[ 86.086663][ T40] audit: type=1400 audit(1772608851.097:116): avc: denied { transition } for pid=6130 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.095213][ T40] audit: type=1400 audit(1772608851.097:117): avc: denied { noatsecure } for pid=6130 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.102096][ T40] audit: type=1400 audit(1772608851.107:118): avc: denied { rlimitinh } for pid=6130 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.108675][ T40] audit: type=1400 audit(1772608851.107:119): avc: denied { siginh } for pid=6130 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.992611][ T24] cfg80211: failed to load regulatory.db Warning: Permanently added '[localhost]:27056' (ED25519) to the list of known hosts. 2026/03/04 07:20:59 parsed 1 programs [ 94.456158][ T40] audit: type=1400 audit(1772608859.467:120): avc: denied { node_bind } for pid=6169 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 97.027306][ T40] audit: type=1400 audit(1772608862.037:121): avc: denied { read write } for pid=6180 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 97.038332][ T40] audit: type=1400 audit(1772608862.037:122): avc: denied { open } for pid=6180 comm="syz-executor" path="/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 97.083100][ T40] audit: type=1400 audit(1772608862.097:123): avc: denied { unlink } for pid=6180 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 97.418031][ T40] audit: type=1400 audit(1772608862.427:124): avc: denied { relabelto } for pid=6183 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 98.151080][ T6180] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 100.249503][ T6187] chnl_net:caif_netlink_parms(): no params data found [ 100.309561][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.312250][ T6187] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.314859][ T6187] bridge_slave_0: entered allmulticast mode [ 100.318391][ T6187] bridge_slave_0: entered promiscuous mode [ 100.323805][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.326269][ T6187] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.328740][ T6187] bridge_slave_1: entered allmulticast mode [ 100.331727][ T6187] bridge_slave_1: entered promiscuous mode [ 100.347952][ T6187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.352591][ T6187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.368820][ T6187] team0: Port device team_slave_0 added [ 100.372218][ T6187] team0: Port device team_slave_1 added [ 100.386016][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.388397][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.398166][ T6187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.402583][ T6187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.404899][ T6187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.414111][ T6187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.437485][ T6187] hsr_slave_0: entered promiscuous mode [ 100.440106][ T6187] hsr_slave_1: entered promiscuous mode [ 100.940215][ T6187] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.946883][ T6187] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.953116][ T6187] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.959593][ T6187] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.979307][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.982675][ T6187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.986153][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.989356][ T6187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.041141][ T6187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.056069][ T89] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.059402][ T89] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.066662][ T6187] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.075422][ T186] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.078280][ T186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.089849][ T186] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.092735][ T186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.159771][ T40] audit: type=1400 audit(1772608866.167:125): avc: denied { sys_module } for pid=6187 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 101.239739][ T6187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.269626][ T6187] veth0_vlan: entered promiscuous mode [ 101.275329][ T6187] veth1_vlan: entered promiscuous mode [ 101.305463][ T6187] veth0_macvtap: entered promiscuous mode [ 101.317958][ T6187] veth1_macvtap: entered promiscuous mode [ 101.332890][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.345830][ T6187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.355339][ T186] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.359877][ T186] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.364782][ T186] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.369947][ T186] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.486399][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.552490][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.623348][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.708345][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.749994][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.756302][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.759962][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.764864][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.769340][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.420045][ T40] audit: type=1401 audit(1772608867.427:126): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 103.504920][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.507567][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.533860][ T186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.536804][ T186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/03/04 07:21:08 executed programs: 0 [ 103.943142][ T5286] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.948066][ T5286] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.952393][ T5286] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.956235][ T5286] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.960098][ T5286] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.079166][ T6351] chnl_net:caif_netlink_parms(): no params data found [ 104.145072][ T6351] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.148485][ T6351] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.152117][ T6351] bridge_slave_0: entered allmulticast mode [ 104.156220][ T6351] bridge_slave_0: entered promiscuous mode [ 104.162602][ T6351] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.166163][ T6351] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.169080][ T6351] bridge_slave_1: entered allmulticast mode [ 104.173358][ T6351] bridge_slave_1: entered promiscuous mode [ 104.194756][ T6351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.201335][ T6351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.220184][ T6351] team0: Port device team_slave_0 added [ 104.223945][ T6351] team0: Port device team_slave_1 added [ 104.237955][ T6351] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.240670][ T6351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.249035][ T6351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.254357][ T6351] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.256831][ T6351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.265602][ T6351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.290921][ T6351] hsr_slave_0: entered promiscuous mode [ 104.293317][ T6351] hsr_slave_1: entered promiscuous mode [ 104.295573][ T6351] debugfs: 'hsr0' already exists in 'hsr' [ 104.297470][ T6351] Cannot create hsr debugfs directory [ 104.921035][ T60] bridge_slave_1: left allmulticast mode [ 104.923149][ T60] bridge_slave_1: left promiscuous mode [ 104.925199][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.929727][ T60] bridge_slave_0: left allmulticast mode [ 104.933114][ T60] bridge_slave_0: left promiscuous mode [ 104.935409][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.120359][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.127221][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.132828][ T60] bond0 (unregistering): Released all slaves [ 105.257465][ T60] hsr_slave_0: left promiscuous mode [ 105.260524][ T60] hsr_slave_1: left promiscuous mode [ 105.264303][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.267446][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.271971][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.275446][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.284004][ T60] veth1_macvtap: left promiscuous mode [ 105.286411][ T60] veth0_macvtap: left promiscuous mode [ 105.288295][ T60] veth1_vlan: left promiscuous mode [ 105.290643][ T60] veth0_vlan: left promiscuous mode [ 105.436222][ T60] team0 (unregistering): Port device team_slave_1 removed [ 105.448513][ T60] team0 (unregistering): Port device team_slave_0 removed [ 106.026202][ T6351] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.030958][ T6351] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.031080][ T63] Bluetooth: hci0: command tx timeout [ 106.038886][ T6351] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.049437][ T6351] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.092806][ T6351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.102886][ T6351] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.108354][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.111722][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.122120][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.125310][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.516418][ T6351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.541308][ T6351] veth0_vlan: entered promiscuous mode [ 106.546129][ T6351] veth1_vlan: entered promiscuous mode [ 106.559727][ T6351] veth0_macvtap: entered promiscuous mode [ 106.564423][ T6351] veth1_macvtap: entered promiscuous mode [ 106.572433][ T6351] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.578650][ T6351] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.586249][ T89] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.589646][ T89] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.594103][ T89] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.597668][ T89] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.657546][ T1252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.660357][ T1252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.675887][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.678934][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.718383][ T40] audit: type=1400 audit(1772608871.727:127): avc: denied { read write } for pid=6395 comm="syz.0.17" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 106.722621][ T6396] input: syz1 as /devices/virtual/input/input5 [ 106.726273][ T40] audit: type=1400 audit(1772608871.727:128): avc: denied { open } for pid=6395 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 106.738538][ T40] audit: type=1400 audit(1772608871.727:129): avc: denied { ioctl } for pid=6395 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 106.739542][ T6396] [ 106.746789][ T40] audit: type=1400 audit(1772608871.747:130): avc: denied { read } for pid=6395 comm="syz.0.17" name="event4" dev="devtmpfs" ino=2845 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 106.747327][ T6396] ====================================================== [ 106.755374][ T40] audit: type=1400 audit(1772608871.747:131): avc: denied { open } for pid=6395 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2845 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 106.757547][ T6396] WARNING: possible circular locking dependency detected [ 106.765286][ T40] audit: type=1400 audit(1772608871.747:132): avc: denied { ioctl } for pid=6395 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2845 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 106.767644][ T6396] syzkaller #0 Not tainted [ 106.777217][ T6396] ------------------------------------------------------ [ 106.779702][ T6396] syz.0.17/6396 is trying to acquire lock: [ 106.781735][ T6396] ffff88803272e870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 106.785198][ T6396] [ 106.785198][ T6396] but task is already holding lock: [ 106.787929][ T6396] ffff8880280ba8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1d7/0xc60 [ 106.791751][ T6396] [ 106.791751][ T6396] which lock already depends on the new lock. [ 106.791751][ T6396] [ 106.795182][ T6396] [ 106.795182][ T6396] the existing dependency chain (in reverse order) is: [ 106.798298][ T6396] [ 106.798298][ T6396] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 106.800766][ T6396] __mutex_lock+0x1a2/0x1b90 [ 106.802613][ T6396] input_ff_flush+0x63/0x1b0 [ 106.804315][ T6396] uinput_dev_flush+0x2a/0x40 [ 106.806122][ T6396] input_flush_device+0xc9/0x140 [ 106.808143][ T6396] evdev_release+0x344/0x420 [ 106.809949][ T6396] __fput+0x3ff/0xb40 [ 106.811493][ T6396] fput_close_sync+0x118/0x250 [ 106.813296][ T6396] __x64_sys_close+0x8b/0x120 [ 106.815228][ T6396] do_syscall_64+0x106/0xf80 [ 106.817057][ T6396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.819348][ T6396] [ 106.819348][ T6396] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 106.821976][ T6396] __mutex_lock+0x1a2/0x1b90 [ 106.823774][ T6396] input_register_handle+0xca/0x630 [ 106.825785][ T6396] kbd_connect+0xce/0x180 [ 106.827613][ T6396] input_attach_handler.isra.0+0x177/0x1e0 [ 106.829744][ T6396] input_register_device.cold+0x139/0x375 [ 106.831847][ T6396] acpi_button_probe+0x5d3/0xbc0 [ 106.833649][ T6396] platform_probe+0x106/0x1d0 [ 106.835371][ T6396] really_probe+0x241/0xa60 [ 106.837063][ T6396] __driver_probe_device+0x1de/0x400 [ 106.839168][ T6396] driver_probe_device+0x4c/0x1b0 [ 106.841119][ T6396] __driver_attach+0x2f4/0x6a0 [ 106.842984][ T6396] bus_for_each_dev+0x13e/0x1d0 [ 106.844816][ T6396] bus_add_driver+0x305/0x5b0 [ 106.846565][ T6396] driver_register+0x1e2/0x360 [ 106.848516][ T6396] acpi_button_init+0xe4/0x100 [ 106.850385][ T6396] do_one_initcall+0x11d/0x760 [ 106.852205][ T6396] kernel_init_freeable+0x6e5/0x7a0 [ 106.854092][ T6396] kernel_init+0x1f/0x1e0 [ 106.855705][ T6396] ret_from_fork+0x754/0xd80 [ 106.857438][ T6396] ret_from_fork_asm+0x1a/0x30 [ 106.859354][ T6396] [ 106.859354][ T6396] -> #1 (input_mutex){+.+.