[ 85.607036][ T40] audit: type=1400 audit(1764909751.296:116): avc: denied { transition } for pid=6125 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 85.620436][ T40] audit: type=1400 audit(1764909751.306:117): avc: denied { noatsecure } for pid=6125 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 85.626888][ T40] audit: type=1400 audit(1764909751.316:118): avc: denied { rlimitinh } for pid=6125 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 85.633297][ T40] audit: type=1400 audit(1764909751.316:119): avc: denied { siginh } for pid=6125 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.761321][ T838] cfg80211: failed to load regulatory.db Warning: Permanently added '[localhost]:51158' (ED25519) to the list of known hosts. 2025/12/05 04:42:39 parsed 1 programs [ 93.595139][ T40] audit: type=1400 audit(1764909759.286:120): avc: denied { node_bind } for pid=6165 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 95.756500][ T40] audit: type=1400 audit(1764909761.446:121): avc: denied { read write } for pid=6177 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 95.765079][ T40] audit: type=1400 audit(1764909761.466:122): avc: denied { open } for pid=6177 comm="syz-executor" path="/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 95.862945][ T40] audit: type=1400 audit(1764909761.556:123): avc: denied { unlink } for pid=6177 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 96.270135][ T40] audit: type=1400 audit(1764909761.956:124): avc: denied { relabelto } for pid=6179 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 96.956074][ T6177] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 99.422300][ T40] audit: type=1401 audit(1764909765.116:125): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 99.772919][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.775572][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.791215][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.793787][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.692236][ T6240] chnl_net:caif_netlink_parms(): no params data found [ 100.807181][ T6240] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.810445][ T6240] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.813552][ T6240] bridge_slave_0: entered allmulticast mode [ 100.817300][ T6240] bridge_slave_0: entered promiscuous mode [ 100.820791][ T6240] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.823101][ T6240] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.825824][ T6240] bridge_slave_1: entered allmulticast mode [ 100.828769][ T6240] bridge_slave_1: entered promiscuous mode [ 100.866097][ T6240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.872239][ T6240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.916719][ T6240] team0: Port device team_slave_0 added [ 100.920067][ T6240] team0: Port device team_slave_1 added [ 100.951207][ T6240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.953403][ T6240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.961548][ T6240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.965766][ T6240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.967942][ T6240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.975981][ T6240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.014075][ T6240] hsr_slave_0: entered promiscuous mode [ 101.016340][ T6240] hsr_slave_1: entered promiscuous mode [ 101.636495][ T6240] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 101.642154][ T6240] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 101.648307][ T6240] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 101.670837][ T6240] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.734750][ T6240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.759324][ T6240] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.767825][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.771163][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.780542][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.782884][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.846548][ T40] audit: type=1400 audit(1764909767.536:126): avc: denied { sys_module } for pid=6240 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 101.944463][ T6240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.987524][ T6240] veth0_vlan: entered promiscuous mode [ 101.997878][ T6240] veth1_vlan: entered promiscuous mode [ 102.024157][ T6240] veth0_macvtap: entered promiscuous mode [ 102.028202][ T6240] veth1_macvtap: entered promiscuous mode [ 102.038332][ T6240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.045022][ T6240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.053406][ T1144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.057725][ T1144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.063780][ T1144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.069168][ T1144] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.173267][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.266146][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.286864][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.292131][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.296027][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.302398][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.305763][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.345130][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.447946][ T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/12/05 04:42:48 executed programs: 0 [ 102.949088][ T5293] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.952515][ T5293] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.955910][ T5293] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.959229][ T5293] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.962490][ T5293] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.059347][ T6340] chnl_net:caif_netlink_parms(): no params data found [ 103.167015][ T6340] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.169516][ T6340] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.172283][ T6340] bridge_slave_0: entered allmulticast mode [ 103.175970][ T6340] bridge_slave_0: entered promiscuous mode [ 103.182800][ T6340] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.185275][ T6340] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.188001][ T6340] bridge_slave_1: entered allmulticast mode [ 103.192105][ T6340] bridge_slave_1: entered promiscuous mode [ 103.230961][ T6340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.235496][ T6340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.272984][ T6340] team0: Port device team_slave_0 added [ 103.277760][ T6340] team0: Port device team_slave_1 added [ 103.329440][ T6340] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.334655][ T6340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.345919][ T6340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.353227][ T6340] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.356657][ T6340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.368824][ T6340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.427954][ T6340] hsr_slave_0: entered promiscuous mode [ 103.430570][ T6340] hsr_slave_1: entered promiscuous mode [ 103.432858][ T6340] debugfs: 'hsr0' already exists in 'hsr' [ 103.434792][ T6340] Cannot create hsr debugfs directory [ 105.001245][ T64] Bluetooth: hci0: command tx timeout [ 105.034067][ T46] bridge_slave_1: left allmulticast mode [ 105.035932][ T46] bridge_slave_1: left promiscuous mode [ 105.037903][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.041985][ T46] bridge_slave_0: left allmulticast mode [ 105.044174][ T46] bridge_slave_0: left promiscuous mode [ 105.046211][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.325565][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.331082][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.335152][ T46] bond0 (unregistering): Released all slaves [ 105.476683][ T46] hsr_slave_0: left promiscuous mode [ 105.479663][ T46] hsr_slave_1: left promiscuous mode [ 105.488748][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.492173][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.495925][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.499094][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.513572][ T46] veth1_macvtap: left promiscuous mode [ 105.515402][ T46] veth0_macvtap: left promiscuous mode [ 105.517275][ T46] veth1_vlan: left promiscuous mode [ 105.519199][ T46] veth0_vlan: left promiscuous mode [ 105.978016][ T46] team0 (unregistering): Port device team_slave_1 removed [ 106.016733][ T46] team0 (unregistering): Port device team_slave_0 removed [ 106.537322][ T6340] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.551476][ T6340] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.564739][ T6340] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.571438][ T6340] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.627048][ T6340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.639678][ T6340] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.648249][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.651304][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.657519][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.659847][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.844835][ T6340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.864022][ T6340] veth0_vlan: entered promiscuous mode [ 106.868898][ T6340] veth1_vlan: entered promiscuous mode [ 106.888544][ T6340] veth0_macvtap: entered promiscuous mode [ 106.893670][ T6340] veth1_macvtap: entered promiscuous mode [ 106.907493][ T6340] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.913404][ T6340] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.919357][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.922859][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.926739][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.929547][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.971843][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.974466][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.986894][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.989435][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.015755][ T40] audit: type=1400 audit(1764909772.706:127): avc: denied { read write } for pid=6385 comm="syz.0.17" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 107.023750][ T40] audit: type=1400 audit(1764909772.706:128): avc: denied { open } for pid=6385 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 107.031901][ T6386] input: syz1 as /devices/virtual/input/input5 [ 107.036865][ T6386] [ 107.037744][ T6386] ====================================================== [ 107.040091][ T6386] WARNING: possible circular locking dependency detected [ 107.040504][ T40] audit: type=1400 audit(1764909772.716:129): avc: denied { ioctl } for pid=6385 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 107.042350][ T6386] syzkaller #0 Not tainted [ 107.051174][ T40] audit: type=1400 audit(1764909772.726:130): avc: denied { read } for pid=6385 comm="syz.0.17" name="event4" dev="devtmpfs" ino=2842 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 107.051758][ T6386] ------------------------------------------------------ [ 107.058912][ T40] audit: type=1400 audit(1764909772.726:131): avc: denied { open } for pid=6385 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2842 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 107.061120][ T6386] syz.0.17/6386 is trying to acquire lock: [ 107.061131][ T6386] ffff8880248e7070 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 107.061164][ T6386] [ 107.061164][ T6386] but task is already holding lock: [ 107.061167][ T6386] ffff8880524540b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc40 [ 107.061193][ T6386] [ 107.061193][ T6386] which lock already depends on the new lock. [ 107.061193][ T6386] [ 107.061196][ T6386] [ 107.061196][ T6386] the existing dependency chain (in reverse order) is: [ 107.061200][ T6386] [ 107.061200][ T6386] -> #3 (&ff->mutex [ 107.069666][ T40] audit: type=1400 audit(1764909772.726:132): avc: denied { ioctl } for pid=6385 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2842 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 107.071132][ T6386] ){+.+.}-{4:4}: [ 107.071147][ T6386] __mutex_lock+0x1aa/0x1b10 [ 107.071166][ T6386] input_ff_flush+0x63/0x1a0 [ 107.071179][ T6386] uinput_dev_flush+0x2a/0x40 [ 107.071192][ T6386] input_flush_device+0xce/0x160 [ 107.071205][ T6386] evdev_release+0x344/0x420 [ 107.071215][ T6386] __fput+0x402/0xb70 [ 107.080619][ T64] Bluetooth: hci0: command tx timeout [ 107.081187][ T6386] fput_close_sync+0x118/0x260 [ 107.112292][ T6386] __x64_sys_close+0x8b/0x120 [ 107.114030][ T6386] do_syscall_64+0xcd/0xf80 [ 107.115717][ T6386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.117750][ T6386] [ 107.117750][ T6386] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 107.120165][ T6386] __mutex_lock+0x1aa/0x1b10 [ 107.121814][ T6386] input_register_handle+0xca/0x650 [ 107.123620][ T6386] kbd_connect+0xca/0x160 [ 107.125330][ T6386] input_attach_handler.isra.0+0x176/0x250 [ 107.127329][ T6386] input_register_device+0xab9/0x1180 [ 107.129298][ T6386] acpi_button_add+0x582/0xb90 [ 107.130982][ T6386] acpi_device_probe+0xc9/0x330 [ 107.132694][ T6386] really_probe+0x241/0xa90 [ 107.134428][ T6386] __driver_probe_device+0x1de/0x440 [ 107.136301][ T6386] driver_probe_device+0x4c/0x1b0 [ 107.138081][ T6386] __driver_attach+0x283/0x580 [ 107.140219][ T6386] bus_for_each_dev+0x13e/0x1d0 [ 107.142619][ T6386] bus_add_driver+0x2e9/0x690 [ 107.144808][ T6386] driver_register+0x15c/0x4b0 [ 107.146623][ T6386] __acpi_bus_register_driver+0xdf/0x130 [ 107.148625][ T6386] acpi_button_driver_init+0x82/0x110 [ 107.150500][ T6386] do_one_initcall+0x123/0x680 [ 107.152178][ T6386] kernel_init_freeable+0x5c8/0x920 [ 107.154007][ T6386] kernel_init+0x1c/0x2b0 [ 107.155689][ T6386] ret_from_fork+0x983/0xb10 [ 107.157348][ T6386] ret_from_fork_asm+0x1a/0x30 [ 107.159059][ T6386] [ 107.159059][ T6386] -> #1 (input_mutex){+.+.