[ 53.114320][ T40] audit: type=1400 audit(1770454661.781:60): avc: denied { rlimitinh } for pid=5908 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 53.121056][ T40] audit: type=1400 audit(1770454661.781:61): avc: denied { siginh } for pid=5908 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:52489' (ED25519) to the list of known hosts. [ 60.176909][ T40] audit: type=1400 audit(1770454668.861:62): avc: denied { execute } for pid=5926 comm="sh" name="syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 60.185638][ T40] audit: type=1400 audit(1770454668.861:63): avc: denied { execute_no_trans } for pid=5926 comm="sh" path="/syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 2026/02/07 08:57:50 parsed 1 programs [ 61.890667][ T40] audit: type=1400 audit(1770454670.571:64): avc: denied { node_bind } for pid=5926 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 64.469721][ T40] audit: type=1400 audit(1770454673.151:65): avc: denied { mounton } for pid=5936 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 64.477767][ T40] audit: type=1400 audit(1770454673.161:66): avc: denied { mount } for pid=5936 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 64.480364][ T5936] cgroup: Unknown subsys name 'net' [ 64.488615][ T40] audit: type=1400 audit(1770454673.171:67): avc: denied { unmount } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 64.613506][ T5936] cgroup: Unknown subsys name 'cpuset' [ 64.617748][ T5936] cgroup: Unknown subsys name 'rlimit' [ 64.825246][ T40] audit: type=1400 audit(1770454673.511:68): avc: denied { setattr } for pid=5936 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 64.833311][ T40] audit: type=1400 audit(1770454673.511:69): avc: denied { create } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.840268][ T40] audit: type=1400 audit(1770454673.511:70): avc: denied { write } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.847405][ T40] audit: type=1400 audit(1770454673.511:71): avc: denied { read } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 64.901934][ T5938] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 65.954118][ T5936] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.318452][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 68.318464][ T40] audit: type=1400 audit(1770454677.001:82): avc: denied { execmem } for pid=5948 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 68.397154][ T40] audit: type=1400 audit(1770454677.081:83): avc: denied { read } for pid=5949 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 68.405060][ T40] audit: type=1400 audit(1770454677.081:84): avc: denied { open } for pid=5949 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 68.413892][ T40] audit: type=1400 audit(1770454677.081:85): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 68.461007][ T40] audit: type=1400 audit(1770454677.151:86): avc: denied { mount } for pid=5949 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 68.467979][ T40] audit: type=1400 audit(1770454677.151:87): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/syzkaller.lgLmxW/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 68.475823][ T40] audit: type=1400 audit(1770454677.151:88): avc: denied { mount } for pid=5949 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 68.483300][ T40] audit: type=1400 audit(1770454677.151:89): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/syzkaller.lgLmxW/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 68.491720][ T40] audit: type=1400 audit(1770454677.151:90): avc: denied { mounton } for pid=5949 comm="syz-executor" path="/syzkaller.lgLmxW/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 68.499898][ T40] audit: type=1400 audit(1770454677.151:91): avc: denied { unmount } for pid=5949 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 68.511632][ T5949] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.886294][ T5967] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.904369][ T5967] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.907486][ T5967] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.912896][ T5967] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.915801][ T5967] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.137463][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.140919][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.163471][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.166477][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.088315][ T5997] chnl_net:caif_netlink_parms(): no params data found [ 70.155460][ T5997] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.159396][ T5997] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.163738][ T5997] bridge_slave_0: entered allmulticast mode [ 70.167622][ T5997] bridge_slave_0: entered promiscuous mode [ 70.173529][ T5997] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.176414][ T5997] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.179530][ T5997] bridge_slave_1: entered allmulticast mode [ 70.185480][ T5997] bridge_slave_1: entered promiscuous mode [ 70.323499][ T5997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.329599][ T5997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.352544][ T5997] team0: Port device team_slave_0 added [ 70.356530][ T5997] team0: Port device team_slave_1 added [ 70.380457][ T5997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.384791][ T5997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.395138][ T5997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.407904][ T5997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.410451][ T5997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.419306][ T5997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.480155][ T5997] hsr_slave_0: entered promiscuous mode [ 70.483632][ T5997] hsr_slave_1: entered promiscuous mode [ 70.631097][ T5997] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.640198][ T5997] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.647212][ T5997] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.654905][ T5997] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.677856][ T5997] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.680290][ T5997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.683030][ T5997] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.685920][ T5997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.719173][ T5997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.731742][ T72] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.736476][ T72] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.745723][ T5997] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.755229][ T1185] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.758187][ T1185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.765125][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.767707][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.922739][ T5997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.962202][ T5997] veth0_vlan: entered promiscuous mode [ 70.970305][ T5997] veth1_vlan: entered promiscuous mode [ 70.994838][ T5997] veth0_macvtap: entered promiscuous mode [ 71.001700][ T5997] veth1_macvtap: entered promiscuous mode [ 71.017580][ T5997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.026558][ T5997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.037277][ T1145] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.041624][ T1145] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.046211][ T1145] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.050181][ T1145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.140114][ T1145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.238159][ T1145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.311737][ T1145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.383512][ T1145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/02/07 08:58:00 executed programs: 0 [ 72.155721][ T5967] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.158878][ T5967] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.161836][ T5967] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.165985][ T5967] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.169311][ T5967] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.310254][ T6048] chnl_net:caif_netlink_parms(): no params data found [ 72.370224][ T6048] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.373518][ T6048] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.375864][ T6048] bridge_slave_0: entered allmulticast mode [ 72.378493][ T6048] bridge_slave_0: entered promiscuous mode [ 72.382749][ T6048] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.385068][ T6048] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.387357][ T6048] bridge_slave_1: entered allmulticast mode [ 72.390112][ T6048] bridge_slave_1: entered promiscuous mode [ 72.407027][ T6048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.411654][ T6048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.428041][ T6048] team0: Port device team_slave_0 added [ 72.431380][ T6048] team0: Port device team_slave_1 added [ 72.446775][ T6048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.449528][ T6048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.457696][ T6048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.462757][ T6048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.465018][ T6048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.474496][ T6048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.510376][ T6048] hsr_slave_0: entered promiscuous mode [ 72.513009][ T6048] hsr_slave_1: entered promiscuous mode [ 72.515219][ T6048] debugfs: 'hsr0' already exists in 'hsr' [ 72.517142][ T6048] Cannot create hsr debugfs directory [ 74.201303][ T64] Bluetooth: hci0: command tx timeout [ 74.258432][ T1145] bridge_slave_1: left allmulticast mode [ 74.261293][ T1145] bridge_slave_1: left promiscuous mode [ 74.264257][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.273645][ T1145] bridge_slave_0: left allmulticast mode [ 74.276039][ T1145] bridge_slave_0: left promiscuous mode [ 74.278422][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.482076][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 74.486819][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 74.490677][ T1145] bond0 (unregistering): Released all slaves [ 74.577910][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 74.577928][ T40] audit: type=1400 audit(1770454683.261:112): avc: denied { create } for pid=6058 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.589978][ T40] audit: type=1400 audit(1770454683.261:113): avc: denied { write } for pid=6058 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth2.link" dev="tmpfs" ino=2092 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.602249][ T40] audit: type=1400 audit(1770454683.261:114): avc: denied { append } for pid=6058 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" dev="tmpfs" ino=2092 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.638764][ T40] audit: type=1400 audit(1770454683.321:115): avc: