INFO: task kworker/0:3:3664 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:3     state:D stack:24248 pid:3664  ppid:2      flags:0x00004000
Workqueue: events rfkill_global_led_trigger_worker
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5209 [inline]
 __schedule+0x8c9/0xd70 kernel/sched/core.c:6521
 schedule+0xcb/0x190 kernel/sched/core.c:6597
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6656
 __mutex_lock_common+0xe4f/0x26e0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 rfkill_global_led_trigger_worker+0x1b/0xf0 net/rfkill/core.c:181
 process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
INFO: task syz-executor952:4115 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor952 state:D stack:22408 pid:4115  ppid:3635   flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5209 [inline]
 __schedule+0x8c9/0xd70 kernel/sched/core.c:6521
 schedule+0xcb/0x190 kernel/sched/core.c:6597
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6656
 __mutex_lock_common+0xe4f/0x26e0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 rfkill_unregister+0xcb/0x220 net/rfkill/core.c:1130
 nfc_unregister_device+0xba/0x290 net/nfc/core.c:1167
 virtual_ncidev_close+0x55/0x90 drivers/nfc/virtual_ncidev.c:166
 __fput+0x3ba/0x880 fs/file_table.c:320
 task_work_run+0x243/0x300 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x664/0x2070 kernel/exit.c:820
 do_group_exit+0x1fd/0x2b0 kernel/exit.c:950
 __do_sys_exit_group kernel/exit.c:961 [inline]
 __se_sys_exit_group kernel/exit.c:959 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7737254af9
RSP: 002b:00007ffccae92428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f77372c8330 RCX: 00007f7737254af9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77372c8330
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
 </TASK>
INFO: task syz-executor952:4133 blocked for more than 143 seconds.
      Not tainted 6.1.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor952 state:D stack:23816 pid:4133  ppid:3636   flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5209 [inline]
 __schedule+0x8c9/0xd70 kernel/sched/core.c:6521
 schedule+0xcb/0x190 kernel/sched/core.c:6597
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6656
 __mutex_lock_common+0xe4f/0x26e0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 rfkill_fop_release+0x49/0x230 net/rfkill/core.c:1312
 __fput+0x3ba/0x880 fs/file_table.c:320
 task_work_run+0x243/0x300 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x664/0x2070 kernel/exit.c:820
 do_group_exit+0x1fd/0x2b0 kernel/exit.c:950
 __do_sys_exit_group kernel/exit.c:961 [inline]
 __se_sys_exit_group kernel/exit.c:959 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7737254af9
RSP: 002b:00007ffccae92428 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f77372c8330 RCX: 00007f7737254af9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f77372c8330
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
 </TASK>
INFO: task syz-executor952:4134 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor952 state:D stack:22776 pid:4134  ppid:3640   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5209 [inline]
 __schedule+0x8c9/0xd70 kernel/sched/core.c:6521
 schedule+0xcb/0x190 kernel/sched/core.c:6597
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6656
 __mutex_lock_common+0xe4f/0x26e0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 misc_open+0x57/0x3c0 drivers/char/misc.c:107
 chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x85f/0x11b0 fs/open.c:882
 do_open fs/namei.c:3557 [inline]
 path_openat+0x25fc/0x2df0 fs/namei.c:3714
 do_filp_open+0x264/0x4f0 fs/namei.c:3741
 do_sys_openat2+0x124/0x4e0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_openat fs/open.c:1342 [inline]
 __se_sys_openat fs/open.c:1337 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1337
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7737255e69
RSP: 002b:00007ffccae92478 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f7737255e69
RDX: 0000000000008001 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 0000000000000000 R08: 00007ffccae91ef0 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000caee
R13: 00007ffccae9248c R14: 00007ffccae924a0 R15: 00007ffccae92490
