[ 71.260236][ T1427] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.262906][ T1427] ieee802154 phy1 wpan1: encryption failed: -22 Warning: Permanently added '[localhost]:18422' (ED25519) to the list of known hosts. 2025/06/04 14:27:24 ignoring optional flag "sandboxArg"="0" 2025/06/04 14:27:24 parsed 1 programs [ 78.757540][ T40] audit: type=1400 audit(1749047246.869:119): avc: denied { unlink } for pid=6238 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 79.911191][ T6238] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.497113][ T1025] cfg80211: failed to load regulatory.db [ 81.955551][ T5301] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.960059][ T5301] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.965097][ T5301] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.968036][ T5301] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.970904][ T5301] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.339849][ T40] audit: type=1401 audit(1749047250.449:120): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 82.560214][ T1236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.562867][ T1236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.727245][ T6378] chnl_net:caif_netlink_parms(): no params data found [ 82.812848][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.816517][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.942561][ T6378] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.944914][ T6378] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.954586][ T6378] bridge_slave_0: entered allmulticast mode [ 82.957834][ T6378] bridge_slave_0: entered promiscuous mode [ 82.962270][ T6378] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.964504][ T6378] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.967339][ T6378] bridge_slave_1: entered allmulticast mode [ 82.970647][ T6378] bridge_slave_1: entered promiscuous mode [ 83.072810][ T6378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.099066][ T6378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.183833][ T6378] team0: Port device team_slave_0 added [ 83.209386][ T6378] team0: Port device team_slave_1 added [ 83.287916][ T6378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.290774][ T6378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.301247][ T6378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.307260][ T6378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.309516][ T6378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.319133][ T6378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.427974][ T6378] hsr_slave_0: entered promiscuous mode [ 83.430413][ T6378] hsr_slave_1: entered promiscuous mode [ 83.814653][ T6378] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.821068][ T6378] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.828999][ T6378] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.846164][ T6378] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.892205][ T6378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.904736][ T6378] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.934356][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.937083][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.943387][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.945931][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.074916][ T6378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.107700][ T6378] veth0_vlan: entered promiscuous mode [ 84.112622][ T6378] veth1_vlan: entered promiscuous mode [ 84.130045][ T6378] veth0_macvtap: entered promiscuous mode [ 84.134206][ T6378] veth1_macvtap: entered promiscuous mode [ 84.149629][ T6378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.158995][ T6378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.165442][ T6378] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.168332][ T6378] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.171025][ T6378] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.173869][ T6378] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/06/04 14:27:32 executed programs: 0 [ 84.288184][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.290990][ T63] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.296749][ T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.300182][ T6440] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.300815][ T6441] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.301256][ T63] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.304133][ T6440] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.305713][ T6441] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.307163][ T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.307352][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.308227][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.308499][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.311172][ T6441] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.311967][ T6440] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.312643][ T6440] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.319609][ T6440] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.329148][ T5959] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.333300][ T6440] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.340846][ T6440] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.342810][ T1143] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.343644][ T5959] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.605204][ T6430] chnl_net:caif_netlink_parms(): no params data found [ 84.635748][ T6431] chnl_net:caif_netlink_parms(): no params data found [ 84.717838][ T6429] chnl_net:caif_netlink_parms(): no params data found [ 84.780779][ T6430] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.783099][ T6430] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.786635][ T6430] bridge_slave_0: entered allmulticast mode [ 84.789266][ T6430] bridge_slave_0: entered promiscuous mode [ 84.795941][ T6430] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.798146][ T6430] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.800375][ T6430] bridge_slave_1: entered allmulticast mode [ 84.802918][ T6430] bridge_slave_1: entered promiscuous mode [ 84.882709][ T6432] chnl_net:caif_netlink_parms(): no params data found [ 84.896675][ T6431] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.899765][ T6431] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.902822][ T6431] bridge_slave_0: entered allmulticast mode [ 84.907167][ T6431] bridge_slave_0: entered promiscuous mode [ 84.976467][ T6431] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.979421][ T6431] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.982461][ T6431] bridge_slave_1: entered allmulticast mode [ 84.986841][ T6431] bridge_slave_1: entered promiscuous mode [ 85.013257][ T6430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.021161][ T6430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.096115][ T6429] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.098453][ T6429] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.104044][ T6429] bridge_slave_0: entered allmulticast mode [ 85.108038][ T6429] bridge_slave_0: entered promiscuous mode [ 85.111592][ T6429] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.113947][ T6429] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.117074][ T6429] bridge_slave_1: entered allmulticast mode [ 85.120349][ T6429] bridge_slave_1: entered promiscuous mode [ 85.179732][ T6431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.187804][ T6431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.220329][ T6430] team0: Port device team_slave_0 added [ 85.226029][ T6430] team0: Port device team_slave_1 added [ 85.290683][ T6429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.339905][ T6432] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.342311][ T6432] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.344590][ T6432] bridge_slave_0: entered allmulticast mode [ 85.347829][ T6432] bridge_slave_0: entered promiscuous mode [ 85.351268][ T6432] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.353501][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.356289][ T6432] bridge_slave_1: entered allmulticast mode [ 85.360224][ T6432] bridge_slave_1: entered promiscuous mode [ 85.384633][ T6429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.389114][ T6430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.392080][ T6430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.402891][ T6430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.441860][ T6431] team0: Port device team_slave_0 added [ 85.462557][ T6430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.465737][ T6430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.476489][ T6430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.490094][ T6432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.494132][ T6431] team0: Port device team_slave_1 added [ 85.514654][ T6429] team0: Port device team_slave_0 added [ 85.518815][ T6432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.555773][ T6431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.558392][ T6431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.567580][ T6431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.573816][ T6429] team0: Port device team_slave_1 added [ 85.633707][ T6432] team0: Port device team_slave_0 added [ 85.651023][ T6431] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.653288][ T6431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.661586][ T6431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.708960][ T6432] team0: Port device team_slave_1 added [ 85.730995][ T6430] hsr_slave_0: entered promiscuous mode [ 85.733305][ T6430] hsr_slave_1: entered promiscuous mode [ 85.735758][ T6430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.738223][ T6430] Cannot create hsr debugfs directory [ 85.741205][ T6429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.743479][ T6429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.751951][ T6429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.802855][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.805687][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.814226][ T6432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.821753][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.824649][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.834004][ T6432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.838836][ T6429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.841629][ T6429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.851802][ T6429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.942130][ T6431] hsr_slave_0: entered promiscuous mode [ 85.945302][ T6431] hsr_slave_1: entered promiscuous mode [ 85.947997][ T6431] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.951122][ T6431] Cannot create hsr debugfs directory [ 86.105924][ T6429] hsr_slave_0: entered promiscuous mode [ 86.108159][ T6429] hsr_slave_1: entered promiscuous mode [ 86.110182][ T6429] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.112531][ T6429] Cannot create hsr debugfs directory [ 86.116887][ T6432] hsr_slave_0: entered promiscuous mode [ 86.119146][ T6432] hsr_slave_1: entered promiscuous mode [ 86.121258][ T6432] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.123811][ T6432] Cannot create hsr debugfs directory [ 86.376726][ T6434] Bluetooth: hci2: command tx timeout [ 86.376838][ T6439] Bluetooth: hci3: command tx timeout [ 86.378660][ T6434] Bluetooth: hci1: command tx timeout [ 86.380027][ T5959] Bluetooth: hci0: command tx timeout [ 86.451899][ T1143] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.516518][ T6430] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.521362][ T6430] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.525800][ T6430] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.580366][ T6430] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.626804][ T6430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.640913][ T6430] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.647830][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.650849][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.660960][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.663985][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.882979][ T6430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.916959][ T6430] veth0_vlan: entered promiscuous mode [ 86.963547][ T6430] veth1_vlan: entered promiscuous mode [ 86.982408][ T6430] veth0_macvtap: entered promiscuous mode [ 86.988084][ T6430] veth1_macvtap: entered promiscuous mode [ 86.998228][ T6430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.009506][ T6430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.014856][ T6430] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.017953][ T6430] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.020659][ T6430] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.023404][ T6430] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.071801][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.078108][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.144931][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.149221][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.160597][ T1143] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.210099][ T40] audit: type=1400 audit(1749047255.319:121): avc: denied { read } for pid=6494 comm="syz.1.17" name="uinput" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 87.214350][ T6495] input: syz1 as /devices/virtual/input/input5 [ 87.222646][ T40] audit: type=1400 audit(1749047255.319:122): avc: denied { open } for pid=6494 comm="syz.1.17" path="/dev/uinput" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 87.231557][ T40] audit: type=1400 audit(1749047255.319:123): avc: denied { ioctl } for pid=6494 comm="syz.1.17" path="/dev/uinput" dev="devtmpfs" ino=944 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 87.236988][ T6495] [ 87.241878][ T6495] ====================================================== [ 87.242007][ T40] audit: type=1400 audit(1749047255.339:124): avc: denied { read } for pid=5335 comm="acpid" name="event4" dev="devtmpfs" ino=2833 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 87.244423][ T6495] WARNING: possible circular locking dependency detected [ 87.244433][ T6495] 6.15.0-syzkaller-g5abc7438f1e9 #0 Not tainted [ 87.251485][ T40] audit: type=1400 audit(1749047255.339:125): avc: denied { open } for pid=5335 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2833 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 87.253668][ T6495] ------------------------------------------------------ [ 87.253677][ T6495] syz.1.17/6495 is trying to acquire lock: [ 87.256414][ T40] audit: type=1400 audit(1749047255.339:126): avc: denied { ioctl } for pid=5335 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2833 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 87.265991][ T6495] ffff88802cc92870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 87.266035][ T6495] [ 87.266035][ T6495] but task is already holding lock: [ 87.266039][ T6495] ffff88802cc930b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc10 [ 87.268625][ T40] audit: type=1400 audit(1749047255.339:127): avc: denied { read } for pid=6494 comm="syz.1.17" name="event4" dev="devtmpfs" ino=2833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 87.270665][ T6495] [ 87.270665][ T6495] which lock already depends on the new lock. [ 87.270665][ T6495] [ 87.270674][ T6495] [ 87.270674][ T6495] the existing dependency chain (in reverse order) is: [ 87.270679][ T6495] [ 87.270679][ T6495] -> #3 ( [ 87.279597][ T40] audit: type=1400 audit(1749047255.339:128): avc: denied { open } for pid=6494 comm="syz.1.17" path="/dev/input/event4" dev="devtmpfs" ino=2833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 87.282999][ T6495] &ff->mutex){+.+.}-{4:4} [ 87.285690][ T40] audit: type=1400 audit(1749047255.349:129): avc: denied { ioctl } for pid=6494 comm="syz.1.17" path="/dev/input/event4" dev="devtmpfs" ino=2833 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 87.288714][ T6495] : [ 87.288722][ T6495] __mutex_lock+0x199/0xb90 [ 87.326217][ T6495] input_ff_flush+0x63/0x180 [ 87.328258][ T6495] uinput_dev_flush+0x2a/0x40 [ 87.330230][ T6495] input_flush_device+0xa4/0x110 [ 87.332215][ T6495] evdev_release+0x344/0x420 [ 87.334045][ T6495] __fput+0x402/0xb70 [ 87.335702][ T6495] fput_close_sync+0x118/0x260 [ 87.337632][ T6495] __x64_sys_close+0x8b/0x120 [ 87.339460][ T6495] do_syscall_64+0xcd/0x4c0 [ 87.341257][ T6495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.343491][ T6495] [ 87.343491][ T6495] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 87.346088][ T6495] __mutex_lock+0x199/0xb90 [ 87.347903][ T6495] input_register_handle+0xdc/0x620 [ 87.349912][ T6495] kbd_connect+0xca/0x160 [ 87.351646][ T6495] input_attach_handler.isra.0+0x181/0x260 [ 87.353848][ T6495] input_register_device+0xa84/0x1130 [ 87.355998][ T6495] acpi_button_add+0x582/0xb70 [ 87.357886][ T6495] acpi_device_probe+0xc9/0x330 [ 87.359755][ T6495] really_probe+0x23e/0xa90 [ 87.361524][ T6495] __driver_probe_device+0x1de/0x440 [ 87.363668][ T6495] driver_probe_device+0x4c/0x1b0 [ 87.365681][ T6495] __driver_attach+0x283/0x580 [ 87.367517][ T6495] bus_for_each_dev+0x13b/0x1d0 [ 87.369394][ T6495] bus_add_driver+0x2e9/0x690 [ 87.371176][ T6495] driver_register+0x15c/0x4b0 [ 87.373034][ T6495] __acpi_bus_register_driver+0xdf/0x130 [ 87.375214][ T6495] acpi_button_driver_init+0x82/0x110 [ 87.377341][ T6495] do_one_initcall+0x120/0x6e0 [ 87.379220][ T6495] kernel_init_freeable+0x5c2/0x900 [ 87.381225][ T6495] kernel_init+0x1c/0x2b0 [ 87.382955][ T6495] ret_from_fork+0x5d4/0x6f0 [ 87.384778][ T6495] ret_from_fork_asm+0x1a/0x30 [ 87.386654][ T6495] [ 87.386654][ T6495] -> #1 (input_mutex){+.+.