}-{4:4}: [ 106.861800][ T6396] __mutex_lock+0x1a2/0x1b90 [ 106.863620][ T6396] input_register_device.cold+0x5b/0x375 [ 106.865794][ T6396] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 106.867975][ T6396] __x64_sys_ioctl+0x18e/0x210 [ 106.869725][ T6396] do_syscall_64+0x106/0xf80 [ 106.871689][ T6396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.873768][ T6396] [ 106.873768][ T6396] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 106.876329][ T6396] __lock_acquire+0x14b8/0x2630 [ 106.878138][ T6396] lock_acquire+0x1cf/0x380 [ 106.879781][ T6396] __mutex_lock+0x1a2/0x1b90 [ 106.881389][ T6396] uinput_request_submit.part.0+0x25/0x2e0 [ 106.884072][ T6396] uinput_dev_upload_effect+0x174/0x1f0 [ 106.887024][ T6396] input_ff_upload+0x578/0xc60 [ 106.889568][ T6396] evdev_do_ioctl+0x1228/0x1b60 [ 106.891973][ T6396] evdev_ioctl+0x16f/0x1a0 [ 106.894171][ T6396] __x64_sys_ioctl+0x18e/0x210 [ 106.896371][ T6396] do_syscall_64+0x106/0xf80 [ 106.898528][ T6396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.901182][ T6396] [ 106.901182][ T6396] other info that might help us debug this: [ 106.901182][ T6396] [ 106.905477][ T6396] Chain exists of: [ 106.905477][ T6396] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 106.905477][ T6396] [ 106.910525][ T6396] Possible unsafe locking scenario: [ 106.910525][ T6396] [ 106.913572][ T6396] CPU0 CPU1 [ 106.915900][ T6396] ---- ---- [ 106.918383][ T6396] lock(&ff->mutex); [ 106.920222][ T6396] lock(&dev->mutex#2); [ 106.923129][ T6396] lock(&ff->mutex); [ 106.925839][ T6396] lock(&newdev->mutex); [ 106.927656][ T6396] [ 106.927656][ T6396] *** DEADLOCK *** [ 106.927656][ T6396] [ 106.931032][ T6396] 2 locks held by syz.0.17/6396: [ 106.933245][ T6396] #0: ffff88802c98e118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 106.937487][ T6396] #1: ffff8880280ba8b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1d7/0xc60 [ 106.941542][ T6396] [ 106.941542][ T6396] stack backtrace: [ 106.944259][ T6396] CPU: 2 UID: 0 PID: 6396 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 106.944279][ T6396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 106.944285][ T6396] Call Trace: [ 106.944290][ T6396] [ 106.944296][ T6396] dump_stack_lvl+0x100/0x190 [ 106.944318][ T6396] print_circular_bug.cold+0x178/0x1c7 [ 106.944334][ T6396] check_noncircular+0x146/0x160 [ 106.944351][ T6396] __lock_acquire+0x14b8/0x2630 [ 106.944369][ T6396] lock_acquire+0x1cf/0x380 [ 106.944385][ T6396] ? uinput_request_submit.part.0+0x25/0x2e0 [ 106.944400][ T6396] ? __pfx___might_resched+0x10/0x10 [ 106.944413][ T6396] __mutex_lock+0x1a2/0x1b90 [ 106.944424][ T6396] ? uinput_request_submit.part.0+0x25/0x2e0 [ 106.944439][ T6396] ? uinput_request_submit.part.0+0x25/0x2e0 [ 106.944452][ T6396] ? find_held_lock+0x2b/0x80 [ 106.944464][ T6396] ? uinput_request_reserve_slot+0x3ca/0x4d0 [ 106.944479][ T6396] ? __pfx___mutex_lock+0x10/0x10 [ 106.944489][ T6396] ? do_raw_spin_unlock+0x145/0x1e0 [ 106.944500][ T6396] ? _raw_spin_unlock+0x28/0x50 [ 106.944516][ T6396] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 106.944530][ T6396] ? trace_contention_end+0x140/0x180 [ 106.944541][ T6396] ? uinput_request_submit.part.0+0x25/0x2e0 [ 106.944554][ T6396] uinput_request_submit.part.0+0x25/0x2e0 [ 106.944569][ T6396] uinput_dev_upload_effect+0x174/0x1f0 [ 106.944583][ T6396] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 106.944601][ T6396] input_ff_upload+0x578/0xc60 [ 106.944615][ T6396] evdev_do_ioctl+0x1228/0x1b60 [ 106.944627][ T6396] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 106.944638][ T6396] ? __pfx___mutex_lock+0x10/0x10 [ 106.944652][ T6396] evdev_ioctl+0x16f/0x1a0 [ 106.944662][ T6396] ? __pfx_evdev_ioctl+0x10/0x10 [ 106.944673][ T6396] __x64_sys_ioctl+0x18e/0x210 [ 106.944688][ T6396] do_syscall_64+0x106/0xf80 [ 106.944699][ T6396] ? clear_bhb_loop+0x40/0x90 [ 106.944710][ T6396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.944721][ T6396] RIP: 0033:0x7fafaa19aeb9 [ 106.944729][ T6396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 106.944739][ T6396] RSP: 002b:00007fafab100028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 106.944750][ T6396] RAX: ffffffffffffffda RBX: 00007fafaa415fa0 RCX: 00007fafaa19aeb9 [ 106.944756][ T6396] RDX: 0000200000000500 RSI: 0000000040304580 RDI: 0000000000000004 [ 106.944762][ T6396] RBP: 00007fafaa208c1f R08: 0000000000000000 R09: 0000000000000000 [ 106.944767][ T6396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 106.944773][ T6396] R13: 00007fafaa416038 R14: 00007fafaa415fa0 R15: 00007fffb3f91f78 [ 106.944781][ T6396] [ 107.568715][ T6398] input: syz1 as /devices/virtual/input/input6 [ 108.120507][ T63] Bluetooth: hci0: command tx timeout [ 108.416182][ T6400] input: syz1 as /devices/virtual/input/input7 [ 109.266798][ T6402] input: syz1 as /devices/virtual/input/input8 2026/03/04 07:21:14 executed programs: 5 [ 110.116919][ T6404] input: syz1 as /devices/virtual/input/input9 [ 110.190558][ T63] Bluetooth: hci0: command tx timeout [ 110.967422][ T6406] input: syz1 as /devices/virtual/input/input10 [ 111.813079][ T6408] input: syz1 as /devices/virtual/input/input11 [ 112.270499][ T63] Bluetooth: hci0: command tx timeout [ 112.659798][ T6410] input: syz1 as /devices/virtual/input/input12 [ 113.507813][ T6412] input: syz1 as /devices/virtual/input/input13 [ 114.357734][ T6414] input: syz1 as /devices/virtual/input/input14 2026/03/04 07:21:19 executed programs: 11 [ 115.190143][ T6185] udevd[6185]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 115.206302][ T6416] input: syz1 as /devices/virtual/input/input15 [ 116.057245][ T6418] input: syz1 as /devices/virtual/input/input16