Extracting prog: 23m45.415384549s Minimizing prog: 1h46m14.071554316s Simplifying prog options: 29m39.048371107s Extracting C: 10m19.368048068s Simplifying C: 0s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 45s testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program did not crash single: failed to extract reproducer single: executing 1 programs separately with timeout 5m0s testing program (duration=5m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program did not crash single: failed to extract reproducer single: executing 1 programs separately with timeout 16m0s testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program crashed: INFO: task hung in uevent_show single: successfully extracted reproducer found reproducer with 3 syscalls minimizing guilty program testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) program did not crash testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$rfkill(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program did not crash testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$rfkill-write$rfkill detailed listing: executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program did not crash testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program did not crash testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program did not crash testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill program crashed: INFO: task hung in rfkill_global_led_trigger_worker a never seen crash title: INFO: task hung in rfkill_global_led_trigger_worker, ignore simplifying guilty program options testing program (duration=16m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:2 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program crashed: INFO: task hung in rfkill_global_led_trigger_worker a never seen crash title: INFO: task hung in rfkill_global_led_trigger_worker, ignore testing program (duration=16m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:10 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$nci-openat$rfkill-write$rfkill detailed listing: executing program 0: openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x80602, 0x0) write$rfkill(r0, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x7}, 0x8) program did not crash reproducing took 2h49m57.90338186s repro crashed as (corrupted=false): INFO: task udevd:3095 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:udevd state:D stack:0 pid:3095 tgid:3095 ppid:1 flags:0x00000004 Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 device_lock include/linux/device.h:1014 [inline] uevent_show+0x118/0x300 drivers/base/core.c:2736 dev_attr_show+0x48/0xcc drivers/base/core.c:2430 sysfs_kf_seq_show+0x184/0x32c fs/sysfs/file.c:59 kernfs_seq_show+0x104/0x154 fs/kernfs/file.c:205 seq_read_iter+0x350/0xe3c fs/seq_file.c:230 kernfs_fop_read_iter+0x304/0x45c fs/kernfs/file.c:279 new_sync_read fs/read_write.c:484 [inline] vfs_read+0x5c0/0x978 fs/read_write.c:565 ksys_read+0xec/0x1d8 fs/read_write.c:708 __do_sys_read fs/read_write.c:717 [inline] __se_sys_read fs/read_write.c:715 [inline] __arm64_sys_read+0x6c/0x9c fs/read_write.c:715 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task kworker/0:3:3370 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:3 state:D stack:0 pid:3370 tgid:3370 ppid:2 flags:0x00000008 Workqueue: events rfkill_global_led_trigger_worker Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 rfkill_global_led_trigger_worker+0x2c/0x10c net/rfkill/core.c:182 process_one_work+0x7b8/0x189c kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x730/0xb74 kernel/workqueue.c:3391 kthread+0x27c/0x300 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 INFO: task syz.1.23:3652 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.23 state:D stack:0 pid:3652 tgid:3652 ppid:3418 flags:0x0000000d Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 nfc_unregister_device+0x68/0x298 net/nfc/core.c:1167 nci_unregister_device+0x1bc/0x294 net/nfc/nci/core.c:1323 virtual_ncidev_close+0x48/0xb0 drivers/nfc/virtual_ncidev.c:172 __fput+0x2c4/0x94c fs/file_table.c:450 ____fput+0x14/0x20 fs/file_table.c:478 task_work_run+0x128/0x210 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x1d0/0x258 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0x100/0x180 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task syz.3.24:3653 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.24 state:D stack:0 pid:3653 tgid:3653 ppid:3413 flags:0x0000000d Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 nfc_unregister_device+0x68/0x298 net/nfc/core.c:1167 nci_unregister_device+0x1bc/0x294 net/nfc/nci/core.c:1323 virtual_ncidev_close+0x48/0xb0 drivers/nfc/virtual_ncidev.c:172 __fput+0x2c4/0x94c fs/file_table.c:450 ____fput+0x14/0x20 fs/file_table.c:478 task_work_run+0x128/0x210 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x1d0/0x258 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0x100/0x180 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task syz.3.24:3655 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.24 state:D stack:0 pid:3655 tgid:3653 ppid:3413 flags:0x00000001 Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 device_lock include/linux/device.h:1014 [inline] nfc_dev_down+0x2c/0x234 net/nfc/core.c:143 nfc_rfkill_set_block+0x28/0xb8 net/nfc/core.c:179 rfkill_set_block+0x160/0x3c4 net/rfkill/core.c:346 rfkill_fop_write+0x220/0x4d4 net/rfkill/core.c:1301 vfs_write+0x1d8/0xad0 fs/read_write.c:677 ksys_write+0x18c/0x1d8 fs/read_write.c:731 __do_sys_write fs/read_write.c:742 [inline] __se_sys_write fs/read_write.c:739 [inline] __arm64_sys_write+0x6c/0x9c fs/read_write.