}-{4:4}: [ 87.389214][ T6495] __mutex_lock+0x199/0xb90 [ 87.391019][ T6495] input_register_device+0x98a/0x1130 [ 87.393134][ T6495] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 87.395455][ T6495] __x64_sys_ioctl+0x18b/0x210 [ 87.397419][ T6495] do_syscall_64+0xcd/0x4c0 [ 87.399256][ T6495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.401695][ T6495] [ 87.401695][ T6495] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 87.404485][ T6495] __lock_acquire+0x126f/0x1c90 [ 87.406465][ T6495] lock_acquire+0x179/0x350 [ 87.408268][ T6495] __mutex_lock+0x199/0xb90 [ 87.410042][ T6495] uinput_request_submit.part.0+0x25/0x2e0 [ 87.412247][ T6495] uinput_dev_upload_effect+0x174/0x1f0 [ 87.414355][ T6495] input_ff_upload+0x56b/0xc10 [ 87.416157][ T6495] evdev_do_ioctl+0xf40/0x1b30 [ 87.417971][ T6495] evdev_ioctl+0x16f/0x1a0 [ 87.419739][ T6495] __x64_sys_ioctl+0x18b/0x210 [ 87.421593][ T6495] do_syscall_64+0xcd/0x4c0 [ 87.423401][ T6495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.425703][ T6495] [ 87.425703][ T6495] other info that might help us debug this: [ 87.425703][ T6495] [ 87.429488][ T6495] Chain exists of: [ 87.429488][ T6495] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 87.429488][ T6495] [ 87.434067][ T6495] Possible unsafe locking scenario: [ 87.434067][ T6495] [ 87.436725][ T6495] CPU0 CPU1 [ 87.438710][ T6495] ---- ---- [ 87.440679][ T6495] lock(&ff->mutex); [ 87.442113][ T6495] lock(&dev->mutex#2); [ 87.444517][ T6495] lock(&ff->mutex); [ 87.446863][ T6495] lock(&newdev->mutex); [ 87.448529][ T6495] [ 87.448529][ T6495] *** DEADLOCK *** [ 87.448529][ T6495] [ 87.451604][ T6495] 2 locks held by syz.1.17/6495: [ 87.453422][ T6495] #0: ffff888055968118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 87.456685][ T6495] #1: ffff88802cc930b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc10 [ 87.460080][ T6495] [ 87.460080][ T6495] stack backtrace: [ 87.462145][ T6495] CPU: 0 UID: 0 PID: 6495 Comm: syz.1.17 Not tainted 6.15.0-syzkaller-g5abc7438f1e9 #0 PREEMPT(full) [ 87.462162][ T6495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.462170][ T6495] Call Trace: [ 87.462176][ T6495] [ 87.462181][ T6495] dump_stack_lvl+0x116/0x1f0 [ 87.462205][ T6495] print_circular_bug+0x275/0x350 [ 87.462225][ T6495] check_noncircular+0x14c/0x170 [ 87.462245][ T6495] __lock_acquire+0x126f/0x1c90 [ 87.462266][ T6495] lock_acquire+0x179/0x350 [ 87.462284][ T6495] ? uinput_request_submit.part.0+0x25/0x2e0 [ 87.462298][ T6495] ? __pfx___might_resched+0x10/0x10 [ 87.462316][ T6495] __mutex_lock+0x199/0xb90 [ 87.462328][ T6495] ? uinput_request_submit.part.0+0x25/0x2e0 [ 87.462340][ T6495] ? uinput_request_reserve_slot+0x3ca/0x4d0 [ 87.462352][ T6495] ? uinput_request_submit.part.0+0x25/0x2e0 [ 87.462365][ T6495] ? __pfx___mutex_lock+0x10/0x10 [ 87.462376][ T6495] ? _raw_spin_unlock+0x28/0x50 [ 87.462392][ T6495] ? __mutex_trylock_common+0xe9/0x250 [ 87.462412][ T6495] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 87.462426][ T6495] ? __pfx___might_resched+0x10/0x10 [ 87.462442][ T6495] ? uinput_request_submit.part.0+0x25/0x2e0 [ 87.462454][ T6495] uinput_request_submit.part.0+0x25/0x2e0 [ 87.462468][ T6495] uinput_dev_upload_effect+0x174/0x1f0 [ 87.462480][ T6495] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 87.462496][ T6495] ? __might_fault+0x13b/0x190 [ 87.462514][ T6495] input_ff_upload+0x56b/0xc10 [ 87.462528][ T6495] evdev_do_ioctl+0xf40/0x1b30 [ 87.462546][ T6495] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 87.462569][ T6495] evdev_ioctl+0x16f/0x1a0 [ 87.462585][ T6495] ? __pfx_evdev_ioctl+0x10/0x10 [ 87.462602][ T6495] __x64_sys_ioctl+0x18b/0x210 [ 87.462617][ T6495] do_syscall_64+0xcd/0x4c0 [ 87.462630][ T6495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.462643][ T6495] RIP: 0033:0x7fb732585d29 [ 87.462654][ T6495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.462666][ T6495] RSP: 002b:00007fb7333a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.462679][ T6495] RAX: ffffffffffffffda RBX: 00007fb732775fa0 RCX: 00007fb732585d29 [ 87.462687][ T6495] RDX: 0000000020000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 87.462695][ T6495] RBP: 00007fb732601b08 R08: 0000000000000000 R09: 0000000000000000 [ 87.462703][ T6495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.462716][ T6495] R13: 0000000000000000 R14: 00007fb732775fa0 R15: 00007ffdb09e6308 [ 87.462728][ T6495] [ 87.935864][ T6431] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.940695][ T6431] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.945584][ T6431] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.950186][ T6431] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.996532][ T6431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.007145][ T6431] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.015630][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.017909][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.021245][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.024137][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.058220][ T6527] input: syz1 as /devices/virtual/input/input6 [ 88.132583][ T6431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.152498][ T6431] veth0_vlan: entered promiscuous