 </TASK>
INFO: task syz-executor952:4135 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor952 state:D stack:23816 pid:4135  ppid:3634   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5209 [inline]
 __schedule+0x8c9/0xd70 kernel/sched/core.c:6521
 schedule+0xcb/0x190 kernel/sched/core.c:6597
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6656
 __mutex_lock_common+0xe4f/0x26e0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 misc_open+0x57/0x3c0 drivers/char/misc.c:107
 chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x85f/0x11b0 fs/open.c:882
 do_open fs/namei.c:3557 [inline]
 path_openat+0x25fc/0x2df0 fs/namei.c:3714
 do_filp_open+0x264/0x4f0 fs/namei.c:3741
 do_sys_openat2+0x124/0x4e0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_openat fs/open.c:1342 [inline]
 __se_sys_openat fs/open.c:1337 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1337
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7737255e69
RSP: 002b:00007ffccae92478 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f7737255e69
RDX: 0000000000008001 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 0000000000000000 R08: 00007ffccae91ef0 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000cb00
R13: 00007ffccae9248c R14: 00007ffccae924a0 R15: 00007ffccae92490
 </TASK>
INFO: task syz-executor952:4136 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor952 state:D stack:21976 pid:4136  ppid:3632   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5209 [inline]
 __schedule+0x8c9/0xd70 kernel/sched/core.c:6521
 schedule+0xcb/0x190 kernel/sched/core.c:6597
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6656
 __mutex_lock_common+0xe4f/0x26e0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 device_lock include/linux/device.h:835 [inline]
 nfc_dev_down+0x33/0x260 net/nfc/core.c:143
 nfc_rfkill_set_block+0x28/0xc0 net/nfc/core.c:179
 rfkill_set_block+0x1e7/0x430 net/rfkill/core.c:345
 rfkill_fop_write+0x5db/0x790 net/rfkill/core.c:1286
 vfs_write+0x303/0xc50 fs/read_write.c:582
 ksys_write+0x177/0x2a0 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7737255e69
RSP: 002b:00007ffccae92478 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f7737255e69
RDX: 0000000000000008 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 00007ffccae91ef0 R11: 0000000000000246 R12: 000000000000cb11
R13: 00007ffccae9248c R14: 00007ffccae924a0 R15: 00007ffccae92490
 </TASK>
INFO: task syz-executor952:4137 blocked for more than 144 seconds.
      Not tainted 6.1.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor952 state:D stack:23816 pid:4137  ppid:3637   flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5209 [inline]
 __schedule+0x8c9/0xd70 kernel/sched/core.c:6521
 schedule+0xcb/0x190 kernel/sched/core.c:6597
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6656
 __mutex_lock_common+0xe4f/0x26e0 kernel/locking/mutex.c:679
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
 rfkill_fop_open+0x12f/0x690 net/rfkill/core.c:1163
 misc_open+0x346/0x3c0 drivers/char/misc.c:143
 chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
 do_dentry_open+0x85f/0x11b0 fs/open.c:882
 do_open fs/namei.c:3557 [inline]
 path_openat+0x25fc/0x2df0 fs/namei.c:3714
 do_filp_open+0x264/0x4f0 fs/namei.c:3741
 do_sys_openat2+0x124/0x4e0 fs/open.c:1310
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_openat fs/open.c:1342 [inline]
 __se_sys_openat fs/open.c:1337 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1337
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7737255e69
RSP: 002b:00007ffccae92478 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f7737255e69
RDX: 0000000000008001 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 0000000000000000 R08: 00007ffccae91ef0 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000cb09
R13: 00007ffccae9248c R14: 00007ffccae924a0 R15: 00007ffccae92490
 </TASK>

Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
 #0: ffffffff8d1272b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 kernel/rcu/tasks.h:507
1 lock held by rcu_tasks_trace/13:
 #0: ffffffff8d127ab0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 kernel/rcu/tasks.h:507
1 lock held by khungtaskd/28:
