Warning: Permanently added '[localhost]:59155' (ED25519) to the list of known hosts. [ 50.664785][ T40] audit: type=1400 audit(1765385213.533:62): avc: denied { execute } for pid=5922 comm="sh" name="syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 50.672331][ T40] audit: type=1400 audit(1765385213.533:63): avc: denied { execute_no_trans } for pid=5922 comm="sh" path="/syz-execprog" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 2025/12/10 16:46:54 parsed 1 programs [ 51.985171][ T40] audit: type=1400 audit(1765385214.853:64): avc: denied { node_bind } for pid=5922 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 53.865534][ T40] audit: type=1400 audit(1765385216.733:65): avc: denied { mounton } for pid=5936 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 53.873802][ T40] audit: type=1400 audit(1765385216.753:66): avc: denied { mount } for pid=5936 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 53.875410][ T5936] cgroup: Unknown subsys name 'net' [ 53.883948][ T40] audit: type=1400 audit(1765385216.763:67): avc: denied { unmount } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 54.030491][ T5936] cgroup: Unknown subsys name 'cpuset' [ 54.034567][ T5936] cgroup: Unknown subsys name 'rlimit' [ 54.170653][ T40] audit: type=1400 audit(1765385217.043:68): avc: denied { setattr } for pid=5936 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 54.178640][ T40] audit: type=1400 audit(1765385217.053:69): avc: denied { create } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 54.187404][ T40] audit: type=1400 audit(1765385217.053:70): avc: denied { write } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 54.195861][ T40] audit: type=1400 audit(1765385217.053:71): avc: denied { read } for pid=5936 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 54.241530][ T5941] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 54.890259][ T5936] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.430103][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 56.430114][ T40] audit: type=1400 audit(1765385219.303:82): avc: denied { execmem } for pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 56.441066][ T40] audit: type=1400 audit(1765385219.313:83): avc: denied { read } for pid=5946 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 56.456874][ T40] audit: type=1400 audit(1765385219.323:84): avc: denied { open } for pid=5946 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 56.464212][ T40] audit: type=1400 audit(1765385219.323:85): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 56.504450][ T40] audit: type=1400 audit(1765385219.373:86): avc: denied { mount } for pid=5946 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 56.511511][ T40] audit: type=1400 audit(1765385219.373:87): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/syzkaller.wM7Nkz/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 56.520223][ T40] audit: type=1400 audit(1765385219.383:88): avc: denied { mount } for pid=5946 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 56.527321][ T40] audit: type=1400 audit(1765385219.383:89): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/syzkaller.wM7Nkz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 56.535320][ T40] audit: type=1400 audit(1765385219.383:90): avc: denied { mounton } for pid=5946 comm="syz-executor" path="/syzkaller.wM7Nkz/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6566 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 56.543882][ T40] audit: type=1400 audit(1765385219.383:91): avc: denied { unmount } for pid=5946 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.554164][ T5946] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.772411][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 56.853750][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.857568][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.861682][ T5951] bridge_slave_0: entered allmulticast mode [ 56.865461][ T5951] bridge_slave_0: entered promiscuous mode [ 56.869817][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.872126][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.874776][ T5951] bridge_slave_1: entered allmulticast mode [ 56.877812][ T5951] bridge_slave_1: entered promiscuous mode [ 56.895808][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.900543][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.919422][ T5951] team0: Port device team_slave_0 added [ 56.922804][ T5951] team0: Port device team_slave_1 added [ 56.936981][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.939275][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 56.947582][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.952551][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.954811][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 56.963184][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.990980][ T5951] hsr_slave_0: entered promiscuous mode [ 56.993742][ T5951] hsr_slave_1: entered promiscuous mode [ 57.110595][ T5951] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.118276][ T5951] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.123464][ T5951] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.129590][ T5951] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.153417][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.155955][ T5951] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.158966][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.161915][ T5951] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.201849][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.213681][ T1220] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.218623][ T1220] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.227913][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.236734][ T4101] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.239597][ T4101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.246975][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.249685][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.377555][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.401615][ T5951] veth0_vlan: entered promiscuous mode [ 57.409627][ T5951] veth1_vlan: entered promiscuous mode [ 57.429206][ T5951] veth0_macvtap: entered promiscuous mode [ 57.434674][ T5951] veth1_macvtap: entered promiscuous mode [ 57.451911][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.460918][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.471448][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.474469][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.478833][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.481635][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.559905][ T1146] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.668492][ T1146] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.741749][ T1146] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.823073][ T1146] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.982669][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.985623][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.988248][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.991540][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.995098][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.006426][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.009176][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.024976][ T1220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.029670][ T1220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/12/10 16:47:02 executed programs: 0 [ 59.573055][ T5292] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.576616][ T5292] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.579569][ T5292] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.582469][ T5292] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.585129][ T5292] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.697527][ T6042] chnl_net:caif_netlink_parms(): no params data found [ 59.767559][ T6042] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.769846][ T6042] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.772167][ T6042] bridge_slave_0: entered allmulticast mode [ 59.774802][ T6042] bridge_slave_0: entered promiscuous mode [ 59.778785][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.780996][ T6042] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.783254][ T6042] bridge_slave_1: entered allmulticast mode [ 59.786611][ T6042] bridge_slave_1: entered promiscuous mode [ 59.802916][ T6042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.809482][ T6042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.835483][ T6042] team0: Port device team_slave_0 added [ 59.840534][ T6042] team0: Port device team_slave_1 added [ 59.864794][ T6042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.868076][ T6042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.878814][ T6042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.884893][ T6042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.887801][ T6042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 59.898632][ T6042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.929487][ T6042] hsr_slave_0: entered promiscuous mode [ 59.931776][ T6042] hsr_slave_1: entered promiscuous mode [ 59.934071][ T6042] debugfs: 'hsr0' already exists in 'hsr' [ 59.935953][ T6042] Cannot create hsr debugfs directory [ 60.814308][ T1146] bridge_slave_1: left allmulticast mode [ 60.817076][ T1146] bridge_slave_1: left promiscuous mode [ 60.819999][ T1146] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.826157][ T1146] bridge_slave_0: left allmulticast mode [ 60.828226][ T1146] bridge_slave_0: left promiscuous mode [ 60.830318][ T1146] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.015681][ T1146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 61.019804][ T1146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 61.023281][ T1146] bond0 (unregistering): Released all slaves [ 61.163707][ T1146] hsr_slave_0: left promiscuous mode [ 61.166267][ T1146] hsr_slave_1: left promiscuous mode [ 61.168342][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 61.170646][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 61.173489][ T1146] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 61.175924][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 61.186894][ T1146] veth1_macvtap: left promiscuous mode [ 61.188869][ T1146] veth0_macvtap: left promiscuous