Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts.
2025/08/10 09:30:30 ignoring optional flag "sandboxArg"="0"
2025/08/10 09:30:31 parsed 1 programs
[  110.236732][   T30] audit: type=1400 audit(1754818233.068:119): avc:  denied  { unlink } for  pid=6284 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  111.548809][ T6284] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  113.385624][ T5924] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  113.395583][ T5924] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  113.403295][ T5924] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  113.411457][ T5924] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  113.419400][ T5924] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  113.535679][   T30] audit: type=1400 audit(1754818236.368:120): avc:  denied  { mount } for  pid=6292 comm="syz-executor" name="/" dev="gadgetfs" ino=8248 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  113.915748][   T30] audit: type=1401 audit(1754818236.748:121): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[  114.059676][ T6311] chnl_net:caif_netlink_parms(): no params data found
[  114.156340][ T6311] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.163426][ T6311] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.171139][ T6311] bridge_slave_0: entered allmulticast mode
[  114.178070][ T6311] bridge_slave_0: entered promiscuous mode
[  114.194178][ T6311] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.201375][ T6311] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.208604][ T6311] bridge_slave_1: entered allmulticast mode
[  114.216858][ T6311] bridge_slave_1: entered promiscuous mode
[  114.257788][ T6311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.269026][ T6311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.293843][ T6311] team0: Port device team_slave_0 added
[  114.301363][ T6311] team0: Port device team_slave_1 added
[  114.327339][ T6311] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.334326][ T6311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.360824][ T6311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.373099][ T6311] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.380695][ T6311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.406810][ T6311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.452863][ T6311] hsr_slave_0: entered promiscuous mode
[  114.459068][ T6311] hsr_slave_1: entered promiscuous mode
[  114.997807][ T6311] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  115.010789][ T6311] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  115.022606][ T6311] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  115.035869][ T6311] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  115.078883][ T6311] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.086496][ T6311] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.094608][ T6311] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.101865][ T6311] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.112697][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.124943][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.196568][ T6311] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.219721][ T6311] 8021q: adding VLAN 0 to HW filter on device team0
[  115.232885][ T3537] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.240069][ T3537] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.277617][ T3537] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.284791][ T3537] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.314427][ T6311] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  115.325280][ T6311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.520388][ T6311] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.571727][ T6311] veth0_vlan: entered promiscuous mode
[  115.588269][ T6311] veth1_vlan: entered promiscuous mode
[  115.621699][ T6311] veth0_macvtap: entered promiscuous mode
[  115.632678][ T6311] veth1_macvtap: entered promiscuous mode
[  115.656165][ T6311] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.672893][ T6311] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.690494][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.708379][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.740804][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.762698][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.860936][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.960716][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.042429][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.185975][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.878661][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.898031][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.932313][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.942966][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.212801][   T36] bridge_slave_1: left allmulticast mode
