Warning: Permanently added '[localhost]:43979' (ED25519) to the list of known hosts. 2025/08/10 06:50:25 ignoring optional flag "sandboxArg"="0" 2025/08/10 06:50:26 parsed 1 programs [ 81.555917][ T10] cfg80211: failed to load regulatory.db [ 83.586481][ T40] audit: type=1400 audit(1754808628.304:119): avc: denied { unlink } for pid=6239 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 84.666555][ T6239] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.306014][ T5986] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.309996][ T5986] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.313895][ T5986] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.318402][ T5986] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.322017][ T5986] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.570109][ T1233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.572586][ T1233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.589670][ T1233] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.592129][ T1233] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.459993][ T40] audit: type=1401 audit(1754808632.174:120): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 88.198994][ T6348] chnl_net:caif_netlink_parms(): no params data found [ 88.293800][ T6348] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.297204][ T6348] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.300326][ T6348] bridge_slave_0: entered allmulticast mode [ 88.305330][ T6348] bridge_slave_0: entered promiscuous mode [ 88.310282][ T6348] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.313406][ T6348] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.318057][ T6348] bridge_slave_1: entered allmulticast mode [ 88.321311][ T6348] bridge_slave_1: entered promiscuous mode [ 88.361568][ T6348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.372945][ T6348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.411606][ T6348] team0: Port device team_slave_0 added [ 88.416630][ T6348] team0: Port device team_slave_1 added [ 88.448362][ T6348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.451361][ T6348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.461929][ T6348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.466539][ T6348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.469400][ T6348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.477436][ T6348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.516274][ T6348] hsr_slave_0: entered promiscuous mode [ 88.518628][ T6348] hsr_slave_1: entered promiscuous mode [ 89.058708][ T6348] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.066740][ T6348] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.072016][ T6348] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.080158][ T6348] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.140951][ T6348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.152923][ T6348] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.160003][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.162979][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.173369][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.176591][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.325364][ T6348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.345460][ T6348] veth0_vlan: entered promiscuous mode [ 89.350111][ T6348] veth1_vlan: entered promiscuous mode [ 89.365078][ T6348] veth0_macvtap: entered promiscuous mode [ 89.369762][ T6348] veth1_macvtap: entered promiscuous mode [ 89.385482][ T6348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.393103][ T6348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.401329][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.405351][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.415268][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.419052][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.485035][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.531531][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.626891][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.715113][ T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/08/10 06:50:34 executed programs: 0 [ 90.216678][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.220269][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.223257][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.226731][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.229507][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.337368][ T6438] chnl_net:caif_netlink_parms(): no params data found [ 90.430358][ T6438] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.432603][ T6438] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.435528][ T6438] bridge_slave_0: entered allmulticast mode [ 90.439532][ T6438] bridge_slave_0: entered promiscuous mode [ 90.444136][ T6438] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.447739][ T6438] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.450084][ T6438] bridge_slave_1: entered allmulticast mode [ 90.452683][ T6438] bridge_slave_1: entered promiscuous mode [ 90.507111][ T6438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.513922][ T6438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.554341][ T6438] team0: Port device team_slave_0 added [ 90.557662][ T6438] team0: Port device team_slave_1 added [ 90.606230][ T6438] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.608452][ T6438] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.618429][ T6438] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.624450][ T6438] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.627322][ T6438] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.640003][ T6438] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.699501][ T6438] hsr_slave_0: entered promiscuous mode [ 90.701745][ T6438] hsr_slave_1: entered promiscuous mode [ 90.703913][ T6438] debugfs: 'hsr0' already exists in 'hsr' [ 90.707826][ T6438] Cannot create hsr debugfs directory [ 92.275696][ T63] Bluetooth: hci0: command tx timeout [ 93.078003][ T46] bridge_slave_1: left allmulticast mode [ 93.080595][ T46] bridge_slave_1: left promiscuous mode [ 93.083101][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.088598][ T46] bridge_slave_0: left allmulticast mode [ 93.091000][ T46] bridge_slave_0: left promiscuous mode [ 93.093480][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.305579][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 93.311069][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 93.317238][ T46] bond0 (unregistering): Released all slaves [ 93.419146][ T46] hsr_slave_0: left promiscuous mode [ 93.421243][ T46] hsr_slave_1: left promiscuous mode [ 93.423191][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.425932][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.429450][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.432318][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.459520][ T46] veth1_macvtap: left promiscuous mode [ 93.462123][ T46] veth0_macvtap: left promiscuous mode [ 93.465008][ T46] veth1_vlan: left promiscuous mode [ 93.467344][ T46] veth0_vlan: left promiscuous mode [ 93.825947][ T46] team0 (unregistering): Port device team_slave_1 removed [ 93.869028][ T46] team0 (unregistering): Port device team_slave_0 removed [ 94.355335][ T63] Bluetooth: hci0: command tx timeout [ 94.548541][ T6438] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.552466][ T6438] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.560899][ T6438] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.565364][ T6438] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.607448][ T6438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.616662][ T6438] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.621829][ T626] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.623892][ T626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.630031][ T1233] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.632294][ T1233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.654110][ T6438] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.657821][ T6438] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.802958][ T6438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.848099][ T6438] veth0_vlan: entered promiscuous mode [ 94.856654][ T6438] veth1_vlan: entered promiscuous mode [ 94.885852][ T6438] veth0_macvtap: entered promiscuous mode [ 94.891692][ T6438] veth1_macvtap: entered promiscuous mode [ 94.911819][ T6438] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.920507][ T6438] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.929464][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.933141][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.939200][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.942910][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.978356][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.980863][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.993588][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.996472][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.014107][ T40] audit: type=1400 audit(1754808639.724:121): avc: denied { read } for pid=6566 comm="syz.0.16" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 95.023844][ T40] audit: type=1400 audit(1754808639.724:122): avc: denied { open } for pid=6566 comm="syz.0.16" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 