 #0: ffffffff8d1270e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3309:
 #0: ffff888028665098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:244
 #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x53b/0x1650 drivers/tty/n_tty.c:2177
3 locks held by kworker/0:3/3664:
 #0: ffff888012864d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x7f2/0xdb0
 #1: ffffc90003edfd00 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x831/0xdb0 kernel/workqueue.c:2264
 #2: ffffffff8e56d6c8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x1b/0xf0 net/rfkill/core.c:181
2 locks held by syz-executor952/4115:
 #0: ffff888075032100 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #0: ffff888075032100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x87/0x290 net/nfc/core.c:1165
 #1: ffffffff8e56d6c8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xcb/0x220 net/rfkill/core.c:1130
1 lock held by syz-executor952/4133:
 #0: ffffffff8e56d6c8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_release+0x49/0x230 net/rfkill/core.c:1312
1 lock held by syz-executor952/4134:
 #0: ffffffff8d874dc8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x57/0x3c0 drivers/char/misc.c:107
1 lock held by syz-executor952/4135:
 #0: ffffffff8d874dc8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x57/0x3c0 drivers/char/misc.c:107
2 locks held by syz-executor952/4136:
 #0: ffffffff8e56d6c8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1b3/0x790 net/rfkill/core.c:1278
 #1: ffff888075032100 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:835 [inline]
 #1: ffff888075032100 (&dev->mutex){....}-{3:3}, at: nfc_dev_down+0x33/0x260 net/nfc/core.c:143
2 locks held by syz-executor952/4137:
 #0: ffffffff8d874dc8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x57/0x3c0 drivers/char/misc.c:107
 #1: ffffffff8e56d6c8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_open+0x12f/0x690 net/rfkill/core.c:1163

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
 nmi_cpu_backtrace+0x46f/0x4f0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1ba/0x420 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:220 [inline]
 watchdog+0xcf5/0xd40 kernel/hung_task.c:377
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:27 [inline]
RIP: 0010:static_key_false include/linux/jump_label.h:207 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:147 [inline]
RIP: 0010:wrmsrl arch/x86/include/asm/msr.h:262 [inline]
RIP: 0010:native_x2apic_icr_write arch/x86/include/asm/apic.h:238 [inline]
RIP: 0010:__x2apic_send_IPI_dest arch/x86/kernel/apic/x2apic_phys.c:123 [inline]
RIP: 0010:x2apic_send_IPI+0x76/0xd0 arch/x86/kernel/apic/x2apic_phys.c:48
Code: d8 48 c1 e8 03 42 8a 04 38 84 c0 75 26 0f b7 13 0f ae f0 0f ae e8 41 83 fe 02 b8 00 04 00 00 41 0f 45 c6 b9 30 08 00 00 0f 30 <66> 90 5b 41 5e 41 5f 5d c3 89 d9 80 e1 07 fe c1 38 c1 7c cf 48 89
RSP: 0018:ffffc900001076d8 EFLAGS: 00000206
RAX: 00000000000000fb RBX: ffff8880b98219a8 RCX: 0000000000000830
RDX: 0000000000000000 RSI: 00000000000000fb RDI: 0000000000000000
RBP: ffffffff8cc6b840 R08: ffffffff817f787a R09: ffffed10173275d3
R10: ffffed10173275d3 R11: 1ffff110173275d2 R12: ffffffff8cebb880
R13: dffffc0000000000 R14: 00000000000000fb R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e9ac4be790 CR3: 000000000ce8e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 arch_send_call_function_single_ipi arch/x86/include/asm/smp.h:109 [inline]
 send_call_function_single_ipi+0x17f/0x1e0 kernel/sched/core.c:3750
 smp_call_function_many_cond+0xbb2/0x13d0 kernel/smp.c:967
 on_each_cpu_cond_mask+0x3b/0x80 kernel/smp.c:1155
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:1311 [inline]
 text_poke_bp_batch+0x5f1/0x850 arch/x86/kernel/alternative.c:1555
 text_poke_flush arch/x86/kernel/alternative.c:1670 [inline]
 text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1677
 arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146
 static_key_disable_cpuslocked+0xc8/0x1b0 kernel/jump_label.c:207
 static_key_disable+0x16/0x20 kernel/jump_label.c:215
 toggle_allocation_gate+0x3b8/0x450 mm/kfence/core.c:814
 process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
 kthread+0x266/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>