mode [ 88.156615][ T6431] veth1_vlan: entered promiscuous mode [ 88.166410][ T6431] veth0_macvtap: entered promiscuous mode [ 88.170438][ T6431] veth1_macvtap: entered promiscuous mode [ 88.179539][ T6431] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.185467][ T6431] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.189831][ T6431] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.192733][ T6431] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.197592][ T6431] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.201169][ T6431] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.221180][ T6431] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [ 88.240421][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.242084][ T6431] ieee80211 phy12: Selected rate control algorithm 'minstrel_ht' [ 88.243658][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.260403][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.263772][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.290402][ T6546] input: syz1 as /devices/virtual/input/input7 [ 88.327086][ T1143] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.431321][ T1143] bridge_slave_1: left allmulticast mode [ 88.433361][ T1143] bridge_slave_1: left promiscuous mode [ 88.435377][ T1143] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.438210][ T1143] bridge_slave_0: left allmulticast mode [ 88.440026][ T1143] bridge_slave_0: left promiscuous mode [ 88.441852][ T1143] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.455204][ T6439] Bluetooth: hci0: command tx timeout [ 88.455225][ T6440] Bluetooth: hci2: command tx timeout [ 88.457501][ T6439] Bluetooth: hci1: command tx timeout [ 88.462227][ T6434] Bluetooth: hci3: command tx timeout [ 88.540265][ T1143] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 88.544450][ T1143] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 88.548086][ T1143] bond0 (unregistering): Released all slaves [ 88.647823][ T1143] hsr_slave_0: left promiscuous mode [ 88.649877][ T1143] hsr_slave_1: left promiscuous mode [ 88.651809][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.654153][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.657128][ T1143] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.659482][ T1143] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.663573][ T1143] veth1_macvtap: left promiscuous mode [ 88.665587][ T1143] veth0_macvtap: left promiscuous mode [ 88.667381][ T1143] veth1_vlan: left promiscuous mode [ 88.669049][ T1143] veth0_vlan: left promiscuous mode [ 88.829797][ T1143] team0 (unregistering): Port device team_slave_1 removed [ 88.854054][ T1143] team0 (unregistering): Port device team_slave_0 removed [ 88.906614][ T6572] input: syz1 as /devices/virtual/input/input8 [ 88.922581][ T6574] input: syz1 as /devices/virtual/input/input9 [ 89.285219][ T6429] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.292891][ T6429] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.299853][ T6429] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.306164][ T6429] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.323666][ T6432] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.330232][ T6432] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.333970][ T6432] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.339285][ T6432] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.381538][ T6429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.389149][ T6432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.396345][ T6429] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.401700][ T6432] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.406018][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.408250][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.413450][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.415789][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.419979][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.423107][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.433872][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.436201][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.529979][ T6432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.564897][ T6429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.591054][ T6432] veth0_vlan: entered promiscuous mode [ 89.594270][ T6429] veth0_vlan: entered promiscuous mode [ 89.599125][ T6429] veth1_vlan: entered promiscuous mode [ 89.601357][ T6432] veth1_vlan: entered promiscuous mode [ 89.614225][ T6429] veth0_macvtap: entered promiscuous mode [ 89.619693][ T6429] veth1_macvtap: entered promiscuous mode [ 89.623594][ T6432] veth0_macvtap: entered promiscuous mode [ 89.632402][ T6432] veth1_macvtap: entered promiscuous mode [ 89.644552][ T6429] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.652180][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.658073][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.663967][ T6429] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.667801][ T6429] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.671316][ T6429] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.674805][ T6429] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.678678][ T6429] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.689114][ T6432] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.692684][ T6432] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.697074][ T6432] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.700428][ T6432] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.722677][ T6432] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 89.741235][ T6429] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 89.755755][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.756083][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.759046][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.766640][ T6429] ieee80211 phy15: Selected rate control algorithm 'minstrel_ht' [ 89.772880][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.774239][ T6627] input: syz1 as /devices/virtual/input/input10 [ 89.774302][ T6630] input: syz1 as /devices/virtual/input/input11 [ 89.780714][ T6432] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht' [ 89.789903][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/06/04 14:27:37 executed programs: 13 [ 89.797355][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.802137][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.807230][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.820113][ T6634] input: syz1 as /devices/virtual/input/input12 [ 89.831572][ T6637] input: syz1 as /devices/virtual/input/input13 [ 90.545178][ T6434] Bluetooth: hci3: command tx timeout [ 90.545215][ T6439] Bluetooth: hci1: command tx timeout [ 90.547292][ T5959] Bluetooth: hci0: command tx timeout [ 90.549153][ T6440] Bluetooth: hci2: command tx timeout [ 90.620139][ T6691] input: syz1 as /devices/virtual/input/input14 [ 90.630359][ T6693] input: syz1 as /devices/virtual/input/input15 [ 90.644651][ T6697] input: syz1 as /devices/virtual/input/input16 [ 90.647450][ T6699] input: syz1 as /devices/virtual/input/input17 [ 91.474818][ T6754] input: syz1 as /devices/virtual/input/input18 [ 91.485680][ T6757] input: syz1 as /devices/virtual/input/input19 [ 91.494197][ T6761] input: syz1 as /devices/virtual/input/input20 [ 91.518103][ T6762] input: syz1 as /devices/virtual/input/input21 [ 92.314481][ T6783] input: syz1 as /devices/virtual/input/input22 [ 92.326233][ T6785] input: syz1 as /devices/virtual/input/input23 [ 92.335961][ T6787] input: syz1 as /devices/virtual/input/input24 [ 92.352114][ T6789] input: syz1 as /devices/virtual/input/input25 [ 92.615099][ T6440] Bluetooth: hci2: command tx timeout [ 92.615462][ T5959] Bluetooth: hci3: command tx timeout [ 92.615684][ T6434] Bluetooth: hci0: command tx timeout [ 92.615703][ T6434] Bluetooth: hci1: command tx timeout [ 93.156950][ T6794] input: syz1 as /devices/virtual/input/input26 [ 93.170990][ T6798] input: syz1 as /devices/virtual/input/input27 [ 93.171060][ T6800] input: syz1 as /devices/virtual/input/input28 [ 93.171142][ T6799] input: syz1 as /devices/virtual/input/input29 [ 94.009341][ T6808] input: syz1 as /devices/virtual/input/input30 [ 94.010184][ T6810] input: syz1 as /devices/virtual/input/input31 [ 94.012392][ T6812] input: syz1 as /devices/virtual/input/input32 [ 94.022056][ T6811] input: syz1 as /devices/virtual/input/input33 [ 94.853665][ T6822] input: syz1 as /devices/virtual/input/input35 [ 94.853676][ T6821] input: syz1 as /devices/virtual/input/input34 [ 94.858429][ T6824] input: syz1 as /devices/virtual/input/input36 [ 94.860814][ T6826] input: syz1 as /devices/virtual/input/input37 2025/06/04 14:27:43 executed programs: 37 [ 95.700984][ T6831] input: syz1 as /devices/virtual/input/input38 [ 95.702442][ T6832] input: syz1 as /devices/virtual/input/input39 [ 95.713208][ T6836] input: syz1 as /devices/virtual/input/input40 [ 95.713844][ T6835] input: syz1 as /devices/virtual/input/input41 [ 96.545631][ T6844] input: syz1 as /devices/virtual/input/input42 [ 96.555489][ T6847] input: syz1 as /devices/virtual/input/input43 [ 96.562586][ T6848] input: syz1 as /devices/virtual/input/input44 [ 96.563866][ T6850] input: syz1 as /devices/virtual/input/input45