[  118.218625][   T36] bridge_slave_1: left promiscuous mode
[  118.227419][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.240781][   T36] bridge_slave_0: left allmulticast mode
[  118.247107][   T36] bridge_slave_0: left promiscuous mode
[  118.252870][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.541599][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  118.551980][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  118.563445][   T36] bond0 (unregistering): Released all slaves
[  118.690389][   T36] hsr_slave_0: left promiscuous mode
[  118.704580][   T36] hsr_slave_1: left promiscuous mode
[  118.710523][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  118.734530][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  118.758204][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  118.796094][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  118.853195][   T36] veth1_macvtap: left promiscuous mode
[  118.870038][   T36] veth0_macvtap: left promiscuous mode
[  118.883935][   T36] veth1_vlan: left promiscuous mode
[  118.889264][   T36] veth0_vlan: left promiscuous mode
[  119.422618][   T36] team0 (unregistering): Port device team_slave_1 removed
[  119.456555][   T36] team0 (unregistering): Port device team_slave_0 removed
2025/08/10 09:30:43 executed programs: 0
[  120.675944][ T5168] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  120.686316][ T5168] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  120.694351][ T5168] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  120.702185][ T5168] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  120.710669][ T5168] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  121.148124][ T6540] chnl_net:caif_netlink_parms(): no params data found
[  121.288685][ T6540] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.298225][ T6540] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.308929][ T6540] bridge_slave_0: entered allmulticast mode
[  121.318261][ T6540] bridge_slave_0: entered promiscuous mode
[  121.330624][ T6540] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.338353][ T6540] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.346558][ T6540] bridge_slave_1: entered allmulticast mode
[  121.354308][ T6540] bridge_slave_1: entered promiscuous mode
[  121.391260][ T6540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  121.442762][ T6540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.495090][ T6540] team0: Port device team_slave_0 added
[  121.509156][ T6540] team0: Port device team_slave_1 added
[  121.556323][ T6540] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.563284][ T6540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.591107][ T6540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.616568][ T6540] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.624438][ T6540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.652604][ T6540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.711192][ T6540] hsr_slave_0: entered promiscuous mode
[  121.717716][ T6540] hsr_slave_1: entered promiscuous mode
[  122.139395][ T6540] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  122.163852][ T6540] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  122.176285][ T6540] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  122.187399][ T6540] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  122.280777][ T6540] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.306674][ T6540] 8021q: adding VLAN 0 to HW filter on device team0
[  122.319302][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.326465][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.345373][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.352508][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  122.582709][ T6540] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.636553][ T6540] veth0_vlan: entered promiscuous mode
[  122.652482][ T6540] veth1_vlan: entered promiscuous mode
[  122.688525][ T6540] veth0_macvtap: entered promiscuous mode
[  122.698066][ T6540] veth1_macvtap: entered promiscuous mode
[  122.719699][ T6540] batman_adv: batadv0: Interface activated: batadv_slave_0
[  122.735286][ T6540] batman_adv: batadv0: Interface activated: batadv_slave_1
[  122.750931][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  122.765984][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  122.774568][ T5924] Bluetooth: hci0: command tx timeout