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Showing all locks held in the system: 1 lock held by khungtaskd/31: #0: ffff800086ed8960 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x48/0x340 kernel/locking/lockdep.c:6738 3 locks held by kworker/u8:7/1254: 1 lock held by syslogd/3080: 1 lock held by klogd/3084: 4 locks held by udevd/3095: #0: ffff000016c76e80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe3c fs/seq_file.c:182 #1: ffff0000189ba888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x48/0x1d8 fs/kernfs/file.c:154 #2: ffff000017771e18 (kn->active#4){.+.+}-{0:0}, at: kernfs_seq_start+0x64/0x1d8 fs/kernfs/file.c:155 #3: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #3: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: uevent_show+0x118/0x300 drivers/base/core.c:2736 2 locks held by getty/3215: #0: ffff0000179bc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff80008cf9b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x93c/0xe9c drivers/tty/n_tty.c:2211 3 locks held by kworker/0:3/3370: #0: ffff00000d428948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x6e4/0x189c kernel/workqueue.c:3204 #1: ffff8000a0f17ce0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x708/0x189c kernel/workqueue.c:3204 #2: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x2c/0x10c net/rfkill/core.c:182 2 locks held by syz.1.23/3652: #0: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #0: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x48/0x298 net/nfc/core.c:1165 #1: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 2 locks held by syz.3.24/3653: #0: ffff000016cef100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #0: ffff000016cef100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x48/0x298 net/nfc/core.c:1165 #1: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 2 locks held by syz.3.24/3655: #0: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x140/0x4d4 net/rfkill/core.c:1293 #1: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #1: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: nfc_dev_down+0x2c/0x234 net/nfc/core.c:143 3 locks held by syz.5.26/3809: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 #1: ffff000029101100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #1: ffff000029101100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0x90/0x2e8 net/nfc/core.c:1128 #2: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x40/0x8b8 net/rfkill/core.c:1071 1 lock held by syz.5.26/3813: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz.4.25/3816: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz.4.25/3817: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz-executor/3820: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz-executor/3825: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 ============================================= final repro crashed as (corrupted=false): INFO: task udevd:3095 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:udevd state:D stack:0 pid:3095 tgid:3095 ppid:1 flags:0x00000004 Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 device_lock include/linux/device.h:1014 [inline] uevent_show+0x118/0x300 drivers/base/core.c:2736 dev_attr_show+0x48/0xcc drivers/base/core.c:2430 sysfs_kf_seq_show+0x184/0x32c fs/sysfs/file.c:59 kernfs_seq_show+0x104/0x154 fs/kernfs/file.c:205 seq_read_iter+0x350/0xe3c fs/seq_file.c:230 kernfs_fop_read_iter+0x304/0x45c fs/kernfs/file.c:279 new_sync_read fs/read_write.c:484 [inline] vfs_read+0x5c0/0x978 fs/read_write.c:565 ksys_read+0xec/0x1d8 fs/read_write.c:708 __do_sys_read fs/read_write.c:717 [inline] __se_sys_read fs/read_write.c:715 [inline] __arm64_sys_read+0x6c/0x9c fs/read_write.c:715 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task kworker/0:3:3370 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/0:3 state:D stack:0 pid:3370 tgid:3370 ppid:2 flags:0x00000008 Workqueue: events rfkill_global_led_trigger_worker Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 rfkill_global_led_trigger_worker+0x2c/0x10c net/rfkill/core.c:182 process_one_work+0x7b8/0x189c kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x730/0xb74 kernel/workqueue.c:3391 kthread+0x27c/0x300 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 INFO: task syz.1.23:3652 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.1.23 state:D stack:0 pid:3652 tgid:3652 ppid:3418 flags:0x0000000d Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 nfc_unregister_device+0x68/0x298 net/nfc/core.c:1167 nci_unregister_device+0x1bc/0x294 net/nfc/nci/core.c:1323 virtual_ncidev_close+0x48/0xb0 drivers/nfc/virtual_ncidev.c:172 __fput+0x2c4/0x94c fs/file_table.c:450 ____fput+0x14/0x20 