mode [ 61.190819][ T1146] veth1_vlan: left promiscuous mode [ 61.192694][ T1146] veth0_vlan: left promiscuous mode [ 61.430289][ T1146] team0 (unregistering): Port device team_slave_1 removed [ 61.447661][ T1146] team0 (unregistering): Port device team_slave_0 removed [ 61.597459][ T5292] Bluetooth: hci0: command tx timeout [ 61.990263][ T6042] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.995473][ T6042] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.000389][ T6042] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.005200][ T6042] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.057963][ T6042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.070181][ T6042] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.076050][ T1220] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.078729][ T1220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.088882][ T4101] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.091884][ T4101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.204532][ T6042] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.504402][ T6042] veth0_vlan: entered promiscuous mode [ 62.509940][ T6042] veth1_vlan: entered promiscuous mode [ 62.524837][ T6042] veth0_macvtap: entered promiscuous mode [ 62.529260][ T6042] veth1_macvtap: entered promiscuous mode [ 62.538155][ T6042] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.544867][ T6042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.557007][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.560700][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.564936][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.568889][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.634722][ T1062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.641531][ T1062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.665008][ T1220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.668257][ T1220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.719588][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 62.719603][ T40] audit: type=1400 audit(1765385225.593:116): avc: denied { read write } for pid=6083 comm="syz.0.17" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 62.722216][ T6083] input: syz0 as /devices/virtual/input/input5 [ 62.732118][ T40] audit: type=1400 audit(1765385225.593:117): avc: denied { open } for pid=6083 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 62.742272][ T6083] [ 62.744533][ T6083] ====================================================== [ 62.747436][ T6083] WARNING: possible circular locking dependency detected [ 62.748657][ T40] audit: type=1400 audit(1765385225.593:118): avc: denied { ioctl } for pid=6083 comm="syz.0.17" path="/dev/uinput" dev="devtmpfs" ino=943 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 62.750185][ T6083] syzkaller #0 Not tainted [ 62.750194][ T6083] ------------------------------------------------------ [ 62.759926][ T40] audit: type=1400 audit(1765385225.613:119): avc: denied { read } for pid=6083 comm="syz.0.17" name="event4" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.761445][ T6083] syz.0.17/6083 is trying to acquire lock: [ 62.764006][ T40] audit: type=1400 audit(1765385225.613:120): avc: denied { open } for pid=6083 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.772901][ T6083] ffff888032c86870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit.part.0+0x25/0x2e0 [ 62.772956][ T6083] [ 62.772956][ T6083] but task is already holding lock: [ 62.772962][ T6083] ffff888032c870b0 ( [ 62.774800][ T40] audit: type=1400 audit(1765385225.613:121): avc: denied { ioctl } for pid=6083 comm="syz.0.17" path="/dev/input/event4" dev="devtmpfs" ino=2840 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.784019][ T6083] &ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc60 [ 62.784059][ T6083] [ 62.784059][ T6083] which lock already depends on the new lock. [ 62.784059][ T6083] [ 62.784065][ T6083] [ 62.784065][ T6083] the existing dependency chain (in reverse order) is: [ 62.784070][ T6083] [ 62.784070][ T6083] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 62.784094][ T6083] __mutex_lock+0x1aa/0x1ca0 [ 62.784112][ T6083] input_ff_flush+0x63/0x1c0 [ 62.820493][ T6083] uinput_dev_flush+0x2a/0x40 [ 62.822658][ T6083] input_flush_device+0xce/0x160 [ 62.824987][ T6083] evdev_release+0x344/0x420 [ 62.827172][ T6083] __fput+0x402/0xb70 [ 62.829033][ T6083] fput_close_sync+0x118/0x260 [ 62.831221][ T6083] __x64_sys_close+0x8b/0x120 [ 62.833382][ T6083] do_syscall_64+0xcd/0xf80 [ 62.835519][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.838167][ T6083] [ 62.838167][ T6083] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 62.841284][ T6083] __mutex_lock+0x1aa/0x1ca0 [ 62.843483][ T6083] input_register_handle+0xca/0x650 [ 62.845959][ T6083] kbd_connect+0xce/0x180 [ 62.847988][ T6083] input_attach_handler.isra.0+0x176/0x250 [ 62.850411][ T6083] input_register_device+0xab9/0x11b0 [ 62.852958][ T6083] acpi_button_add+0x582/0xb90 [ 62.855255][ T6083] acpi_device_probe+0xc9/0x380 [ 62.857500][ T6083] really_probe+0x241/0xb20 [ 62.859635][ T6083] __driver_probe_device+0x1de/0x470 [ 62.862143][ T6083] driver_probe_device+0x4c/0x1b0 [ 62.864411][ T6083] __driver_attach+0x283/0x5e0 [ 62.866665][ T6083] bus_for_each_dev+0x13e/0x1d0 [ 62.868960][ T6083] bus_add_driver+0x30f/0x6c0 [ 62.871145][ T6083] driver_register+0x15c/0x4b0 [ 62.873412][ T6083] __acpi_bus_register_driver+0xdf/0x130 [ 62.876067][ T6083] acpi_button_driver_init+0x82/0x110 [ 62.878545][ T6083] do_one_initcall+0x123/0x680 [ 62.880793][ T6083] kernel_init_freeable+0x5c8/0x920 [ 62.883213][ T6083] kernel_init+0x1c/0x2b0 [ 62.884965][ T6083] ret_from_fork+0x983/0xb10 [ 62.886571][ T6083] ret_from_fork_asm+0x1a/0x30 [ 62.888205][ T6083] [ 62.888205][ T6083] -> #1 (input_mutex){+.