth: 0, expected: 0 2 locks held by syz.3.4516/23027: #0: ffffffff8fbcec48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline] #0: ffffffff8fbcec48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline] #0: ffffffff8fbcec48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071 #1: ffff888036b40370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: netif_addr_lock_bh include/linux/netdevice.h:4884 [inline] #1: ffff888036b40370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: dev_set_rx_mode+0x65/0x2d0 net/core/dev.c:9690 Preemption disabled at: [] local_bh_disable include/linux/bottom_half.h:20 [inline] [] netif_addr_lock_bh include/linux/netdevice.h:4883 [inline] [] dev_set_rx_mode+0x54/0x2d0 net/core/dev.c:9690 CPU: 0 UID: 0 PID: 23027 Comm: syz.3.4516 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 __might_resched+0x378/0x4d0 kernel/sched/core.c:8885 __mutex_lock_common kernel/locking/mutex.c:591 [inline] __mutex_lock+0x119/0x1300 kernel/locking/mutex.c:776 netdev_lock include/linux/netdevice.h:2784 [inline] netdev_lock_ops include/net/netdev_lock.h:42 [inline] dev_set_promiscuity+0x10e/0x260 net/core/dev_api.c:286 dev_change_rx_flags net/core/dev.c:9547 [inline] __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9591 netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9611 dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:287 br_port_clear_promisc net/bridge/br_if.c:135 [inline] br_manage_promisc+0x4db/0x560 net/bridge/br_if.c:172 dev_change_rx_flags net/core/dev.c:9547 [inline] __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9591 __dev_set_rx_mode net/core/dev.c:-1 [inline] dev_set_rx_mode+0x1c9/0x2d0 net/core/dev.c:9691 __dev_open+0x672/0x830 net/core/dev.c:1710 __dev_change_flags+0x1f7/0x690 net/core/dev.c:9764 netif_change_flags+0x88/0x1a0 net/core/dev.c:9827 do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158 rtnl_group_changelink net/core/rtnetlink.c:3790 [inline] __rtnl_newlink net/core/rtnetlink.c:3944 [inline] rtnl_newlink+0x147a/0x1be0 net/core/rtnetlink.c:4072 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0x972/0x9f0 net/socket.c:2592 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2646 __sys_sendmsg+0x183/0x260 net/socket.c:2678 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x20d/0x640 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf70aef6c Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad RSP: 002b:00000000f503850c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000200 RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ============================= [ BUG: Invalid wait context ] syzkaller #0 Tainted: G W L ----------------------------- syz.3.4516/23027 is trying to lock: ffff888063640d40 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock include/linux/netdevice.h:2784 [inline] ffff888063640d40 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: netdev_lock_ops include/net/netdev_lock.h:42 [inline] ffff888063640d40 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: dev_set_promiscuity+0x10e/0x260 net/core/dev_api.c:286 other info that might help us debug this: context-{5:5} 2 locks held by syz.3.4516/23027: #0: ffffffff8fbcec48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline] #0: ffffffff8fbcec48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline] #0: ffffffff8fbcec48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 net/core/rtnetlink.c:4071 #1: ffff888036b40370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: netif_addr_lock_bh include/linux/netdevice.h:4884 [inline] #1: ffff888036b40370 (&dev_addr_list_lock_key#7/2){+...}-{3:3}, at: dev_set_rx_mode+0x65/0x2d0 net/core/dev.c:9690 stack backtrace: CPU: 0 UID: 0 PID: 23027 Comm: syz.3.4516 Tainted: G W L syzkaller #0 PREEMPT(full) Tainted: [W]=WARN, [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline] check_wait_context kernel/locking/lockdep.c:4902 [inline] __lock_acquire+0xec1/0x2cf0 kernel/locking/lockdep.c:5187 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868 __mutex_lock_common kernel/locking/mutex.c:614 [inline] __mutex_lock+0x19f/0x1300 kernel/locking/mutex.c:776 netdev_lock include/linux/netdevice.h:2784 [inline] netdev_lock_ops include/net/netdev_lock.h:42 [inline] dev_set_promiscuity+0x10e/0x260 net/core/dev_api.c:286 dev_change_rx_flags net/core/dev.c:9547 [inline] __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9591 netif_set_promiscuity+0x50/0xe0 net/core/dev.c:9611 dev_set_promiscuity+0x126/0x260 net/core/dev_api.c:287 br_port_clear_promisc net/bridge/br_if.c:135 [inline] br_manage_promisc+0x4db/0x560 net/bridge/br_if.c:172 dev_change_rx_flags net/core/dev.c:9547 [inline] __dev_set_promiscuity+0x515/0x710 net/core/dev.c:9591 __dev_set_rx_mode net/core/dev.c:-1 [inline] dev_set_rx_mode+0x1c9/0x2d0 net/core/dev.c:9691 __dev_open+0x672/0x830 net/core/dev.c:1710 __dev_change_flags+0x1f7/0x690 net/core/dev.c:9764 netif_change_flags+0x88/0x1a0 net/core/dev.c:9827 do_setlink+0xf82/0x4590 net/core/rtnetlink.c:3158 rtnl_group_changelink net/core/rtnetlink.c:3790 [inline] __rtnl_newlink net/core/rtnetlink.c:3944 [inline] rtnl_newlink+0x147a/0x1be0 net/core/rtnetlink.c:4072 rtnetlink_rcv_msg+0x7d5/0xbe0 net/core/rtnetlink.c:6958 netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0x972/0x9f0 net/socket.c:2592 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2646 __sys_sendmsg+0x183/0x260 net/socket.c:2678 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x20d/0x640 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf70aef6c Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad RSP: 002b:00000000f503850c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000200 RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 dummy0: left promiscuous mode 8021q: adding VLAN 0 to HW filter on device team0 dummy0: entered promiscuous mode bridge0: port 1(vlan2) entered blocking state bridge0: port 1(vlan2) entered forwarding state batman_adv: batadv0: Interface activated: dummy0 batadv0: mtu less than device minimum batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 caif:caif_disconnect_client(): nothing to disconnect chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT chnl_net:chnl_net_open(): state disconnected ---------------- Code disassembly (best guess): 0: 90 nop 1: 85 d2 test %edx,%edx 3: 74 0a je 0xf 5: 89 ce mov %ecx,%esi 7: 81 e6 ff 0f 00 00 and $0xfff,%esi d: 89 32 mov %esi,(%rdx) f: 85 c0 test %eax,%eax 11: 74 05 je 0x18 13: c1 e9 0c shr $0xc,%ecx 16: 89 08 mov %ecx,(%rax) 18: 31 c0 xor %eax,%eax 1a: 5e pop %rsi 1b: 5d pop %rbp 1c: c3 ret 1d: 90 nop 1e: 0f 1f 00 nopl (%rax) 21: 51 push %rcx 22: 52 push %rdx 23: 55 push %rbp 24: 89 e5 mov %esp,%ebp 26: 0f 34 sysenter 28: cd 80 int $0x80 * 2a: 5d pop %rbp <-- trapping instruction 2b: 5a pop %rdx 2c: 59 pop %rcx 2d: c3 ret 2e: 58 pop %rax 2f: b8 77 00 00 00 mov $0x77,%eax 34: cd 80 int $0x80 36: 0f 0b ud2 38: 90 nop 39: 90 nop 3a: 90 nop 3b: 90 nop 3c: 90 nop 3d: 90 nop 3e: b8 .byte 0xb8 3f: ad lods %ds:(%rsi),%eax