[ 53.105456][ T40] audit: type=1400 audit(1768177560.859:60): avc: denied { rlimitinh } for pid=5912 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 53.113247][ T40] audit: type=1400 audit(1768177560.859:61): avc: denied { siginh } for pid=5912 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:20351' (ED25519) to the list of known hosts. [ 60.912658][ T40] audit: type=1400 audit(1768177568.689:62): avc: denied { execute } for pid=5930 comm="sh" name="syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 60.920132][ T40] audit: type=1400 audit(1768177568.689:63): avc: denied { execute_no_trans } for pid=5930 comm="sh" path="/syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 2026/01/12 00:26:10 parsed 1 programs [ 62.429293][ T40] audit: type=1400 audit(1768177570.209:64): avc: denied { node_bind } for pid=5930 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 64.913495][ T40] audit: type=1400 audit(1768177572.689:65): avc: denied { mounton } for pid=5940 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 64.924187][ T40] audit: type=1400 audit(1768177572.699:66): avc: denied { mount } for pid=5940 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 64.926610][ T5940] cgroup: Unknown subsys name 'net' [ 64.936331][ T40] audit: type=1400 audit(1768177572.709:67): avc: denied { unmount } for pid=5940 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 65.150248][ T5940] cgroup: Unknown subsys name 'cpuset' [ 65.154876][ T5940] cgroup: Unknown subsys name 'rlimit' [ 65.361060][ T40] audit: type=1400 audit(1768177573.139:68): avc: denied { setattr } for pid=5940 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 65.371035][ T40] audit: type=1400 audit(1768177573.139:69): avc: denied { create } for pid=5940 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.379378][ T40] audit: type=1400 audit(1768177573.139:70): avc: denied { write } for pid=5940 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.386945][ T40] audit: type=1400 audit(1768177573.139:71): avc: denied { read } for pid=5940 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.421519][ T5944] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 66.299031][ T5940] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.190550][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 68.190561][ T40] audit: type=1400 audit(1768177575.969:82): avc: denied { execmem } for pid=5953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 68.199346][ T40] audit: type=1400 audit(1768177575.979:83): avc: denied { create } for pid=5954 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 68.207558][ T40] audit: type=1400 audit(1768177575.979:84): avc: denied { read write } for pid=5954 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 68.207831][ T5294] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.215358][ T40] audit: type=1400 audit(1768177575.979:85): avc: denied { open } for pid=5954 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 68.218628][ T5294] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.226554][ T40] audit: type=1400 audit(1768177575.979:86): avc: denied { ioctl } for pid=5954 comm="syz-executor" path="socket:[910]" dev="sockfs" ino=910 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 68.229436][ T5294] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.241172][ T5294] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.244107][ T5294] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.249191][ T40] audit: type=1400 audit(1768177576.029:87): avc: denied { read } for pid=5954 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 68.257650][ T40] audit: type=1400 audit(1768177576.029:88): avc: denied { open } for pid=5954 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 68.266618][ T40] audit: type=1400 audit(1768177576.029:89): avc: denied { mounton } for pid=5954 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 68.312217][ T40] audit: type=1400 audit(1768177576.089:90): avc: denied { mount } for pid=5954 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 68.321594][ T40] audit: type=1400 audit(1768177576.099:91): avc: denied { mounton } for pid=5954 comm="syz-executor" path="/syzkaller.KOO4qA/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 68.345469][ T5954] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 70.090677][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.094036][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.122962][ T1200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.126165][ T1200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.513515][ T6020] chnl_net:caif_netlink_parms(): no params data found [ 70.614275][ T6020] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.617326][ T6020] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.619657][ T6020] bridge_slave_0: entered allmulticast mode [ 70.622403][ T6020] bridge_slave_0: entered promiscuous mode [ 70.632456][ T6020] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.634783][ T6020] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.637223][ T6020] bridge_slave_1: entered allmulticast mode [ 70.640180][ T6020] bridge_slave_1: entered promiscuous mode [ 70.658394][ T6020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.664599][ T6020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.699963][ T6020] team0: Port device team_slave_0 added [ 70.703193][ T6020] team0: Port device team_slave_1 added [ 70.716238][ T6020] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.718589][ T6020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.726690][ T6020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.731577][ T6020] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.733784][ T6020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.741906][ T6020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.764504][ T6020] hsr_slave_0: entered promiscuous mode [ 70.766739][ T6020] hsr_slave_1: entered promiscuous mode [ 70.889820][ T6020] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.895338][ T6020] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.900754][ T6020] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.904778][ T6020] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.924089][ T6020] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.927208][ T6020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.930715][ T6020] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.933704][ T6020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.978854][ T6020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.986903][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.990362][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.996783][ T6020] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.002361][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.004676][ T1200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.010747][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.013012][ T1200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.145433][ T6020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.169984][ T6020] veth0_vlan: entered promiscuous mode [ 71.174898][ T6020] veth1_vlan: entered promiscuous mode [ 71.189593][ T6020] veth0_macvtap: entered promiscuous mode [ 71.193799][ T6020] veth1_macvtap: entered promiscuous mode [ 71.203481][ T6020] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.211395][ T6020] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.222227][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.225194][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.229757][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.233398][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.336638][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.398680][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.477808][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.558178][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/01/12 00:26:19 executed programs: 0 [ 71.823776][ T5294] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.828267][ T5294] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.831800][ T5294] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.834849][ T5294] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.837907][ T5294] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.969491][ T6050] chnl_net:caif_netlink_parms(): no params data found [ 72.013689][ T6050] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.016596][ T6050] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.020166][ T6050] bridge_slave_0: entered allmulticast mode [ 72.023130][ T6050] bridge_slave_0: entered promiscuous mode [ 72.026251][ T6050] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.028769][ T6050] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.031617][ T6050] bridge_slave_1: entered allmulticast mode [ 72.035333][ T6050] bridge_slave_1: entered promiscuous mode [ 72.064636][ T6050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.069881][ T6050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.089265][ T6050] team0: Port device team_slave_0 added [ 72.093424][ T6050] team0: Port device team_slave_1 added [ 72.111679][ T6050] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.114507][ T6050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.124020][ T6050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.132165][ T6050] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.134469][ T6050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.143317][ T6050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.169117][ T6050] hsr_slave_0: entered promiscuous mode [ 72.171451][ T6050] hsr_slave_1: entered promiscuous mode [ 72.173528][ T6050] debugfs: 'hsr0' already exists in 'hsr' [ 72.175411][ T6050] Cannot create hsr debugfs directory [ 73.888086][ T65] Bluetooth: hci0: command tx timeout [ 74.643793][ T13] bridge_slave_1: left allmulticast mode [ 74.645700][ T13] bridge_slave_1: left promiscuous mode [ 74.648057][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.653096][ T13] bridge_slave_0: left allmulticast mode [ 74.655353][ T13] bridge_slave_0: left promiscuous mode [ 74.658792][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.682802][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 74.682817][ T40] audit: type=1400 audit(1768177582.459:112): avc: denied { create } for pid=6059 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.693284][ T40] audit: type=1400 audit(1768177582.459:113): avc: denied { write } for pid=6059 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth2.link" dev="tmpfs" ino=2101 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.701570][ T40] audit: type=1400 audit(1768177582.459:114): avc: denied { append } for pid=6059 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" dev="tmpfs" ino=2101 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.743652][ T40] audit: type=1400 audit(1768177582.519:115): avc: denied { unlink } for pid=6062 comm="rm" name="resolv.conf.eth2.link" dev="tmpfs" ino=2101 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 