[  122.792955][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  122.822860][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.854884][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.864592][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.901856][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.910345][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.960995][   T30] audit: type=1400 audit(1754818245.788:122): avc:  denied  { read } for  pid=6624 comm="syz.0.16" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  122.984817][ T6625] input: syz1 as /devices/virtual/input/input5
[  122.995900][   T30] audit: type=1400 audit(1754818245.788:123): avc:  denied  { open } for  pid=6624 comm="syz.0.16" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  123.028289][   T30] audit: type=1400 audit(1754818245.808:124): avc:  denied  { ioctl } for  pid=6624 comm="syz.0.16" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  123.054555][ T6625] 
[  123.056884][ T6625] ======================================================
[  123.063978][ T6625] WARNING: possible circular locking dependency detected
[  123.070996][ T6625] 6.16.0-syzkaller-12288-g2b38afce25c4 #0 Not tainted
[  123.077744][ T6625] ------------------------------------------------------
[  123.084757][ T6625] syz.0.16/6625 is trying to acquire lock:
[  123.090548][ T6625] ffff888078d0c870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0
[  123.100767][ T6625] 
[  123.100767][ T6625] but task is already holding lock:
[  123.108127][ T6625] ffff88807c1038b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc40
[  123.116932][ T6625] 
[  123.116932][ T6625] which lock already depends on the new lock.
[  123.116932][ T6625] 
[  123.127324][ T6625] 
[  123.127324][ T6625] the existing dependency chain (in reverse order) is:
[  123.136339][ T6625] 
[  123.136339][ T6625] -> #3 (&ff->mutex){+.+.}-{4:4}:
[  123.143549][ T6625]        __mutex_lock+0x193/0x10b0
[  123.148752][ T6625]        input_ff_flush+0x63/0x1a0
[  123.153891][ T6625]        uinput_dev_flush+0x2a/0x40
[  123.159106][ T6625]        input_flush_device+0xc6/0x140
[  123.164570][ T6625]        evdev_release+0x344/0x420
[  123.169690][ T6625]        __fput+0x3ff/0xb70
[  123.174201][ T6625]        fput_close_sync+0x118/0x210
[  123.179498][ T6625]        __x64_sys_close+0x8b/0x120
[  123.184703][ T6625]        do_syscall_64+0xcd/0x4c0
[  123.189729][ T6625]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.196143][ T6625] 
[  123.196143][ T6625] -> #2 (&dev->mutex#2){+.+.}-{4:4}:
[  123.203623][ T6625]        __mutex_lock+0x193/0x10b0
[  123.208737][ T6625]        input_register_handle+0xca/0x630
[  123.214461][ T6625]        kbd_connect+0xca/0x160
[  123.219312][ T6625]        input_attach_handler.isra.0+0x176/0x250
[  123.225645][ T6625]        input_register_device+0xab9/0x1180
[  123.231544][ T6625]        acpi_button_add+0x582/0xb70
[  123.236830][ T6625]        acpi_device_probe+0xc6/0x330
[  123.242213][ T6625]        really_probe+0x241/0xa90
[  123.247244][ T6625]        __driver_probe_device+0x1de/0x440
[  123.253053][ T6625]        driver_probe_device+0x4c/0x1b0
[  123.258604][ T6625]        __driver_attach+0x283/0x580
[  123.263890][ T6625]        bus_for_each_dev+0x13b/0x1d0
[  123.269269][ T6625]        bus_add_driver+0x2e9/0x690
[  123.274477][ T6625]        driver_register+0x15c/0x4b0
[  123.279761][ T6625]        __acpi_bus_register_driver+0xdf/0x130
[  123.285966][ T6625]        acpi_button_driver_init+0x82/0x110
[  123.291952][ T6625]        do_one_initcall+0x120/0x6e0
[  123.297242][ T6625]        kernel_init_freeable+0x5c2/0x910
[  123.302964][ T6625]        kernel_init+0x1c/0x2b0
[  123.307815][ T6625]        ret_from_fork+0x5d7/0x6f0
[  123.312921][ T6625]        ret_from_fork_asm+0x1a/0x30
[  123.318209][ T6625] 
[  123.318209][ T6625] -> #1 (input_mutex){+.+.}-{4:4}:
[  123.325502][ T6625]        __mutex_lock+0x193/0x10b0
[  123.330702][ T6625]        input_register_device+0x992/0x1180
[  123.336602][ T6625]        uinput_ioctl_handler.isra.0+0x1357/0x1df0
[  123.343109][ T6625]        __x64_sys_ioctl+0x18b/0x210
[  123.348406][ T6625]        do_syscall_64+0xcd/0x4c0
[  123.353461][ T6625]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.359966][ T6625] 
[  123.359966][ T6625] -> #0 (&newdev->mutex){+.+.}-{4:4}:
[  123.367527][ T6625]        __lock_acquire+0x12a6/0x1ce0
[  123.372906][ T6625]        lock_acquire+0x179/0x350
[  123.377936][ T6625]        __mutex_lock+0x193/0x10b0
[  123.383048][ T6625]        uinput_request_submit.part.0+0x25/0x2e0
[  123.389424][ T6625]        uinput_dev_upload_effect+0x174/0x1f0
[  123.395578][ T6625]        input_ff_upload+0x582/0xc40
[  123.400868][ T6625]        evdev_do_ioctl+0xf40/0x1b30
[  123.406158][ T6625]        evdev_ioctl+0x16f/0x1a0