denied { unlink } for pid=6061 comm="rm" name="resolv.conf.eth2.link" dev="tmpfs" ino=2092 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.678683][ T1145] hsr_slave_0: left promiscuous mode [ 74.683905][ T1145] hsr_slave_1: left promiscuous mode [ 74.686869][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.690154][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.695483][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.698727][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.712466][ T1145] veth1_macvtap: left promiscuous mode [ 74.715025][ T1145] veth0_macvtap: left promiscuous mode [ 74.717536][ T1145] veth1_vlan: left promiscuous mode [ 74.719862][ T1145] veth0_vlan: left promiscuous mode [ 74.973646][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 74.990421][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 75.468815][ T6048] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.474953][ T6048] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.484981][ T6048] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.493579][ T6048] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.555077][ T6048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.564757][ T6048] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.569507][ T1185] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.571845][ T1185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.578953][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.581536][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.598200][ T6048] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 75.602287][ T6048] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.711050][ T6048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.895839][ T6048] veth0_vlan: entered promiscuous mode [ 75.901391][ T6048] veth1_vlan: entered promiscuous mode [ 75.916331][ T6048] veth0_macvtap: entered promiscuous mode [ 75.920143][ T6048] veth1_macvtap: entered promiscuous mode [ 75.930565][ T6048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.937878][ T6048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.944283][ T1147] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.948235][ T1147] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.952647][ T1147] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.960339][ T1147] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.054869][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.057462][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.071920][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.075062][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.113676][ T40] audit: type=1400 audit(1770454684.801:116): avc: denied { read write } for pid=6086 comm="syz.0.17" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.115832][ T6086] input: syz1 as /devices/virtual/input/input5 [ 76.122923][ T40] audit: type=1400 audit(1770454684.801:117): avc: denied { open } for pid=6086 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.127403][ T6086] [ 76.133534][ T40] audit: type=1400 audit(1770454684.801:118): avc: denied { ioctl } for pid=6086 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.134032][ T6086] ====================================================== [ 76.143340][ T40] audit: type=1400 audit(1770454684.811:119): avc: denied { read } for pid=6086 comm="syz.0.17" name="event4" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 76.145296][ T6086] WARNING: possible circular locking dependency detected [ 76.145304][ T6086] syzkaller #0 Not tainted [ 76.154511][ T40] audit: type=1400 audit(1770454684.811:120): avc: denied { open } for pid=6086 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 76.156620][ T6086] ------------------------------------------------------ [ 76.156628][ T6086] syz.0.17/6086 is trying to acquire lock: [ 76.158530][ T40] audit: type=1400 audit(1770454684.811:121): avc: denied { ioctl } for pid=6086 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2840 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 76.166359][ T6086] ffff888025065870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 76.166401][ T6086] [ 76.166401][ T6086] but task is already holding lock: [ 76.166404][ T6086] ffff8880250648b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1d7/0xc60 [ 76.166431][ T6086] [ 76.166431][ T6086] which lock already depends on the new lock. [ 76.166431][ T6086] [ 76.166435][ T6086] [ 76.166435][ T6086] the existing dependency chain (in reverse order) is: [ 76.166438][ T6086] [ 76.166438][ T6086] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 76.200705][ T6086] __mutex_lock+0x1a2/0x1b90 [ 76.202837][ T6086] input_ff_flush+0x63/0x1b0 [ 76.205049][ T6086] uinput_dev_flush+0x2a/0x40 [ 76.207236][ T6086] input_flush_device+0xd1/0x160 [ 76.209586][ T6086] evdev_release+0x344/0x420 [ 76.211778][ T6086] __fput+0x3ff/0xb40 [ 76.213801][ T6086] fput_close_sync+0x118/0x250 [ 76.216076][ T6086] __x64_sys_close+0x8b/0x120 [ 76.218347][ T6086] do_syscall_64+0xc9/0xf80 [ 76.220497][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.222972][ T6086] [ 76.222972][ T6086] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 76.225672][ T6086] __mutex_lock+0x1a2/0x1b90 [ 76.227315][ T6086] input_register_handle+0xca/0x630 [ 76.229159][ T6086] kbd_connect+0xce/0x180 [ 76.230752][ T6086] input_attach_handler.isra.0+0x177/0x1e0 [ 76.232920][ T6086] input_register_device.cold+0x139/0x375 [ 76.234960][ T6086] acpi_button_add+0x548/0xb50 [ 76.236662][ T6086] acpi_device_probe+0xc9/0x370 [ 76.238375][ T6086] really_probe+0x241/0xa60 [ 76.240018][ T6086] __driver_probe_device+0x1de/0x400 [ 76.242158][ T6086] driver_probe_device+0x4c/0x1b0 [ 76.243967][ T6086] __driver_attach+0x217/0x5c0 [ 76.245683][ T6086] bus_for_each_dev+0x13e/0x1d0 [ 76.247432][ T6086] bus_add_driver+0x305/0x5b0 [ 76.249094][ T6086] driver_register+0x1e2/0x360 [ 76.250745][ T6086] __acpi_bus_register_driver+0xdf/0x130 [ 76.253074][ T6086] acpi_button_driver_init+0xe4/0x100 [ 76.255639][ T6086] do_one_initcall+0x11d/0x690 [ 76.257957][ T6086] kernel_init_freeable+0x6e5/0x790 [ 76.260419][ T6086] kernel_init+0x1f/0x1e0 [ 76.262428][ T6086] ret_from_fork+0x754/0xaf0 [ 76.264567][ T6086] ret_from_fork_asm+0x1a/0x30 [ 76.266759][ T6086] [ 76.266759][ T6086] -> #1 (input_mutex){+.