[ 85.927973][ T40] audit: type=1400 audit(1772608029.888:116): avc: denied { transition } for pid=6120 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 85.942751][ T40] audit: type=1400 audit(1772608029.908:117): avc: denied { noatsecure } for pid=6120 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 85.950957][ T40] audit: type=1400 audit(1772608029.908:118): avc: denied { rlimitinh } for pid=6120 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 85.960386][ T40] audit: type=1400 audit(1772608029.908:119): avc: denied { siginh } for pid=6120 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 92.102715][ T29] cfg80211: failed to load regulatory.db Warning: Permanently added '[localhost]:41885' (ED25519) to the list of known hosts. 2026/03/04 07:07:18 parsed 1 programs [ 94.304259][ T40] audit: type=1400 audit(1772608038.268:120): avc: denied { node_bind } for pid=6161 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 97.136354][ T40] audit: type=1400 audit(1772608041.098:121): avc: denied { read write } for pid=6170 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 97.146800][ T40] audit: type=1400 audit(1772608041.098:122): avc: denied { open } for pid=6170 comm="syz-executor" path="/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 97.186185][ T40] audit: type=1400 audit(1772608041.148:123): avc: denied { unlink } for pid=6170 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 97.721151][ T40] audit: type=1400 audit(1772608041.678:124): avc: denied { relabelto } for pid=6174 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 98.642846][ T6170] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 101.452710][ T218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.455962][ T218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.478278][ T218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.482120][ T218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.822116][ T40] audit: type=1401 audit(1772608046.788:125): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 103.203379][ T5286] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.207649][ T5286] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.211570][ T5286] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.217531][ T5286] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.221708][ T5286] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.548093][ T6232] chnl_net:caif_netlink_parms(): no params data found [ 103.699198][ T6232] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.702890][ T6232] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.706251][ T6232] bridge_slave_0: entered allmulticast mode [ 103.710639][ T6232] bridge_slave_0: entered promiscuous mode [ 103.717724][ T6232] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.721504][ T6232] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.725245][ T6232] bridge_slave_1: entered allmulticast mode [ 103.728333][ T6232] bridge_slave_1: entered promiscuous mode [ 103.781090][ T6232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.787535][ T6232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.824170][ T6232] team0: Port device team_slave_0 added [ 103.827624][ T6232] team0: Port device team_slave_1 added [ 103.863542][ T6232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.866287][ T6232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.876048][ T6232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.881318][ T6232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.884369][ T6232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.895787][ T6232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.959083][ T6232] hsr_slave_0: entered promiscuous mode [ 103.962283][ T6232] hsr_slave_1: entered promiscuous mode [ 104.536140][ T6232] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.544477][ T6232] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.550979][ T6232] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.574951][ T6232] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 104.655133][ T6232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.670810][ T6232] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.681119][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.684703][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.695198][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.698455][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.771946][ T40] audit: type=1400 audit(1772608048.728:126): avc: denied { sys_module } for pid=6232 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 104.855350][ T6232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.894491][ T6232] veth0_vlan: entered promiscuous mode [ 104.908370][ T6232] veth1_vlan: entered promiscuous mode [ 104.936680][ T6232] veth0_macvtap: entered promiscuous mode [ 104.944057][ T6232] veth1_macvtap: entered promiscuous mode [ 104.956506][ T6232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.968803][ T6232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.006090][ T218] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.011662][ T218] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.020114][ T218] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.024066][ T218] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.137546][ T218] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.209929][ T218] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.273324][ T218] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.372824][ T218] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/03/04 07:07:30 executed programs: 0 [ 106.155873][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.159578][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.164051][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.167378][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.182838][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.358321][ T6335] chnl_net:caif_netlink_parms(): no params data found [ 106.466917][ T6335] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.470534][ T6335] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.474192][ T6335] bridge_slave_0: entered allmulticast mode [ 106.477315][ T6335] bridge_slave_0: entered promiscuous mode [ 106.481637][ T6335] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.484601][ T6335] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.487378][ T6335] bridge_slave_1: entered allmulticast mode [ 106.491494][ T6335] bridge_slave_1: entered promiscuous mode [ 106.567475][ T6335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.576346][ T6335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.641053][ T6335] team0: Port device team_slave_0 added [ 106.648632][ T6335] team0: Port device team_slave_1 added [ 106.705134][ T6335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.708405][ T6335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.721241][ T6335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.731577][ T6335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.735033][ T6335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.746809][ T6335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.814226][ T6335] hsr_slave_0: entered promiscuous mode [ 106.817519][ T6335] hsr_slave_1: entered promiscuous mode [ 106.820713][ T6335] debugfs: 'hsr0' already exists in 'hsr' [ 106.823626][ T6335] Cannot create hsr debugfs directory [ 107.922925][ T218] bridge_slave_1: left allmulticast mode [ 107.925767][ T218] bridge_slave_1: left promiscuous mode [ 107.928905][ T218] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.933182][ T218] bridge_slave_0: left allmulticast mode [ 107.935123][ T218] bridge_slave_0: left promiscuous mode [ 107.937062][ T218] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.063817][ T218] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 108.068027][ T218] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 108.071701][ T218] bond0 (unregistering): Released all slaves [ 108.247101][ T5286] Bluetooth: hci0: command tx timeout [ 108.257860][ T218] hsr_slave_0: left promiscuous mode [ 108.260886][ T218] hsr_slave_1: left promiscuous mode [ 108.263192][ T218] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.266077][ T218] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.269497][ T218] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.272202][ T218] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 108.278834][ T218] veth1_macvtap: left promiscuous mode [ 108.280648][ T218] veth0_macvtap: left promiscuous mode [ 108.282480][ T218] veth1_vlan: left promiscuous mode [ 108.285045][ T218] veth0_vlan: left promiscuous mode [ 108.439554][ T218] team0 (unregistering): Port device team_slave_1 removed [ 108.448674][ T218] team0 (unregistering): Port device team_slave_0 removed [ 108.882368][ T6335] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.894961][ T6335] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.910479][ T6335] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.925953][ T6335] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.997639][ T6335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.013185][ T6335] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.020165][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.022950][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.033909][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.036750][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.242876][ T6335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.273280][ T6335] veth0_vlan: entered promiscuous mode [ 109.280937][ T6335] veth1_vlan: entered promiscuous mode [ 109.320243][ T6335] veth0_macvtap: entered promiscuous mode [ 109.327378][ T6335] veth1_macvtap: entered promiscuous mode [ 109.340965][ T6335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.351650][ T6335] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.362079][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.366541][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.371143][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.375273][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.421124][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.428372][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.444914][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.447880][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.481444][ T40] audit: type=1400 audit(1772608053.438:127): avc: denied { read write } for pid=6377 comm="syz.0.17" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 109.492062][ T40] audit: type=1400 audit(1772608053.438:128): avc: denied { open } for pid=6377 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 109.494546][ T6378] input: syz0 as /devices/virtual/input/input5 [ 109.502037][ T40] audit: type=1400 audit(1772608053.458:129): avc: denied { ioctl } for pid=6377 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 109.516716][ T40] audit: type=1400 audit(1772608053.488:130): avc: denied { read } for pid=6377 comm="syz.0.17" name="event4" dev="devtmpfs" ino=2845 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 109.517459][ T6378] [ 109.525953][ T40] audit: type=1400 audit(1772608053.488:131): avc: denied { open } for pid=6377 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2845 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 109.526610][ T6378] ====================================================== [ 109.535560][ T40] audit: type=1400 audit(1772608053.488:132): avc: denied { ioctl } for pid=6377 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2845 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 109.538963][ T6378] WARNING: possible circular locking dependency detected [ 109.553037][ T6378] syzkaller #0 Not tainted [ 109.555068][ T6378] ------------------------------------------------------ [ 109.558470][ T6378] syz.0.17/6378 is trying to acquire lock: [ 109.561662][ T6378] ffff8880300b5870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 109.566278][ T6378] [ 109.566278][ T6378] but task is already holding lock: [ 109.569510][ T6378] ffff8880300b48b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1d7/0xc60 [ 109.573261][ T6378] [ 109.573261][ T6378] which lock already depends on the new lock. [ 109.573261][ T6378] [ 109.578213][ T6378] [ 109.578213][ T6378] the existing dependency chain (in reverse order) is: [ 109.582745][ T6378] [ 109.582745][ T6378] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 109.585975][ T6378] __mutex_lock+0x1a2/0x1b90 [ 109.588291][ T6378] input_ff_flush+0x63/0x1b0 [ 109.590541][ T6378] uinput_dev_flush+0x2a/0x40 [ 109.592927][ T6378] input_flush_device+0xc9/0x140 [ 109.595579][ T6378] evdev_release+0x344/0x420 [ 109.597981][ T6378] __fput+0x3ff/0xb40 [ 109.600171][ T6378] fput_close_sync+0x118/0x250 [ 109.602716][ T6378] __x64_sys_close+0x8b/0x120 [ 109.605260][ T6378] do_syscall_64+0x106/0xf80 [ 109.607736][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.610640][ T6378] [ 109.610640][ T6378] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 109.614020][ T6378] __mutex_lock+0x1a2/0x1b90 [ 109.616349][ T6378] input_register_handle+0xca/0x630 [ 109.619072][ T6378] kbd_connect+0xce/0x180 [ 109.621360][ T6378] input_attach_handler.isra.0+0x177/0x1e0 [ 109.624723][ T6378] input_register_device.cold+0x139/0x375 [ 109.628230][ T6378] acpi_button_probe+0x5d3/0xbc0 [ 109.630725][ T6378] platform_probe+0x106/0x1d0 [ 109.632964][ T6378] really_probe+0x241/0xa60 [ 109.635234][ T6378] __driver_probe_device+0x1de/0x400 [ 109.637853][ T6378] driver_probe_device+0x4c/0x1b0 [ 109.640352][ T6378] __driver_attach+0x2f4/0x6a0 [ 109.642797][ T6378] bus_for_each_dev+0x13e/0x1d0 [ 109.645253][ T6378] bus_add_driver+0x305/0x5b0 [ 109.647714][ T6378] driver_register+0x1e2/0x360 [ 109.650436][ T6378] acpi_button_init+0xe4/0x100 [ 109.653194][ T6378] do_one_initcall+0x11d/0x760 [ 109.655947][ T6378] kernel_init_freeable+0x6e5/0x7a0 [ 109.658598][ T6378] kernel_init+0x1f/0x1e0 [ 109.660837][ T6378] ret_from_fork+0x754/0xd80 [ 109.663168][ T6378] ret_from_fork_asm+0x1a/0x30 [ 109.665751][ T6378] [ 109.665751][ T6378] -> #1 (input_mutex){+.+.