[  123.411166][ T6625]        __x64_sys_ioctl+0x18b/0x210
[  123.416446][ T6625]        do_syscall_64+0xcd/0x4c0
[  123.421449][ T6625]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.427838][ T6625] 
[  123.427838][ T6625] other info that might help us debug this:
[  123.427838][ T6625] 
[  123.438042][ T6625] Chain exists of:
[  123.438042][ T6625]   &newdev->mutex --> &dev->mutex#2 --> &ff->mutex
[  123.438042][ T6625] 
[  123.450375][ T6625]  Possible unsafe locking scenario:
[  123.450375][ T6625] 
[  123.457794][ T6625]        CPU0                    CPU1
[  123.463130][ T6625]        ----                    ----
[  123.468465][ T6625]   lock(&ff->mutex);
[  123.472425][ T6625]                                lock(&dev->mutex#2);
[  123.479164][ T6625]                                lock(&ff->mutex);
[  123.485641][ T6625]   lock(&newdev->mutex);
[  123.489959][ T6625] 
[  123.489959][ T6625]  *** DEADLOCK ***
[  123.489959][ T6625] 
[  123.498077][ T6625] 2 locks held by syz.0.16/6625:
[  123.502986][ T6625]  #0: ffff888028014118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0
[  123.512020][ T6625]  #1: ffff88807c1038b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc40
[  123.521233][ T6625] 
[  123.521233][ T6625] stack backtrace:
[  123.527127][ T6625] CPU: 1 UID: 0 PID: 6625 Comm: syz.0.16 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) 
[  123.527149][ T6625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  123.527164][ T6625] Call Trace:
[  123.527170][ T6625]  <TASK>
[  123.527176][ T6625]  dump_stack_lvl+0x116/0x1f0
[  123.527197][ T6625]  print_circular_bug+0x275/0x350
[  123.527222][ T6625]  check_noncircular+0x14c/0x170
[  123.527247][ T6625]  __lock_acquire+0x12a6/0x1ce0
[  123.527274][ T6625]  lock_acquire+0x179/0x350
[  123.527296][ T6625]  ? uinput_request_submit.part.0+0x25/0x2e0
[  123.527322][ T6625]  ? __pfx___might_resched+0x10/0x10
[  123.527342][ T6625]  ? irqentry_exit+0x3b/0x90
[  123.527358][ T6625]  ? uinput_request_submit.part.0+0x25/0x2e0
[  123.527382][ T6625]  __mutex_lock+0x193/0x10b0
[  123.527397][ T6625]  ? uinput_request_submit.part.0+0x25/0x2e0
[  123.527421][ T6625]  ? preempt_schedule_common+0x44/0xc0
[  123.527447][ T6625]  ? __pfx___mutex_lock+0x10/0x10
[  123.527462][ T6625]  ? _raw_spin_unlock+0x3e/0x50
[  123.527485][ T6625]  ? __pfx_uinput_request_reserve_slot+0x10/0x10
[  123.527500][ T6625]  ? __pfx___might_resched+0x10/0x10
[  123.527518][ T6625]  ? rcu_is_watching+0x12/0xc0
[  123.527542][ T6625]  ? uinput_request_submit.part.0+0x25/0x2e0
[  123.527566][ T6625]  uinput_request_submit.part.0+0x25/0x2e0
[  123.527591][ T6625]  uinput_dev_upload_effect+0x174/0x1f0
[  123.527606][ T6625]  ? __pfx_uinput_dev_upload_effect+0x10/0x10
[  123.527625][ T6625]  ? __might_fault+0x13b/0x190
[  123.527643][ T6625]  input_ff_upload+0x582/0xc40
[  123.527668][ T6625]  evdev_do_ioctl+0xf40/0x1b30
[  123.527689][ T6625]  ? __pfx_evdev_do_ioctl+0x10/0x10
[  123.527716][ T6625]  evdev_ioctl+0x16f/0x1a0
[  123.527735][ T6625]  ? __pfx_evdev_ioctl+0x10/0x10
[  123.527755][ T6625]  __x64_sys_ioctl+0x18b/0x210
[  123.527779][ T6625]  do_syscall_64+0xcd/0x4c0
[  123.527796][ T6625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.527812][ T6625] RIP: 0033:0x7f0cc578e9a9
[  123.527825][ T6625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.527843][ T6625] RSP: 002b:00007f0cc658a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  123.527858][ T6625] RAX: ffffffffffffffda RBX: 00007f0cc59b5fa0 RCX: 00007f0cc578e9a9
[  123.527868][ T6625] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004
[  123.527878][ T6625] RBP: 00007f0cc5810d69 R08: 0000000000000000 R09: 0000000000000000
[  123.527887][ T6625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  123.527897][ T6625] R13: 0000000000000000 R14: 00007f0cc59b5fa0 R15: 00007fff9a53b648
[  123.527912][ T6625]  </TASK>
[  123.785809][   T30] audit: type=1400 audit(1754818245.828:125): avc:  denied  { read } for  pid=5203 comm="acpid" name="event4" dev="devtmpfs" ino=2789 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.793926][ T6624] BUG: unable to handle page fault for address: fffffffffffffff8
[  123.808394][   T30] audit: type=1400 audit(1754818245.828:126): avc:  denied  { open } for  pid=5203 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2789 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.815901][ T6624] #PF: supervisor read access in kernel mode
[  123.815914][ T6624] #PF: error_code(0x0000) - not-present page
[  123.815923][ T6624] PGD e385067 P4D e385067 PUD e387067 
[  123.839472][   T30] audit: type=1400 audit(1754818245.828:127): avc:  denied  { ioctl } for  pid=5203 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2789 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.845188][ T6624] PMD 0 