+.}-{4:4}: [ 76.269193][ T6086] __mutex_lock+0x1a2/0x1b90 [ 76.270805][ T6086] input_register_device.cold+0x5b/0x375 [ 76.272877][ T6086] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 76.274948][ T6086] __x64_sys_ioctl+0x18e/0x210 [ 76.277136][ T6086] do_syscall_64+0xc9/0xf80 [ 76.279362][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.282029][ T6086] [ 76.282029][ T6086] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 76.285223][ T6086] __lock_acquire+0x14b8/0x2630 [ 76.287491][ T6086] lock_acquire+0x17c/0x330 [ 76.289689][ T6086] __mutex_lock+0x1a2/0x1b90 [ 76.291885][ T6086] uinput_request_submit.part.0+0x25/0x2e0 [ 76.294027][ T6086] uinput_dev_upload_effect+0x174/0x1f0 [ 76.296022][ T6086] input_ff_upload+0x578/0xc60 [ 76.297769][ T6086] evdev_do_ioctl+0x1228/0x1b60 [ 76.299550][ T6086] evdev_ioctl+0x16f/0x1a0 [ 76.301193][ T6086] __x64_sys_ioctl+0x18e/0x210 [ 76.302968][ T6086] do_syscall_64+0xc9/0xf80 [ 76.304601][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.306616][ T6086] [ 76.306616][ T6086] other info that might help us debug this: [ 76.306616][ T6086] [ 76.309847][ T6086] Chain exists of: [ 76.309847][ T6086] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 76.309847][ T6086] [ 76.313779][ T6086] Possible unsafe locking scenario: [ 76.313779][ T6086] [ 76.316136][ T6086] CPU0 CPU1 [ 76.317863][ T6086] ---- ---- [ 76.319614][ T6086] lock(&ff->mutex); [ 76.320687][ T64] Bluetooth: hci0: command tx timeout [ 76.320911][ T6086] lock(&dev->mutex#2); [ 76.326135][ T6086] lock(&ff->mutex); [ 76.328276][ T6086] lock(&newdev->mutex); [ 76.329751][ T6086] [ 76.329751][ T6086] *** DEADLOCK *** [ 76.329751][ T6086] [ 76.333097][ T6086] 2 locks held by syz.0.17/6086: [ 76.335180][ T6086] #0: ffff88802bc2b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 76.338928][ T6086] #1: ffff8880250648b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1d7/0xc60 [ 76.342612][ T6086] [ 76.342612][ T6086] stack backtrace: [ 76.345152][ T6086] CPU: 2 UID: 0 PID: 6086 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 76.345173][ T6086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 76.345183][ T6086] Call Trace: [ 76.345191][ T6086] [ 76.345197][ T6086] dump_stack_lvl+0x100/0x190 [ 76.345222][ T6086] print_circular_bug.cold+0x178/0x1c7 [ 76.345248][ T6086] check_noncircular+0x146/0x160 [ 76.345276][ T6086] __lock_acquire+0x14b8/0x2630 [ 76.345296][ T6086] lock_acquire+0x17c/0x330 [ 76.345311][ T6086] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.345336][ T6086] ? __pfx___might_resched+0x10/0x10 [ 76.345358][ T6086] __mutex_lock+0x1a2/0x1b90 [ 76.345377][ T6086] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.345401][ T6086] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.345423][ T6086] ? do_raw_spin_lock+0x128/0x260 [ 76.345442][ T6086] ? find_held_lock+0x2b/0x80 [ 76.345463][ T6086] ? uinput_request_reserve_slot+0x3ca/0x4d0 [ 76.345486][ T6086] ? uinput_request_reserve_slot+0x3ca/0x4d0 [ 76.345510][ T6086] ? __pfx___mutex_lock+0x10/0x10 [ 76.345528][ T6086] ? do_raw_spin_unlock+0x145/0x1e0 [ 76.345547][ T6086] ? _raw_spin_unlock+0x28/0x50 [ 76.345563][ T6086] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 76.345587][ T6086] ? trace_contention_end+0xd6/0x110 [ 76.345605][ T6086] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.345628][ T6086] uinput_request_submit.part.0+0x25/0x2e0 [ 76.345652][ T6086] uinput_dev_upload_effect+0x174/0x1f0 [ 76.345675][ T6086] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 76.345705][ T6086] input_ff_upload+0x578/0xc60 [ 76.345729][ T6086] evdev_do_ioctl+0x1228/0x1b60 [ 76.345749][ T6086] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 76.345774][ T6086] evdev_ioctl+0x16f/0x1a0 [ 76.345792][ T6086] ? __pfx_evdev_ioctl+0x10/0x10 [ 76.345811][ T6086] __x64_sys_ioctl+0x18e/0x210 [ 76.345829][ T6086] do_syscall_64+0xc9/0xf80 [ 76.345847][ T6086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.345863][ T6086] RIP: 0033:0x7f850cd9aeb9 [ 76.345877][ T6086] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 76.345892][ T6086] RSP: 002b:00007ffdf5de0798 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.345908][ T6086] RAX: ffffffffffffffda RBX: 00007f850d015fa0 RCX: 00007f850cd9aeb9 [ 76.345918][ T6086] RDX: 0000200000000500 RSI: 0000000040304580 RDI: 0000000000000004 [ 76.345928][ T6086] RBP: 00007f850ce08c1f R08: 0000000000000000 R09: 0000000000000000 [ 76.345938][ T6086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.345947][ T6086] R13: 00007f850d015fac R14: 00007f850d015fa0 R15: 00007f850d015fa0 [ 76.345962][ T6086] [ 76.522849][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.525617][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 78.360800][ T64] Bluetooth: hci0: command tx timeout [ 80.440760][ T64] Bluetooth: hci0: command tx timeout