fs/file_table.c:478 task_work_run+0x128/0x210 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x1d0/0x258 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0x100/0x180 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task syz.3.24:3653 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.24 state:D stack:0 pid:3653 tgid:3653 ppid:3413 flags:0x0000000d Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 nfc_unregister_device+0x68/0x298 net/nfc/core.c:1167 nci_unregister_device+0x1bc/0x294 net/nfc/nci/core.c:1323 virtual_ncidev_close+0x48/0xb0 drivers/nfc/virtual_ncidev.c:172 __fput+0x2c4/0x94c fs/file_table.c:450 ____fput+0x14/0x20 fs/file_table.c:478 task_work_run+0x128/0x210 kernel/task_work.c:239 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] do_notify_resume+0x1d0/0x258 arch/arm64/kernel/entry-common.c:151 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0x100/0x180 arch/arm64/kernel/entry-common.c:745 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 INFO: task syz.3.24:3655 blocked for more than 430 seconds. Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz.3.24 state:D stack:0 pid:3655 tgid:3653 ppid:3413 flags:0x00000001 Call trace: __switch_to+0x204/0x4bc arch/arm64/kernel/process.c:701 (T) context_switch kernel/sched/core.c:5369 [inline] __schedule+0xafc/0x2db0 kernel/sched/core.c:6756 __schedule_loop kernel/sched/core.c:6833 [inline] schedule+0xd0/0x304 kernel/sched/core.c:6848 schedule_preempt_disabled+0x18/0x2c kernel/sched/core.c:6905 __mutex_lock_common kernel/locking/mutex.c:665 [inline] __mutex_lock+0x544/0x8ac kernel/locking/mutex.c:735 mutex_lock_nested+0x24/0x30 kernel/locking/mutex.c:787 device_lock include/linux/device.h:1014 [inline] nfc_dev_down+0x2c/0x234 net/nfc/core.c:143 nfc_rfkill_set_block+0x28/0xb8 net/nfc/core.c:179 rfkill_set_block+0x160/0x3c4 net/rfkill/core.c:346 rfkill_fop_write+0x220/0x4d4 net/rfkill/core.c:1301 vfs_write+0x1d8/0xad0 fs/read_write.c:677 ksys_write+0x18c/0x1d8 fs/read_write.c:731 __do_sys_write fs/read_write.c:742 [inline] __se_sys_write fs/read_write.c:739 [inline] __arm64_sys_write+0x6c/0x9c fs/read_write.c:739 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Showing all locks held in the system: 1 lock held by khungtaskd/31: #0: ffff800086ed8960 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x48/0x340 kernel/locking/lockdep.c:6738 3 locks held by kworker/u8:7/1254: 1 lock held by syslogd/3080: 1 lock held by klogd/3084: 4 locks held by udevd/3095: #0: ffff000016c76e80 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe3c fs/seq_file.c:182 #1: ffff0000189ba888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x48/0x1d8 fs/kernfs/file.c:154 #2: ffff000017771e18 (kn->active#4){.+.+}-{0:0}, at: kernfs_seq_start+0x64/0x1d8 fs/kernfs/file.c:155 #3: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #3: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: uevent_show+0x118/0x300 drivers/base/core.c:2736 2 locks held by getty/3215: #0: ffff0000179bc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x4c drivers/tty/tty_ldsem.c:340 #1: ffff80008cf9b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x93c/0xe9c drivers/tty/n_tty.c:2211 3 locks held by kworker/0:3/3370: #0: ffff00000d428948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x6e4/0x189c kernel/workqueue.c:3204 #1: ffff8000a0f17ce0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x708/0x189c kernel/workqueue.c:3204 #2: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x2c/0x10c net/rfkill/core.c:182 2 locks held by syz.1.23/3652: #0: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #0: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x48/0x298 net/nfc/core.c:1165 #1: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 2 locks held by syz.3.24/3653: #0: ffff000016cef100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #0: ffff000016cef100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x48/0x298 net/nfc/core.c:1165 #1: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xb8/0x240 net/rfkill/core.c:1145 2 locks held by syz.3.24/3655: #0: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x140/0x4d4 net/rfkill/core.c:1293 #1: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #1: ffff00001638e100 (&dev->mutex){....}-{4:4}, at: nfc_dev_down+0x2c/0x234 net/nfc/core.c:143 3 locks held by syz.5.26/3809: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 #1: ffff000029101100 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1014 [inline] #1: ffff000029101100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0x90/0x2e8 net/nfc/core.c:1128 #2: ffff800088497588 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x40/0x8b8 net/rfkill/core.c:1071 1 lock held by syz.5.26/3813: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz.4.25/3816: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz.4.25/3817: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz-executor/3820: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 1 lock held by syz-executor/3825: #0: ffff800087550b28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x64/0x358 drivers/char/misc.c:129 =============================================