[  123.845200][ T6624] Oops: Oops: 0000 [#1] SMP KASAN NOPTI
[  123.845219][ T6624] CPU: 0 UID: 0 PID: 6624 Comm: syz.0.16 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) 
[  123.851172][   T30] audit: type=1400 audit(1754818245.858:128): avc:  denied  { read } for  pid=6624 comm="syz.0.16" name="event4" dev="devtmpfs" ino=2789 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.856574][ T6624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  123.856585][ T6624] RIP: 0010:complete+0x9c/0x200
[  123.881596][   T30] audit: type=1400 audit(1754818245.858:129): avc:  denied  { open } for  pid=6624 comm="syz.0.16" path="/dev/input/event4" dev="devtmpfs" ino=2789 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.884235][ T6624] Code: c5 0f 84 fe 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 48 48 8d 7b f8 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 01 00 00 <48> 8b 7b f8 31 d2 be 03 00 00 00 4c 8d 6b 08 e8 80 c4 f6 ff 48 89
[  123.884255][ T6624] RSP: 0018:ffffc90003fffd58 EFLAGS: 00010046
[  123.889782][   T30] audit: type=1400 audit(1754818245.888:130): avc:  denied  { ioctl } for  pid=6624 comm="syz.0.16" path="/dev/input/event4" dev="devtmpfs" ino=2789 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  123.901193][ T6624] 
[  123.901198][ T6624] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff819812fc
[  123.901209][ T6624] RDX: 1fffffffffffffff RSI: 0000000000000004 RDI: fffffffffffffff8
[  123.901220][ T6624] RBP: 0000000000000246 R08: 0000000000000001 R09: fffff520007fff99
[  124.038562][ T6624] R10: 0000000000000003 R11: ffffffff8b92e0cd R12: ffffc90003547c18
[  124.046507][ T6624] R13: ffffc90003547c58 R14: ffff88807bda3000 R15: ffffc90003547c00
[  124.054450][ T6624] FS:  000055557d382500(0000) GS:ffff8881246bd000(0000) knlGS:0000000000000000
[  124.063360][ T6624] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  124.070017][ T6624] CR2: fffffffffffffff8 CR3: 000000005d1fb000 CR4: 00000000003526f0
[  124.077966][ T6624] Call Trace:
[  124.081237][ T6624]  <TASK>
[  124.084145][ T6624]  uinput_destroy_device+0x1c0/0x260
[  124.089410][ T6624]  ? __pfx_uinput_release+0x10/0x10
[  124.094584][ T6624]  uinput_release+0x34/0x50
[  124.099088][ T6624]  __fput+0x3ff/0xb70
[  124.103045][ T6624]  task_work_run+0x150/0x240
[  124.107621][ T6624]  ? __pfx_task_work_run+0x10/0x10
[  124.112714][ T6624]  ? __pfx___do_sys_close_range+0x10/0x10
[  124.118428][ T6624]  exit_to_user_mode_loop+0xeb/0x110
[  124.123755][ T6624]  do_syscall_64+0x3f6/0x4c0
[  124.128332][ T6624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.134199][ T6624] RIP: 0033:0x7f0cc578e9a9
[  124.138583][ T6624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.158162][ T6624] RSP: 002b:00007fff9a53b7a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  124.166562][ T6624] RAX: 0000000000000000 RBX: 00007f0cc59b7ba0 RCX: 00007f0cc578e9a9
[  124.174503][ T6624] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  124.182456][ T6624] RBP: 00007f0cc59b7ba0 R08: 0000000000000000 R09: 000000069a53ba9f
[  124.190397][ T6624] R10: 00007f0cc59b7ac0 R11: 0000000000000246 R12: 000000000001e36d
[  124.198340][ T6624] R13: 00007fff9a53b8a0 R14: ffffffffffffffff R15: 00007fff9a53b8c0
[  124.206287][ T6624]  </TASK>
[  124.209279][ T6624] Modules linked in:
[  124.213176][ T6624] CR2: fffffffffffffff8
[  124.217304][ T6624] ---[ end trace 0000000000000000 ]---
[  124.222731][ T6624] RIP: 0010:complete+0x9c/0x200
[  124.227561][ T6624] Code: c5 0f 84 fe 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 48 48 8d 7b f8 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 01 00 00 <48> 8b 7b f8 31 d2 be 03 00 00 00 4c 8d 6b 08 e8 80 c4 f6 ff 48 89
[  124.247163][ T6624] RSP: 0018:ffffc90003fffd58 EFLAGS: 00010046
[  124.253201][ T6624] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff819812fc
[  124.261143][ T6624] RDX: 1fffffffffffffff RSI: 0000000000000004 RDI: fffffffffffffff8
[  124.269097][ T6624] RBP: 0000000000000246 R08: 0000000000000001 R09: fffff520007fff99
[  124.277051][ T6624] R10: 0000000000000003 R11: ffffffff8b92e0cd R12: ffffc90003547c18
[  124.284999][ T6624] R13: ffffc90003547c58 R14: ffff88807bda3000 R15: ffffc90003547c00
[  124.292981][ T6624] FS:  000055557d382500(0000) GS:ffff8881246bd000(0000) knlGS:0000000000000000
[  124.301911][ T6624] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  124.308473][ T6624] CR2: fffffffffffffff8 CR3: 000000005d1fb000 CR4: 00000000003526f0
[  124.316420][ T6624] Kernel panic - not syncing: Fatal exception
[  124.322695][ T6624] Kernel Offset: disabled
[  124.327026][ T6624] Rebooting in 86400 seconds..