[ 83.643959][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 83.643971][ T40] audit: type=1400 audit(1772611339.953:116): avc: denied { transition } for pid=6116 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 83.654476][ T40] audit: type=1400 audit(1772611339.953:117): avc: denied { noatsecure } for pid=6116 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 83.662829][ T40] audit: type=1400 audit(1772611339.963:118): avc: denied { rlimitinh } for pid=6116 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 83.670052][ T40] audit: type=1400 audit(1772611339.963:119): avc: denied { siginh } for pid=6116 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.738878][ T24] cfg80211: failed to load regulatory.db Warning: Permanently added '[localhost]:14014' (ED25519) to the list of known hosts. 2026/03/04 08:02:27 parsed 1 programs [ 91.115782][ T40] audit: type=1400 audit(1772611347.423:120): avc: denied { node_bind } for pid=6150 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 93.586852][ T40] audit: type=1400 audit(1772611349.893:121): avc: denied { read write } for pid=6167 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 93.598569][ T40] audit: type=1400 audit(1772611349.893:122): avc: denied { open } for pid=6167 comm="syz-executor" path="/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 93.659842][ T40] audit: type=1400 audit(1772611349.973:123): avc: denied { unlink } for pid=6167 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 93.983751][ T40] audit: type=1400 audit(1772611350.293:124): avc: denied { relabelto } for pid=6170 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 94.698365][ T6167] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.647258][ T1195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.650860][ T1195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.674949][ T1195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.679036][ T1195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.219480][ T40] audit: type=1401 audit(1772611353.533:125): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 97.796910][ T5999] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.802239][ T5999] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.806518][ T5999] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.811369][ T5999] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.815098][ T5999] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.895485][ T6242] chnl_net:caif_netlink_parms(): no params data found [ 98.960345][ T6242] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.963600][ T6242] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.966286][ T6242] bridge_slave_0: entered allmulticast mode [ 98.969961][ T6242] bridge_slave_0: entered promiscuous mode [ 98.973696][ T6242] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.976192][ T6242] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.978950][ T6242] bridge_slave_1: entered allmulticast mode [ 98.981924][ T6242] bridge_slave_1: entered promiscuous mode [ 99.004617][ T6242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.011174][ T6242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.035130][ T6242] team0: Port device team_slave_0 added [ 99.040720][ T6242] team0: Port device team_slave_1 added [ 99.063094][ T6242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.066611][ T6242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.076440][ T6242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.115822][ T6242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.118245][ T6242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.126924][ T6242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.156631][ T6242] hsr_slave_0: entered promiscuous mode [ 99.159940][ T6242] hsr_slave_1: entered promiscuous mode [ 99.781196][ T6242] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.788533][ T6242] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.794220][ T6242] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.799275][ T6242] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.818173][ T6242] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.820927][ T6242] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.823909][ T6242] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.826388][ T6242] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.862134][ T6242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.870597][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.874757][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.888299][ T6242] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.895125][ T1195] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.898454][ T1195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.906945][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.909996][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.964434][ T40] audit: type=1400 audit(1772611356.273:126): avc: denied { sys_module } for pid=6242 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 100.041742][ T6242] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.072623][ T6242] veth0_vlan: entered promiscuous mode [ 100.080079][ T6242] veth1_vlan: entered promiscuous mode [ 100.100080][ T6242] veth0_macvtap: entered promiscuous mode [ 100.106226][ T6242] veth1_macvtap: entered promiscuous mode [ 100.122230][ T6242] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.136030][ T6242] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.150554][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.154101][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.158883][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.162032][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.262414][ T1195] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.338637][ T1195] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.438243][ T1195] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.509927][ T1195] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/03/04 08:02:37 executed programs: 0 [ 100.707599][ T5999] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.710902][ T5999] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.714680][ T5999] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.721544][ T5999] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.725116][ T5999] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.857761][ T6321] chnl_net:caif_netlink_parms(): no params data found [ 100.927427][ T6321] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.930811][ T6321] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.934060][ T6321] bridge_slave_0: entered allmulticast mode [ 100.938670][ T6321] bridge_slave_0: entered promiscuous mode [ 100.944637][ T6321] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.948133][ T6321] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.951524][ T6321] bridge_slave_1: entered allmulticast mode [ 100.956144][ T6321] bridge_slave_1: entered promiscuous mode [ 100.985826][ T6321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.991079][ T6321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.012590][ T6321] team0: Port device team_slave_0 added [ 101.016979][ T6321] team0: Port device team_slave_1 added [ 101.040388][ T6321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.043657][ T6321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.055804][ T6321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.063612][ T6321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.066686][ T6321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 101.077903][ T6321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.108163][ T6321] hsr_slave_0: entered promiscuous mode [ 101.110538][ T6321] hsr_slave_1: entered promiscuous mode [ 101.112800][ T6321] debugfs: 'hsr0' already exists in 'hsr' [ 101.114870][ T6321] Cannot create hsr debugfs directory [ 102.817573][ T63] Bluetooth: hci0: command tx timeout [ 103.604834][ T1195] bridge_slave_1: left allmulticast mode [ 103.607835][ T1195] bridge_slave_1: left promiscuous mode [ 103.610588][ T1195] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.616996][ T1195] bridge_slave_0: left allmulticast mode [ 103.620018][ T1195] bridge_slave_0: left promiscuous mode [ 103.622613][ T1195] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.763313][ T1195] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.768241][ T1195] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.772610][ T1195] bond0 (unregistering): Released all slaves [ 103.951175][ T1195] hsr_slave_0: left promiscuous mode [ 103.953511][ T1195] hsr_slave_1: left promiscuous mode [ 103.956471][ T1195] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.960230][ T1195] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.965496][ T1195] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.969284][ T1195] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.977563][ T1195] veth1_macvtap: left promiscuous mode [ 103.980198][ T1195] veth0_macvtap: left promiscuous mode [ 103.982772][ T1195] veth1_vlan: left promiscuous mode [ 103.985184][ T1195] veth0_vlan: left promiscuous mode [ 104.104788][ T1195] team0 (unregistering): Port device team_slave_1 removed [ 104.124396][ T1195] team0 (unregistering): Port device team_slave_0 removed [ 104.336696][ T6321] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.343043][ T6321] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.347003][ T6321] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.356473][ T6321] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.421896][ T6321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.430085][ T6321] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.435484][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.437974][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.444783][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.447347][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.580285][ T6321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.604289][ T6321] veth0_vlan: entered promiscuous mode [ 104.610043][ T6321] veth1_vlan: entered promiscuous mode [ 104.654138][ T6321] veth0_macvtap: entered promiscuous mode [ 104.659560][ T6321] veth1_macvtap: entered promiscuous mode [ 104.669465][ T6321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.676188][ T6321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.683409][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.687979][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.691943][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.695962][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.766504][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.770520][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.791705][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.794632][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.820948][ T40] audit: type=1400 audit(1772611361.133:127): avc: denied { read write } for pid=6367 comm="syz.0.17" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 104.831998][ T40] audit: type=1400 audit(1772611361.133:128): avc: denied { open } for pid=6367 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 104.833699][ T6368] input: syz0 as /devices/virtual/input/input5 [ 104.842443][ T40] audit: type=1400 audit(1772611361.143:129): avc: denied { ioctl } for pid=6367 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 104.857074][ T40] audit: type=1400 audit(1772611361.163:130): avc: denied { read } for pid=6367 comm="syz.0.17" name="event4" dev="devtmpfs" ino=2845 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 104.867031][ T40] audit: type=1400 audit(1772611361.163:131): avc: denied { open } for pid=6367 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2845 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 104.877363][ T40] audit: type=1400 audit(1772611361.163:132): avc: denied { ioctl } for pid=6367 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2845 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 104.907423][ T63] Bluetooth: hci0: command tx timeout [ 105.656077][ T6368] [ 105.657332][ T6368] ====================================================== [ 105.660156][ T6368] WARNING: possible circular locking dependency detected [ 105.662603][ T6368] syzkaller #0 Not tainted [ 105.664113][ T6368] ------------------------------------------------------ [ 105.666365][ T6368] syz.0.17/6368 is trying to acquire lock: [ 105.668377][ T6368] ffff88802f2600b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_flush+0x63/0x1b0 [ 105.671531][ T6368] [ 105.671531][ T6368] but task is already holding lock: [ 105.674747][ T6368] ffff88802f3a72c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x4a/0x140 [ 105.678586][ T6368] [ 105.678586][ T6368] which lock already depends on the new lock. [ 105.678586][ T6368] [ 105.681980][ T6368] [ 105.681980][ T6368] the existing dependency chain (in reverse order) is: [ 105.684910][ T6368] [ 105.684910][ T6368] -> #3 (&dev->mutex#2){+.+.}-{4:4}: [ 105.687338][ T6368] __mutex_lock+0x1a2/0x1b90 [ 105.689223][ T6368] input_register_handle+0xca/0x630 [ 105.691844][ T6368] kbd_connect+0xce/0x180 [ 105.694133][ T6368] input_attach_handler.isra.0+0x177/0x1e0 [ 105.696938][ T6368] input_register_device.cold+0x139/0x375 [ 105.699008][ T6368] acpi_button_probe+0x5d3/0xbc0 [ 105.700840][ T6368] platform_probe+0x106/0x1d0 [ 105.702544][ T6368] really_probe+0x241/0xa60 [ 105.704253][ T6368] __driver_probe_device+0x1de/0x400 [ 105.706267][ T6368] driver_probe_device+0x4c/0x1b0 [ 105.708169][ T6368] __driver_attach+0x2f4/0x6a0 [ 105.710514][ T6368] bus_for_each_dev+0x13e/0x1d0 [ 105.712993][ T6368] bus_add_driver+0x305/0x5b0 [ 105.715045][ T6368] driver_register+0x1e2/0x360 [ 105.716798][ T6368] acpi_button_init+0xe4/0x100 [ 105.718580][ T6368] do_one_initcall+0x11d/0x760 [ 105.720418][ T6368] kernel_init_freeable+0x6e5/0x7a0 [ 105.722341][ T6368] kernel_init+0x1f/0x1e0 [ 105.723979][ T6368] ret_from_fork+0x754/0xd80 [ 105.725674][ T6368] ret_from_fork_asm+0x1a/0x30 [ 105.727630][ T6368] [ 105.727630][ T6368] -> #2 (input_mutex){+.+.}-{4:4}: [ 105.730941][ T6368] __mutex_lock+0x1a2/0x1b90 [ 105.733052][ T6368] input_register_device.cold+0x5b/0x375 [ 105.735115][ T6368] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 105.737209][ T6368] __x64_sys_ioctl+0x18e/0x210 [ 105.738996][ T6368] do_syscall_64+0x106/0xf80 [ 105.740717][ T6368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.742864][ T6368] [ 105.742864][ T6368] -> #1 (&newdev->mutex){+.+.}-{4:4}: [ 105.745698][ T6368] __mutex_lock+0x1a2/0x1b90 [ 105.748008][ T6368] uinput_request_submit.part.0+0x25/0x2e0 [ 105.750977][ T6368] uinput_dev_upload_effect+0x174/0x1f0 [ 105.753284][ T6368] input_ff_upload+0x578/0xc60 [ 105.755014][ T6368] evdev_do_ioctl+0x1228/0x1b60 [ 105.756800][ T6368] evdev_ioctl+0x16f/0x1a0 [ 105.758416][ T6368] __x64_sys_ioctl+0x18e/0x210 [ 105.760278][ T6368] do_syscall_64+0x106/0xf80 [ 105.761948][ T6368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.764100][ T6368] [ 105.764100][ T6368] -> #0 (&ff->mutex){+.+.