74.890880][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 74.896025][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 74.900526][ T13] bond0 (unregistering): Released all slaves [ 75.027357][ T13] hsr_slave_0: left promiscuous mode [ 75.029605][ T13] hsr_slave_1: left promiscuous mode [ 75.031646][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.033967][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.036775][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.039208][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.052555][ T13] veth1_macvtap: left promiscuous mode [ 75.054404][ T13] veth0_macvtap: left promiscuous mode [ 75.056230][ T13] veth1_vlan: left promiscuous mode [ 75.058352][ T13] veth0_vlan: left promiscuous mode [ 75.268166][ T13] team0 (unregistering): Port device team_slave_1 removed [ 75.282034][ T13] team0 (unregistering): Port device team_slave_0 removed [ 75.622667][ T6050] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.627168][ T6050] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.631175][ T6050] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.635628][ T6050] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.724855][ T6050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.741744][ T6050] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.748371][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.751405][ T1200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.758636][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.761018][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.792336][ T6050] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.894843][ T6050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.921362][ T6050] veth0_vlan: entered promiscuous mode [ 75.931200][ T6050] veth1_vlan: entered promiscuous mode [ 75.977653][ T65] Bluetooth: hci0: command tx timeout [ 76.011455][ T6050] veth0_macvtap: entered promiscuous mode [ 76.015540][ T6050] veth1_macvtap: entered promiscuous mode [ 76.025041][ T6050] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.048502][ T6050] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.054490][ T1200] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.058261][ T1200] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.061935][ T1200] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.064800][ T1200] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.110199][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.114725][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.139765][ T3762] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.142336][ T3762] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.168600][ T40] audit: type=1400 audit(1768177583.949:116): avc: denied { read write } for pid=6091 comm="syz.0.17" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.171307][ T6091] input: syz0 as /devices/virtual/input/input5 [ 76.177477][ T40] audit: type=1400 audit(1768177583.949:117): avc: denied { open } for pid=6091 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.185487][ T6091] [ 76.188874][ T6091] ====================================================== [ 76.191781][ T6091] WARNING: possible circular locking dependency detected [ 76.194687][ T6091] syzkaller #0 Not tainted [ 76.196596][ T6091] ------------------------------------------------------ [ 76.197170][ T40] audit: type=1400 audit(1768177583.949:118): avc: denied { ioctl } for pid=6091 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 76.199519][ T6091] syz.0.17/6091 is trying to acquire lock: [ 76.209670][ T6091] ffff888026f2a070 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 76.213992][ T6091] [ 76.213992][ T6091] but task is already holding lock: [ 76.215056][ T40] audit: type=1400 audit(1768177583.959:119): avc: denied { read } for pid=6091 comm="syz.0.17" name="event4" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 76.217102][ T6091] ffff888026f288b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc60 [ 76.224635][ T40] audit: type=1400 audit(1768177583.959:120): avc: denied { open } for pid=6091 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 76.228189][ T6091] [ 76.228189][ T6091] which lock already depends on the new lock. [ 76.228189][ T6091] [ 76.228198][ T6091] [ 76.228198][ T6091] the existing dependency chain (in reverse order) is: [ 76.228204][ T6091] [ 76.228204][ T6091] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 76.228231][ T6091] __mutex_lock+0x1aa/0x1ca0 [ 76.235606][ T40] audit: type=1400 audit(1768177583.959:121): avc: denied { ioctl } for pid=6091 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2840 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 76.239768][ T6091] input_ff_flush+0x63/0x1c0 [ 76.239798][ T6091] uinput_dev_flush+0x2a/0x40 [ 76.262371][ T6091] input_flush_device+0xce/0x160 [ 76.264719][ T6091] evdev_release+0x344/0x420 [ 76.266828][ T6091] __fput+0x402/0xb70 [ 76.268787][ T6091] fput_close_sync+0x118/0x260 [ 76.271064][ T6091] __x64_sys_close+0x8b/0x120 [ 76.273274][ T6091] do_syscall_64+0xcd/0xf80 [ 76.275419][ T6091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.278099][ T6091] [ 76.278099][ T6091] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 76.281236][ T6091] __mutex_lock+0x1aa/0x1ca0 [ 76.283434][ T6091] input_register_handle+0xca/0x650 [ 76.285820][ T6091] kbd_connect+0xce/0x180 [ 76.287882][ T6091] input_attach_handler.isra.0+0x176/0x250 [ 76.290526][ T6091] input_register_device+0xab9/0x11b0 [ 76.292917][ T6091] acpi_button_add+0x582/0xb90 [ 76.294745][ T6091] acpi_device_probe+0xc9/0x380 [ 76.296464][ T6091] really_probe+0x241/0xb20 [ 76.298058][ T6091] __driver_probe_device+0x1de/0x470 [ 76.299906][ T6091] driver_probe_device+0x4c/0x1b0 [ 76.301634][ T6091] __driver_attach+0x283/0x5e0 [ 76.303279][ T6091] bus_for_each_dev+0x13e/0x1d0 [ 76.305476][ T6091] bus_add_driver+0x30f/0x6c0 [ 76.307703][ T6091] driver_register+0x15c/0x4b0 [ 76.309925][ T6091] __acpi_bus_register_driver+0xdf/0x130 [ 76.312537][ T6091] acpi_button_driver_init+0x82/0x110 [ 76.314978][ T6091] do_one_initcall+0x123/0x680 [ 76.317125][ T6091] kernel_init_freeable+0x5c8/0x920 [ 76.319613][ T6091] kernel_init+0x1c/0x2b0 [ 76.321673][ T6091] ret_from_fork+0x983/0xb10 [ 76.323856][ T6091] ret_from_fork_asm+0x1a/0x30 [ 76.326145][ T6091] [ 76.326145][ T6091] -> #1 (input_mutex){+.