95.024166][ T6567] input: syz1 as /devices/virtual/input/input5 [ 95.031265][ T40] audit: type=1400 audit(1754808639.734:123): avc: denied { ioctl } for pid=6566 comm="syz.0.16" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 95.037972][ T6567] [ 95.042127][ T40] audit: type=1400 audit(1754808639.754:124): avc: denied { read } for pid=5364 comm="acpid" name="event4" dev="devtmpfs" ino=2842 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.042562][ T6567] ====================================================== [ 95.049621][ T40] audit: type=1400 audit(1754808639.754:125): avc: denied { open } for pid=5364 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2842 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.051770][ T6567] WARNING: possible circular locking dependency detected [ 95.051778][ T6567] 6.16.0-syzkaller-12273-gb96ddbc5c887 #0 Not tainted [ 95.059192][ T40] audit: type=1400 audit(1754808639.754:126): avc: denied { ioctl } for pid=5364 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2842 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.061873][ T6567] ------------------------------------------------------ [ 95.064887][ T40] audit: type=1400 audit(1754808639.754:127): avc: denied { read } for pid=6566 comm="syz.0.16" name="event4" dev="devtmpfs" ino=2842 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.075867][ T6567] syz.0.16/6567 is trying to acquire lock: [ 95.075879][ T6567] ffff8880396eb870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 95.075934][ T6567] [ 95.075934][ T6567] but task is already holding lock: [ 95.075939][ T6567] ffff8880396ec0b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc40 [ 95.078468][ T40] audit: type=1400 audit(1754808639.754:128): avc: denied { open } for pid=6566 comm="syz.0.16" path="/dev/input/event4" dev="devtmpfs" ino=2842 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.085364][ T6567] [ 95.085364][ T6567] which lock already depends on the new lock. [ 95.085364][ T6567] [ 95.085370][ T6567] [ 95.085370][ T6567] the existing dependency chain (in reverse order) is: [ 95.085374][ T6567] [ 95.085374][ T6567] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 95.085389][ T6567] __mutex_lock+0x193/0x10b0 [ 95.085403][ T6567] input_ff_flush+0x63/0x1a0 [ 95.085418][ T6567] uinput_dev_flush+0x2a/0x40 [ 95.087553][ T40] audit: type=1400 audit(1754808639.754:129): avc: denied { ioctl } for pid=6566 comm="syz.0.16" path="/dev/input/event4" dev="devtmpfs" ino=2842 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 95.090778][ T6567] input_flush_device+0xc6/0x140 [ 95.127232][ T6567] evdev_release+0x344/0x420 [ 95.128760][ T6567] __fput+0x3ff/0xb70 [ 95.130236][ T6567] fput_close_sync+0x118/0x210 [ 95.131951][ T6567] __x64_sys_close+0x8b/0x120 [ 95.134021][ T6567] do_syscall_64+0xcd/0x4c0 [ 95.136059][ T6567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.138720][ T6567] [ 95.138720][ T6567] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 95.141461][ T6567] __mutex_lock+0x193/0x10b0 [ 95.143632][ T6567] input_register_handle+0xca/0x630 [ 95.146033][ T6567] kbd_connect+0xca/0x160 [ 95.148196][ T6567] input_attach_handler.isra.0+0x176/0x250 [ 95.150975][ T6567] input_register_device+0xab9/0x1180 [ 95.153350][ T6567] acpi_button_add+0x582/0xb70 [ 95.155507][ T6567] acpi_device_probe+0xc6/0x330 [ 95.157785][ T6567] really_probe+0x241/0xa90 [ 95.159808][ T6567] __driver_probe_device+0x1de/0x440 [ 95.161919][ T6567] driver_probe_device+0x4c/0x1b0 [ 95.163686][ T6567] __driver_attach+0x283/0x580 [ 95.165397][ T6567] bus_for_each_dev+0x13b/0x1d0 [ 95.167119][ T6567] bus_add_driver+0x2e9/0x690 [ 95.168785][ T6567] driver_register+0x15c/0x4b0 [ 95.170486][ T6567] __acpi_bus_register_driver+0xdf/0x130 [ 95.172431][ T6567] acpi_button_driver_init+0x82/0x110 [ 95.174296][ T6567] do_one_initcall+0x120/0x6e0 [ 95.175961][ T6567] kernel_init_freeable+0x5c2/0x910 [ 95.177760][ T6567] kernel_init+0x1c/0x2b0 [ 95.179362][ T6567] ret_from_fork+0x5d7/0x6f0 [ 95.181303][ T6567] ret_from_fork_asm+0x1a/0x30 [ 95.183544][ T6567] [ 95.183544][ T6567] -> #1 (input_mutex){+.+.