+.}-{4:4}: [ 62.890471][ T6083] __mutex_lock+0x1aa/0x1ca0 [ 62.892122][ T6083] input_register_device+0x992/0x11b0 [ 62.893956][ T6083] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 62.896136][ T6083] __x64_sys_ioctl+0x18e/0x210 [ 62.897990][ T6083] do_syscall_64+0xcd/0xf80 [ 62.899684][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.902375][ T6083] [ 62.902375][ T6083] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 62.904891][ T6083] __lock_acquire+0x1669/0x2890 [ 62.906566][ T6083] lock_acquire+0x179/0x330 [ 62.908111][ T6083] __mutex_lock+0x1aa/0x1ca0 [ 62.909697][ T6083] uinput_request_submit.part.0+0x25/0x2e0 [ 62.911619][ T6083] uinput_dev_upload_effect+0x174/0x1f0 [ 62.913522][ T6083] input_ff_upload+0x582/0xc60 [ 62.915218][ T6083] evdev_do_ioctl+0xf40/0x1b30 [ 62.916872][ T6083] evdev_ioctl+0x16f/0x1a0 [ 62.918417][ T6083] __x64_sys_ioctl+0x18e/0x210 [ 62.920104][ T6083] do_syscall_64+0xcd/0xf80 [ 62.921674][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.923660][ T6083] [ 62.923660][ T6083] other info that might help us debug this: [ 62.923660][ T6083] [ 62.926809][ T6083] Chain exists of: [ 62.926809][ T6083] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 62.926809][ T6083] [ 62.930657][ T6083] Possible unsafe locking scenario: [ 62.930657][ T6083] [ 62.932907][ T6083] CPU0 CPU1 [ 62.934403][ T6083] ---- ---- [ 62.936042][ T6083] lock(&ff->mutex); [ 62.937330][ T6083] lock(&dev->mutex#2); [ 62.939412][ T6083] lock(&ff->mutex); [ 62.941588][ T6083] lock(&newdev->mutex); [ 62.942939][ T6083] [ 62.942939][ T6083] *** DEADLOCK *** [ 62.942939][ T6083] [ 62.945489][ T6083] 2 locks held by syz.0.17/6083: [ 62.947025][ T6083] #0: ffff888035832118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl+0x7f/0x1a0 [ 62.949795][ T6083] #1: ffff888032c870b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x1dd/0xc60 [ 62.952605][ T6083] [ 62.952605][ T6083] stack backtrace: [ 62.954393][ T6083] CPU: 2 UID: 0 PID: 6083 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 62.954405][ T6083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 62.954411][ T6083] Call Trace: [ 62.954417][ T6083] [ 62.954421][ T6083] dump_stack_lvl+0x116/0x1f0 [ 62.954435][ T6083] print_circular_bug+0x275/0x340 [ 62.954447][ T6083] check_noncircular+0x146/0x160 [ 62.954459][ T6083] __lock_acquire+0x1669/0x2890 [ 62.954471][ T6083] ? save_trace+0x4e/0x380 [ 62.954481][ T6083] lock_acquire+0x179/0x330 [ 62.954491][ T6083] ? uinput_request_submit.part.0+0x25/0x2e0 [ 62.954504][ T6083] ? __pfx___might_resched+0x10/0x10 [ 62.954514][ T6083] __mutex_lock+0x1aa/0x1ca0 [ 62.954525][ T6083] ? uinput_request_submit.part.0+0x25/0x2e0 [ 62.954537][ T6083] ? uinput_request_submit.part.0+0x25/0x2e0 [ 62.954547][ T6083] ? find_held_lock+0x2b/0x80 [ 62.954562][ T6083] ? __pfx___mutex_lock+0x10/0x10 [ 62.954571][ T6083] ? do_raw_spin_unlock+0x172/0x230 [ 62.954585][ T6083] ? _raw_spin_unlock+0x28/0x50 [ 62.954600][ T6083] ? __pfx_uinput_request_reserve_slot+0x10/0x10 [ 62.954610][ T6083] ? rcu_is_watching+0x12/0xc0 [ 62.954620][ T6083] ? trace_contention_end+0xdd/0x110 [ 62.954632][ T6083] ? uinput_request_submit.part.0+0x25/0x2e0 [ 62.954643][ T6083] uinput_request_submit.part.0+0x25/0x2e0 [ 62.954654][ T6083] uinput_dev_upload_effect+0x174/0x1f0 [ 62.954665][ T6083] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 62.954678][ T6083] ? __might_fault+0x13b/0x190 [ 62.954689][ T6083] input_ff_upload+0x582/0xc60 [ 62.954699][ T6083] evdev_do_ioctl+0xf40/0x1b30 [ 62.954714][ T6083] ? __pfx_evdev_do_ioctl+0x10/0x10 [ 62.954738][ T6083] ? __pfx___mutex_lock+0x10/0x10 [ 62.954752][ T6083] evdev_ioctl+0x16f/0x1a0 [ 62.954766][ T6083] ? __pfx_evdev_ioctl+0x10/0x10 [ 62.954780][ T6083] __x64_sys_ioctl+0x18e/0x210 [ 62.954792][ T6083] do_syscall_64+0xcd/0xf80 [ 62.954807][ T6083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.954818][ T6083] RIP: 0033:0x7f72ecf8f7c9 [ 62.954827][ T6083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 62.954836][ T6083] RSP: 002b:00007ffc23058128 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.954845][ T6083] RAX: ffffffffffffffda RBX: 00007f72ed1e5fa0 RCX: 00007f72ecf8f7c9 [ 62.954852][ T6083] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000004 [ 62.954858][ T6083] RBP: 00007f72ed013f91 R08: 0000000000000000 R09: 0000000000000000 [ 62.954864][ T6083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.954869][ T6083] R13: 00007f72ed1e5fa0 R14: 00007f72ed1e5fa0 R15: 0000000000000003 [ 62.954878][ T6083] [ 63.676534][ T5292] Bluetooth: hci0: command tx timeout [ 65.766425][ T5292] Bluetooth: hci0: command tx timeout [ 67.846574][ T5292] Bluetooth: hci0: command tx timeout