}-{4:4}: [ 105.767322][ T6368] __lock_acquire+0x14b8/0x2630 [ 105.769908][ T6368] lock_acquire+0x1cf/0x380 [ 105.771811][ T6368] __mutex_lock+0x1a2/0x1b90 [ 105.773490][ T6368] input_ff_flush+0x63/0x1b0 [ 105.775161][ T6368] uinput_dev_flush+0x2a/0x40 [ 105.776873][ T6368] input_flush_device+0xc9/0x140 [ 105.778674][ T6368] evdev_release+0x344/0x420 [ 105.780755][ T6368] __fput+0x3ff/0xb40 [ 105.782434][ T6368] task_work_run+0x150/0x240 [ 105.784760][ T6368] exit_to_user_mode_loop+0x100/0x4a0 [ 105.787351][ T6368] do_syscall_64+0x67c/0xf80 [ 105.789249][ T6368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.791443][ T6368] [ 105.791443][ T6368] other info that might help us debug this: [ 105.791443][ T6368] [ 105.794884][ T6368] Chain exists of: [ 105.794884][ T6368] &ff->mutex --> input_mutex --> &dev->mutex#2 [ 105.794884][ T6368] [ 105.799318][ T6368] Possible unsafe locking scenario: [ 105.799318][ T6368] [ 105.802706][ T6368] CPU0 CPU1 [ 105.805087][ T6368] ---- ---- [ 105.807223][ T6368] lock(&dev->mutex#2); [ 105.808633][ T6368] lock(input_mutex); [ 105.811114][ T6368] lock(&dev->mutex#2); [ 105.814095][ T6368] lock(&ff->mutex); [ 105.815983][ T6368] [ 105.815983][ T6368] *** DEADLOCK *** [ 105.815983][ T6368] [ 105.819451][ T6368] 2 locks held by syz.0.17/6368: [ 105.821660][ T6368] #0: ffff88802726c118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_release+0x79/0x420 [ 105.824887][ T6368] #1: ffff88802f3a72c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x4a/0x140 [ 105.828449][ T6368] [ 105.828449][ T6368] stack backtrace: [ 105.831190][ T6368] CPU: 3 UID: 0 PID: 6368 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 105.831214][ T6368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 105.831224][ T6368] Call Trace: [ 105.831232][ T6368] [ 105.831239][ T6368] dump_stack_lvl+0x100/0x190 [ 105.831267][ T6368] print_circular_bug.cold+0x178/0x1c7 [ 105.831295][ T6368] check_noncircular+0x146/0x160 [ 105.831322][ T6368] __lock_acquire+0x14b8/0x2630 [ 105.831350][ T6368] lock_acquire+0x1cf/0x380 [ 105.831374][ T6368] ? input_ff_flush+0x63/0x1b0 [ 105.831397][ T6368] ? __pfx___might_resched+0x10/0x10 [ 105.831416][ T6368] __mutex_lock+0x1a2/0x1b90 [ 105.831435][ T6368] ? input_ff_flush+0x63/0x1b0 [ 105.831454][ T6368] ? input_ff_flush+0x63/0x1b0 [ 105.831480][ T6368] ? trace_contention_end+0x140/0x180 [ 105.831496][ T6368] ? __mutex_lock+0x26a/0x1b90 [ 105.831511][ T6368] ? __pfx___mutex_lock+0x10/0x10 [ 105.831527][ T6368] ? __mutex_lock+0x26a/0x1b90 [ 105.831543][ T6368] ? input_flush_device+0x4a/0x140 [ 105.831565][ T6368] ? dput.part.0+0xce/0x570 [ 105.831585][ T6368] ? evdev_release+0x79/0x420 [ 105.831605][ T6368] ? dput+0x24/0x30 [ 105.831625][ T6368] ? input_ff_flush+0x63/0x1b0 [ 105.831647][ T6368] input_ff_flush+0x63/0x1b0 [ 105.831670][ T6368] uinput_dev_flush+0x2a/0x40 [ 105.831692][ T6368] ? __pfx_uinput_dev_flush+0x10/0x10 [ 105.831737][ T6368] input_flush_device+0xc9/0x140 [ 105.831760][ T6368] evdev_release+0x344/0x420 [ 105.831777][ T6368] ? evm_file_release+0x133/0x210 [ 105.831796][ T6368] ? __pfx_evdev_release+0x10/0x10 [ 105.831814][ T6368] __fput+0x3ff/0xb40 [ 105.831833][ T6368] task_work_run+0x150/0x240 [ 105.831851][ T6368] ? __pfx_task_work_run+0x10/0x10 [ 105.831870][ T6368] exit_to_user_mode_loop+0x100/0x4a0 [ 105.831897][ T6368] do_syscall_64+0x67c/0xf80 [ 105.831913][ T6368] ? clear_bhb_loop+0x40/0x90 [ 105.831931][ T6368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.831947][ T6368] RIP: 0033:0x7ff4fc19af39 [ 105.831962][ T6368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.831977][ T6368] RSP: 002b:00007ff4fcf9a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.831992][ T6368] RAX: ffffffffffffffed RBX: 00007ff4fc405fa0 RCX: 00007ff4fc19af39 [ 105.832003][ T6368] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 105.832013][ T6368] RBP: 00007ff4fc22fee0 R08: 0000000000000000 R09: 0000000000000000 [ 105.832023][ T6368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.832033][ T6368] R13: 00007ff4fc406038 R14: 00007ff4fc405fa0 R15: 00007ffe09067af8 [ 105.832048][ T6368] [ 105.951599][ T6370] input: syz0 as /devices/virtual/input/input6 2026/03/04 08:02:42 executed programs: 3 [ 106.798286][ T6372] input: syz0 as /devices/virtual/input/input7 [ 106.977512][ T63] Bluetooth: hci0: command tx timeout [ 107.642177][ T6374] input: syz0 as /devices/virtual/input/input8 [ 108.487236][ T6376] input: syz0 as /devices/virtual/input/input9 [ 109.057320][ T63] Bluetooth: hci0: command tx timeout [ 109.328338][ T6378] input: syz0 as /devices/virtual/input/input10 [ 110.170877][ T6380] input: syz0 as /devices/virtual/input/input11 [ 111.027033][ T6382] input: syz0 as /devices/virtual/input/input12 2026/03/04 08:02:47 executed programs: 9 [ 111.870163][ T6384] input: syz0 as /devices/virtual/input/input13 [ 112.718454][ T6386] input: syz0 as /devices/virtual/input/input14 [ 113.565492][ T6388] input: syz0 as /devices/virtual/input/input15 [ 114.425262][ T6390] input: syz0 as /devices/virtual/input/input16 [ 115.275985][ T6392] input: syz0 as /devices/virtual/input/input17