+.}-{4:4}: [ 76.329236][ T6091] __mutex_lock+0x1aa/0x1ca0 [ 76.331445][ T6091] input_register_device+0x992/0x11b0 [ 76.333915][ T6091] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 76.336750][ T6091] __x64_sys_ioctl+0x18e/0x210 [ 76.339088][ T6091] do_syscall_64+0xcd/0xf80 [ 76.341238][ T6091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.344013][ T6091] [ 76.344013][ T6091] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 76.347212][ T6091] __lock_acquire+0x1669/0x2890 [ 76.349482][ T6091] lock_acquire+0x179/0x330 [ 76.351626][ T6091] __mutex_lock+0x1aa/0x1ca0 [ 76.353798][ T6091] uinput_request_submit.part.0+0x25/0x2e0 [ 76.356470][ T6091] uinput_dev_upload_effect+0x174/0x1f0 [ 76.359039][ T6091] input_ff_upload+0x582/0xc60 [ 76.361300][ T6091] evdev_do_ioctl+0xf40/0x1b30 [ 76.363559][ T6091] evdev_ioctl+0x16f/0x1a0 [ 76.365656][ T6091] __x64_sys_ioctl+0x18e/0x210 [ 76.367902][ T6091] do_syscall_64+0xcd/0xf80 [ 76.370024][ T6091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.372724][ T6091] [ 76.372724][ T6091] other info that might help us debug this: [ 76.372724][ T6091] [ 76.376992][ T6091] Chain exists of: [ 76.376992][ T6091] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 76.376992][ T6091] [ 76.377902][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.382151][ T6091] Possible unsafe locking scenario: [ 76.382151][ T6091] [ 76.382159][ T6091] CPU0 CPU1 [ 76.384863][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.387918][ T6091] ---- ---- [ 76.387925][ T6091] lock(&ff->mutex); [ 76.387939][ T6091] lock(&dev->mutex#2); [ 76.387956][ T6091] lock(&ff->mutex); [ 76.387968][ T6091] lock(&newdev->mutex); [ 76.403991][ T6091] [ 76.403991][ T6091] *** DEADLOCK *** [ 76.403991][ T6091] [ 76.407336][ T6091] 2 locks held by syz.0.17/6091: [ 76.409435][ T6091] #0: ffff8880255ba118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 76.413250][ T6091] #1: ffff888026f288b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc60 [ 76.416923][ T6091] [ 76.416923][ T6091] stack backtrace: [ 76.419393][ T6091] CPU: 3 UID: 0 PID: 6091 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 76.419415][ T6091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.419426][ T6091] Call Trace: [ 76.419434][ T6091] [ 76.419441][ T6091] dump_stack_lvl+0x116/0x1f0 [ 76.419466][ T6091] print_circular_bug+0x275/0x340 [ 76.419486][ T6091] check_noncircular+0x146/0x160 [ 76.419507][ T6091] __lock_acquire+0x1669/0x2890 [ 76.419528][ T6091] ? save_trace+0x4e/0x380 [ 76.419545][ T6091] lock_acquire+0x179/0x330 [ 76.419563][ T6091] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.419590][ T6091] ? __pfx___might_resched+0x10/0x10 [ 76.419607][ T6091] __mutex_lock+0x1aa/0x1ca0 [ 76.419632][ T6091] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.419657][ T6091] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.419680][ T6091] ? find_held_lock+0x2b/0x80 [ 76.419707][ T6091] ? __pfx___mutex_lock+0x10/0x10 [ 76.419729][ T6091] ? do_raw_spin_unlock+0x172/0x230 [ 76.419753][ T6091] ? _raw_spin_unlock+0x28/0x50 [ 76.419774][ T6091] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 76.419799][ T6091] ? rcu_is_watching+0x12/0xc0 [ 76.419814][ T6091] ? trace_contention_end+0xdd/0x110 [ 76.419837][ T6091] ? uinput_request_submit.part.0+0x25/0x2e0 [ 76.419860][ T6091] uinput_request_submit.part.0+0x25/0x2e0 [ 76.419885][ T6091] uinput_dev_upload_effect+0x174/0x1f0 [ 76.419910][ T6091] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 76.419938][ T6091] ? __might_fault+0x13b/0x190 [ 76.419958][ T6091] input_ff_upload+0x582/0xc60 [ 76.419983][ T6091] evdev_do_ioctl+0xf40/0x1b30 [ 76.420003][ T6091] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 76.420026][ T6091] ? __pfx___mutex_lock+0x10/0x10 [ 76.420057][ T6091] evdev_ioctl+0x16f/0x1a0 [ 76.420075][ T6091] ? __pfx_evdev_ioctl+0x10/0x10 [ 76.420095][ T6091] __x64_sys_ioctl+0x18e/0x210 [ 76.420116][ T6091] do_syscall_64+0xcd/0xf80 [ 76.420139][ T6091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.420157][ T6091] RIP: 0033:0x7fd7a878f7c9 [ 76.420171][ T6091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.420187][ T6091] RSP: 002b:00007ffea10e60e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.420204][ T6091] RAX: ffffffffffffffda RBX: 00007fd7a89e5fa0 RCX: 00007fd7a878f7c9 [ 76.420215][ T6091] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 76.420225][ T6091] RBP: 00007fd7a8813f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.420235][ T6091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.420244][ T6091] R13: 00007fd7a89e5fa0 R14: 00007fd7a89e5fa0 R15: 0000000000000003 [ 76.420260][ T6091] [ 78.047319][ T65] Bluetooth: hci0: command tx timeout [ 80.127536][ T65] Bluetooth: hci0: command tx timeout