}-{4:4}: [ 95.186654][ T6567] __mutex_lock+0x193/0x10b0 [ 95.188838][ T6567] input_register_device+0x992/0x1180 [ 95.190835][ T6567] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 95.192858][ T6567] __x64_sys_ioctl+0x18b/0x210 [ 95.194531][ T6567] do_syscall_64+0xcd/0x4c0 [ 95.196237][ T6567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.198248][ T6567] [ 95.198248][ T6567] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 95.201193][ T6567] __lock_acquire+0x12a6/0x1ce0 [ 95.203467][ T6567] lock_acquire+0x179/0x350 [ 95.205595][ T6567] __mutex_lock+0x193/0x10b0 [ 95.207785][ T6567] uinput_request_submit.part.0+0x25/0x2e0 [ 95.210153][ T6567] uinput_dev_upload_effect+0x174/0x1f0 [ 95.212144][ T6567] input_ff_upload+0x582/0xc40 [ 95.214053][ T6567] evdev_do_ioctl+0xf40/0x1b30 [ 95.216214][ T6567] evdev_ioctl+0x16f/0x1a0 [ 95.218200][ T6567] __x64_sys_ioctl+0x18b/0x210 [ 95.220079][ T6567] do_syscall_64+0xcd/0x4c0 [ 95.221596][ T6567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.223489][ T6567] [ 95.223489][ T6567] other info that might help us debug this: [ 95.223489][ T6567] [ 95.226480][ T6567] Chain exists of: [ 95.226480][ T6567] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 95.226480][ T6567] [ 95.230606][ T6567] Possible unsafe locking scenario: [ 95.230606][ T6567] [ 95.233689][ T6567] CPU0 CPU1 [ 95.235933][ T6567] ---- ---- [ 95.238071][ T6567] lock(&ff->mutex); [ 95.239584][ T6567] lock(&dev->mutex#2); [ 95.241627][ T6567] lock(&ff->mutex); [ 95.243596][ T6567] lock(&newdev->mutex); [ 95.244959][ T6567] [ 95.244959][ T6567] *** DEADLOCK *** [ 95.244959][ T6567] [ 95.247482][ T6567] 2 locks held by syz.0.16/6567: [ 95.249032][ T6567] #0: ffff888052a8b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 95.252730][ T6567] #1: ffff8880396ec0b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc40 [ 95.256551][ T6567] [ 95.256551][ T6567] stack backtrace: [ 95.259029][ T6567] CPU: 3 UID: 0 PID: 6567 Comm: syz.0.16 Not tainted 6.16.0-syzkaller-12273-gb96ddbc5c887 #0 PREEMPT(full) [ 95.259050][ T6567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 95.259061][ T6567] Call Trace: [ 95.259068][ T6567] [ 95.259076][ T6567] dump_stack_lvl+0x116/0x1f0 [ 95.259096][ T6567] print_circular_bug+0x275/0x350 [ 95.259122][ T6567] check_noncircular+0x14c/0x170 [ 95.259150][ T6567] __lock_acquire+0x12a6/0x1ce0 [ 95.259176][ T6567] lock_acquire+0x179/0x350 [ 95.259199][ T6567] ? uinput_request_submit.part.0+0x25/0x2e0 [ 95.259226][ T6567] ? __pfx___might_resched+0x10/0x10 [ 95.259246][ T6567] ? uinput_request_submit.part.0+0x25/0x2e0 [ 95.259268][ T6567] __mutex_lock+0x193/0x10b0 [ 95.259283][ T6567] ? uinput_request_submit.part.0+0x25/0x2e0 [ 95.259304][ T6567] ? find_held_lock+0x2b/0x80 [ 95.259322][ T6567] ? uinput_request_reserve_slot+0x3ca/0x4d0 [ 95.259338][ T6567] ? __pfx___mutex_lock+0x10/0x10 [ 95.259354][ T6567] ? _raw_spin_unlock+0x28/0x50 [ 95.259379][ T6567] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 95.259395][ T6567] ? __pfx___might_resched+0x10/0x10 [ 95.259415][ T6567] ? rcu_is_watching+0x12/0xc0 [ 95.259436][ T6567] ? uinput_request_submit.part.0+0x25/0x2e0 [ 95.259461][ T6567] uinput_request_submit.part.0+0x25/0x2e0 [ 95.259488][ T6567] uinput_dev_upload_effect+0x174/0x1f0 [ 95.259504][ T6567] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 95.259524][ T6567] ? __might_fault+0x13b/0x190 [ 95.259542][ T6567] input_ff_upload+0x582/0xc40 [ 95.259568][ T6567] evdev_do_ioctl+0xf40/0x1b30 [ 95.259591][ T6567] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 95.259619][ T6567] evdev_ioctl+0x16f/0x1a0 [ 95.259640][ T6567] ? __pfx_evdev_ioctl+0x10/0x10 [ 95.259662][ T6567] __x64_sys_ioctl+0x18b/0x210 [ 95.259688][ T6567] do_syscall_64+0xcd/0x4c0 [ 95.259715][ T6567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.259732][ T6567] RIP: 0033:0x7f5315985d29 [ 95.259745][ T6567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.259761][ T6567] RSP: 002b:00007f53167e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.259777][ T6567] RAX: ffffffffffffffda RBX: 00007f5315b75fa0 RCX: 00007f5315985d29 [ 95.259787][ T6567] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 95.259797][ T6567] RBP: 00007f5315a01b08 R08: 0000000000000000 R09: 0000000000000000 [ 95.259807][ T6567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.259816][ T6567] R13: 0000000000000000 R14: 00007f5315b75fa0 R15: 00007ffef4549bb8 [ 95.259831][ T6567] [ 95.857197][ T6569] input: syz1 as /devices/virtual/input/input6 2025/08/10 06:50:40 executed programs: 3 [ 96.434597][ T63] Bluetooth: hci0: command tx timeout [ 96.700336][ T6571] input: syz1 as /devices/virtual/input/input7 [ 97.544197][ T6574] input: syz1 as /devices/virtual/input/input8 [ 98.392322][ T6581] input: syz1 as /devices/virtual/input/input9 [ 98.514493][ T63] Bluetooth: hci0: command tx timeout [ 99.237869][ T6583] input: syz1 as /devices/virtual/input/input10 [ 100.079857][ T6586] input: syz1 as /devices/virtual/input/input11 [ 100.918735][ T6588] input: syz1 as /devices/virtual/input/input12 2025/08/10 06:50:45 executed programs: 9 [ 101.763210][ T6590] input: syz1 as /devices/virtual/input/input13 [ 102.605481][ T6592] input: syz1 as /devices/virtual/input/input14 [ 103.454071][ T6594] input: syz1 as /devices/virtual/input/input15 [ 104.298914][ T6596] input: syz1 as /devices/virtual/input/input16