}-{4:4}: [ 107.161375][ T6386] __mutex_lock+0x1aa/0x1b10 [ 107.162999][ T6386] input_register_device+0x992/0x1180 [ 107.165143][ T6386] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 107.167192][ T6386] __x64_sys_ioctl+0x18e/0x210 [ 107.168925][ T6386] do_syscall_64+0xcd/0xf80 [ 107.170532][ T6386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.172540][ T6386] [ 107.172540][ T6386] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 107.175061][ T6386] __lock_acquire+0x1542/0x22f0 [ 107.176869][ T6386] lock_acquire+0x179/0x330 [ 107.178503][ T6386] __mutex_lock+0x1aa/0x1b10 [ 107.180139][ T6386] uinput_request_submit.part.0+0x25/0x2e0 [ 107.182149][ T6386] uinput_dev_upload_effect+0x174/0x1f0 [ 107.184131][ T6386] input_ff_upload+0x582/0xc40 [ 107.185896][ T6386] evdev_do_ioctl+0xf40/0x1b30 [ 107.187564][ T6386] evdev_ioctl+0x16f/0x1a0 [ 107.189208][ T6386] __x64_sys_ioctl+0x18e/0x210 [ 107.190910][ T6386] do_syscall_64+0xcd/0xf80 [ 107.192512][ T6386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.195068][ T6386] [ 107.195068][ T6386] other info that might help us debug this: [ 107.195068][ T6386] [ 107.198419][ T6386] Chain exists of: [ 107.198419][ T6386] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 107.198419][ T6386] [ 107.202262][ T6386] Possible unsafe locking scenario: [ 107.202262][ T6386] [ 107.204653][ T6386] CPU0 CPU1 [ 107.206411][ T6386] ---- ---- [ 107.208115][ T6386] lock(&ff->mutex); [ 107.209421][ T6386] lock(&dev->mutex#2); [ 107.211539][ T6386] lock(&ff->mutex); [ 107.213589][ T6386] lock(&newdev->mutex); [ 107.215009][ T6386] [ 107.215009][ T6386] *** DEADLOCK *** [ 107.215009][ T6386] [ 107.217591][ T6386] 2 locks held by syz.0.17/6386: [ 107.219185][ T6386] #0: ffff88803776a118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 107.222036][ T6386] #1: ffff8880524540b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc40 [ 107.225001][ T6386] [ 107.225001][ T6386] stack backtrace: [ 107.226933][ T6386] CPU: 3 UID: 0 PID: 6386 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 107.226945][ T6386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.226952][ T6386] Call Trace: [ 107.226957][ T6386] [ 107.226962][ T6386] dump_stack_lvl+0x116/0x1f0 [ 107.226980][ T6386] print_circular_bug+0x2db/0x410 [ 107.226996][ T6386] check_noncircular+0x146/0x160 [ 107.227011][ T6386] __lock_acquire+0x1542/0x22f0 [ 107.227027][ T6386] lock_acquire+0x179/0x330 [ 107.227041][ T6386] ? uinput_request_submit.part.0+0x25/0x2e0 [ 107.227056][ T6386] ? __pfx___might_resched+0x10/0x10 [ 107.227069][ T6386] __mutex_lock+0x1aa/0x1b10 [ 107.227085][ T6386] ? uinput_request_submit.part.0+0x25/0x2e0 [ 107.227099][ T6386] ? uinput_request_submit.part.0+0x25/0x2e0 [ 107.227112][ T6386] ? find_held_lock+0x2b/0x80 [ 107.227122][ T6386] ? __pfx___mutex_lock+0x10/0x10 [ 107.227137][ T6386] ? do_raw_spin_unlock+0x172/0x230 [ 107.227146][ T6386] ? _raw_spin_unlock+0x28/0x50 [ 107.227160][ T6386] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 107.227174][ T6386] ? rcu_is_watching+0x12/0xc0 [ 107.227186][ T6386] ? trace_contention_end+0xdd/0x110 [ 107.227201][ T6386] ? uinput_request_submit.part.0+0x25/0x2e0 [ 107.227214][ T6386] uinput_request_submit.part.0+0x25/0x2e0 [ 107.227228][ T6386] uinput_dev_upload_effect+0x174/0x1f0 [ 107.227242][ T6386] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 107.227257][ T6386] ? __might_fault+0x13b/0x190 [ 107.227271][ T6386] input_ff_upload+0x582/0xc40 [ 107.227284][ T6386] evdev_do_ioctl+0xf40/0x1b30 [ 107.227295][ T6386] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 107.227305][ T6386] ? __pfx___mutex_lock+0x10/0x10 [ 107.227324][ T6386] evdev_ioctl+0x16f/0x1a0 [ 107.227334][ T6386] ? __pfx_evdev_ioctl+0x10/0x10 [ 107.227344][ T6386] __x64_sys_ioctl+0x18e/0x210 [ 107.227359][ T6386] do_syscall_64+0xcd/0xf80 [ 107.227374][ T6386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.227385][ T6386] RIP: 0033:0x7f7f71d8ebe9 [ 107.227394][ T6386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.227404][ T6386] RSP: 002b:00007f7f72b2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 107.227413][ T6386] RAX: ffffffffffffffda RBX: 00007f7f71fb5fa0 RCX: 00007f7f71d8ebe9 [ 107.227420][ T6386] RDX: 0000200000000040 RSI: 0000000040304580 RDI: 0000000000000004 [ 107.227426][ T6386] RBP: 00007f7f71e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 107.227431][ T6386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.227437][ T6386] R13: 00007f7f71fb6038 R14: 00007f7f71fb5fa0 R15: 00007ffc4c591948 [ 107.227446][ T6386] [ 107.866522][ T6388] input: syz1 as /devices/virtual/input/input6 [ 108.706080][ T6390] input: syz1 as /devices/virtual/input/input7 2025/12/05 04:42:54 executed programs: 4 [ 109.160323][ T64] Bluetooth: hci0: command tx timeout [ 109.549771][ T6393] input: syz1 as /devices/virtual/input/input8 [ 110.395797][ T6395] input: syz1 as /devices/virtual/input/input9 [ 111.229444][ T6252] udevd[6252]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 111.242232][ T6397] input: syz1 as /devices/virtual/input/input10 [ 111.250377][ T64] Bluetooth: hci0: command tx timeout [ 112.085494][ T6399] input: syz1 as /devices/virtual/input/input11 [ 112.937462][ T6401] input: syz1 as /devices/virtual/input/input12 [ 113.775934][ T6403] input: syz1 as /devices/virtual/input/input13 2025/12/05 04:42:59 executed programs: 10 [ 114.620169][ T6405] input: syz1 as /devices/virtual/input/input14 [ 115.462246][ T6407] input: syz1 as /devices/virtual/input/input15 [ 116.306797][ T6409] input: syz1 as /devices/virtual/input/input16