}-{4:4}: [ 109.668935][ T6378] __mutex_lock+0x1a2/0x1b90 [ 109.671158][ T6378] input_register_device.cold+0x5b/0x375 [ 109.673961][ T6378] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 109.676897][ T6378] __x64_sys_ioctl+0x18e/0x210 [ 109.679299][ T6378] do_syscall_64+0x106/0xf80 [ 109.681666][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.684832][ T6378] [ 109.684832][ T6378] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 109.687882][ T6378] __lock_acquire+0x14b8/0x2630 [ 109.690260][ T6378] lock_acquire+0x1cf/0x380 [ 109.692521][ T6378] __mutex_lock+0x1a2/0x1b90 [ 109.694860][ T6378] uinput_request_submit.part.0+0x25/0x2e0 [ 109.697193][ T6378] uinput_dev_upload_effect+0x174/0x1f0 [ 109.699539][ T6378] input_ff_upload+0x578/0xc60 [ 109.701539][ T6378] evdev_do_ioctl+0x1228/0x1b60 [ 109.703463][ T6378] evdev_ioctl+0x16f/0x1a0 [ 109.705175][ T6378] __x64_sys_ioctl+0x18e/0x210 [ 109.706976][ T6378] do_syscall_64+0x106/0xf80 [ 109.708701][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.710975][ T6378] [ 109.710975][ T6378] other info that might help us debug this: [ 109.710975][ T6378] [ 109.715335][ T6378] Chain exists of: [ 109.715335][ T6378] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 109.715335][ T6378] [ 109.721913][ T6378] Possible unsafe locking scenario: [ 109.721913][ T6378] [ 109.725542][ T6378] CPU0 CPU1 [ 109.727988][ T6378] ---- ---- [ 109.730428][ T6378] lock(&ff->mutex); [ 109.732165][ T6378] lock(&dev->mutex#2); [ 109.735100][ T6378] lock(&ff->mutex); [ 109.737902][ T6378] lock(&newdev->mutex); [ 109.739797][ T6378] [ 109.739797][ T6378] *** DEADLOCK *** [ 109.739797][ T6378] [ 109.742942][ T6378] 2 locks held by syz.0.17/6378: [ 109.744680][ T6378] #0: ffff88803528e118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 109.748135][ T6378] #1: ffff8880300b48b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1d7/0xc60 [ 109.751662][ T6378] [ 109.751662][ T6378] stack backtrace: [ 109.754134][ T6378] CPU: 0 UID: 0 PID: 6378 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 109.754153][ T6378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.754162][ T6378] Call Trace: [ 109.754168][ T6378] [ 109.754175][ T6378] dump_stack_lvl+0x100/0x190 [ 109.754202][ T6378] print_circular_bug.cold+0x178/0x1c7 [ 109.754227][ T6378] check_noncircular+0x146/0x160 [ 109.754253][ T6378] __lock_acquire+0x14b8/0x2630 [ 109.754280][ T6378] lock_acquire+0x1cf/0x380 [ 109.754299][ T6378] ? uinput_request_submit.part.0+0x25/0x2e0 [ 109.754321][ T6378] ? __pfx___might_resched+0x10/0x10 [ 109.754340][ T6378] __mutex_lock+0x1a2/0x1b90 [ 109.754358][ T6378] ? uinput_request_submit.part.0+0x25/0x2e0 [ 109.754379][ T6378] ? uinput_request_submit.part.0+0x25/0x2e0 [ 109.754394][ T6378] ? find_held_lock+0x2b/0x80 [ 109.754412][ T6378] ? uinput_request_reserve_slot+0x3ca/0x4d0 [ 109.754434][ T6378] ? __pfx___mutex_lock+0x10/0x10 [ 109.754450][ T6378] ? do_raw_spin_unlock+0x145/0x1e0 [ 109.754467][ T6378] ? _raw_spin_unlock+0x28/0x50 [ 109.754486][ T6378] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 109.754507][ T6378] ? trace_contention_end+0x140/0x180 [ 109.754524][ T6378] ? uinput_request_submit.part.0+0x25/0x2e0 [ 109.754544][ T6378] uinput_request_submit.part.0+0x25/0x2e0 [ 109.754565][ T6378] uinput_dev_upload_effect+0x174/0x1f0 [ 109.754587][ T6378] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 109.754611][ T6378] input_ff_upload+0x578/0xc60 [ 109.754629][ T6378] evdev_do_ioctl+0x1228/0x1b60 [ 109.754647][ T6378] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 109.754664][ T6378] ? __pfx___mutex_lock+0x10/0x10 [ 109.754687][ T6378] evdev_ioctl+0x16f/0x1a0 [ 109.754703][ T6378] ? __pfx_evdev_ioctl+0x10/0x10 [ 109.754715][ T6378] __x64_sys_ioctl+0x18e/0x210 [ 109.754737][ T6378] do_syscall_64+0x106/0xf80 [ 109.754753][ T6378] ? clear_bhb_loop+0x40/0x90 [ 109.754771][ T6378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.754787][ T6378] RIP: 0033:0x7f1d91f9a539 [ 109.754799][ T6378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 109.754813][ T6378] RSP: 002b:00007f1d915fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 109.754824][ T6378] RAX: ffffffffffffffda RBX: 00007f1d92205fa0 RCX: 00007f1d91f9a539 [ 109.754834][ T6378] RDX: 0000200000000040 RSI: 0000000040304580 RDI: 0000000000000004 [ 109.754843][ T6378] RBP: 00007f1d9202dee0 R08: 0000000000000000 R09: 0000000000000000 [ 109.754852][ T6378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.754860][ T6378] R13: 00007f1d92206038 R14: 00007f1d92205fa0 R15: 00007ffc2f563d38 [ 109.754875][ T6378] [ 110.322777][ T63] Bluetooth: hci0: command tx timeout [ 110.328552][ T6380] input: syz0 as /devices/virtual/input/input6 [ 111.175259][ T6382] input: syz0 as /devices/virtual/input/input7 2026/03/04 07:07:35 executed programs: 4 [ 112.021017][ T6384] input: syz0 as /devices/virtual/input/input8 [ 112.412720][ T63] Bluetooth: hci0: command tx timeout [ 112.865480][ T6386] input: syz0 as /devices/virtual/input/input9 [ 113.712903][ T6388] input: syz0 as /devices/virtual/input/input10 [ 114.482870][ T63] Bluetooth: hci0: command tx timeout [ 114.560291][ T6390] input: syz0 as /devices/virtual/input/input11 [ 115.407471][ T6392] input: syz0 as /devices/virtual/input/input12 [ 116.255553][ T6394] input: syz0 as /devices/virtual/input/input13 2026/03/04 07:07:40 executed programs: 10 [ 117.102253][ T6396] input: syz0 as /devices/virtual/input/input14 [ 117.948118][ T6398] input: syz0 as /devices/virtual/input/input15 [ 118.795569][ T6400] input: syz0 as /devices/virtual/input/input16