INFO: task kworker/u4:0:8 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:0    state:D stack:27360 pid:    8 ppid:     2 flags:0x00004000
Workqueue: events_unbound flush_to_ldisc
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 flush_to_ldisc+0x34/0x420 drivers/tty/tty_buffer.c:515
 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298
 worker_thread+0x598/0x1040 kernel/workqueue.c:2445
 kthread+0x3ab/0x480 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
INFO: task syz-executor.1:14270 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:28112 pid:14270 ppid: 13578 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007fa2c70b9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007fff056e52cf R14: 00007fa2c70b9300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.1:14297 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:28536 pid:14297 ppid: 13578 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007fa2c7098188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038
R13: 00007fff056e52cf R14: 00007fa2c7098300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.1:14337 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:29624 pid:14337 ppid: 13578 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007fa2c7077188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0f0
R13: 00007fff056e52cf R14: 00007fa2c7077300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.2:14266 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28112 pid:14266 ppid: 12453 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007f89d75ab188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffd655cc22f R14: 00007f89d75ab300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.2:14292 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:29624 pid:14292 ppid: 12453 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007f89d758a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038
R13: 00007ffd655cc22f R14: 00007f89d758a300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.5:14267 blocked for more than 145 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:28416 pid:14267 ppid: 12450 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007f0945d02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000006
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe9723805f R14: 00007f0945d02300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.2:14269 blocked for more than 145 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:28536 pid:14269 ppid: 14266 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007f89d75ab188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffd655cc22f R14: 00007f89d75ab300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.1:14276 blocked for more than 145 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:28536 pid:14276 ppid: 14270 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007fa2c70b9188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007fff056e52cf R14: 00007fa2c70b9300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.5:14307 blocked for more than 145 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:28536 pid:14307 ppid: 12450 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
RSP: 002b:00007f0945d02188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000003
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe9723805f R14: 00007f0945d02300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/u4:0/8:
 #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
 #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
 #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
 #0: ffff88800fc69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a4/0x1450 kernel/workqueue.c:2269
 #1: ffffc90000cd7db8 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x7d1/0x1450 kernel/workqueue.c:2273
 #2: ffff8880760be0b8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x34/0x420 drivers/tty/tty_buffer.c:515
1 lock held by khungtaskd/26:
 #0: ffffffff8ab78a80 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
1 lock held by in:imklog/6284:
 #0: ffff88801ca359f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x9c/0xb0 fs/file.c:994
1 lock held by syz-executor.1/14270:
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
2 locks held by syz-executor.1/14297:
 #0: ffff888060055098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff8880760be0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
1 lock held by syz-executor.1/14337:
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
2 locks held by syz-executor.2/14266:
 #0: ffff88807d9d2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801becc0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
1 lock held by syz-executor.2/14292:
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
3 locks held by syz-executor.5/14267:
 #0: ffff88807cb64098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff888077b130b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 #2: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
3 locks held by syz-executor.3/14268:
 #0: ffff88807bace098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff8880786e30b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 #2: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
3 locks held by syz-executor.2/14269:
 #0: ffff88807d9d2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801becc0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 #2: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
3 locks held by syz-executor.1/14276:
 #0: ffff888060055098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff8880760be0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 #2: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
1 lock held by syz-executor.5/14307:
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
2 locks held by syz-executor.5/14325:
 #0: ffff88807cb64098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff888077b130b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
1 lock held by syz-executor.0/14378:
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
2 locks held by syz-executor.0/14382:
 #0: ffff88804c85a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff8880772cb0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
1 lock held by syz-executor.0/14384:
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185
3 locks held by syz-executor.0/14379:
 #0: ffff88804c85a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff8880772cb0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 #2: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: paste_selection+0x13f/0x450 drivers/tty/vt/selection.c:393
1 lock held by syz-executor978/14419:
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_kernel drivers/tty/vt/selection.c:357 [inline]
 #0: ffffffff8b55bd48 (vc_sel.lock){+.+.}-{3:3}, at: set_selection_user+0x81/0x180 drivers/tty/vt/selection.c:185

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 26 Comm: khungtaskd Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x11f/0x170 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0x88c/0xbf0 kernel/hung_task.c:295
 kthread+0x3ab/0x480 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 10 Comm: kworker/u4:1 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy36 ieee80211_iface_work
RIP: 0010:lock_is_held_type+0xeb/0x140 kernel/locking/lockdep.c:5682
Code: 45 31 ed 44 39 f0 41 0f 94 c5 48 c7 c7 80 57 cb 88 e8 29 0c 00 00 b8 ff ff ff ff 65 0f c1 05 2c bf 8e 77 83 f8 01 75 29 9c 58 <f6> c4 02 75 3d 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 44 89
RSP: 0018:ffffc90000cf7c10 EFLAGS: 00000046
RAX: 0000000000000046 RBX: 0000000000000001 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff88cb5780 RDI: ffffffff89204660
RBP: ffffffff8ab789c0 R08: 0000000000000000 R09: ffffffff8c804697
R10: fffffbfff19008d2 R11: ffff8880b9e282c8 R12: ffff888010889cc0
R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88801088a6e0
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f00aa668008 CR3: 000000001a241000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_is_held include/linux/lockdep.h:283 [inline]
 rcu_read_lock_sched_held+0x3a/0x70 kernel/rcu/update.c:125
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x522/0x720 kernel/locking/lockdep.c:5648
 process_one_work+0x902/0x1450 kernel/workqueue.c:2305
 worker_thread+0x598/0x1040 kernel/workqueue.c:2445
 kthread+0x3ab/0x480 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
----------------
Code disassembly (best guess):
   0:	45 31 ed             	xor    %r13d,%r13d
   3:	44 39 f0             	cmp    %r14d,%eax
   6:	41 0f 94 c5          	sete   %r13b
   a:	48 c7 c7 80 57 cb 88 	mov    $0xffffffff88cb5780,%rdi
  11:	e8 29 0c 00 00       	callq  0xc3f
  16:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  1b:	65 0f c1 05 2c bf 8e 	xadd   %eax,%gs:0x778ebf2c(%rip)        # 0x778ebf4f
  22:	77
  23:	83 f8 01             	cmp    $0x1,%eax
  26:	75 29                	jne    0x51
  28:	9c                   	pushfq
  29:	58                   	pop    %rax
* 2a:	f6 c4 02             	test   $0x2,%ah <-- trapping instruction
  2d:	75 3d                	jne    0x6c
  2f:	48 f7 04 24 00 02 00 	testq  $0x200,(%rsp)
  36:	00
  37:	74 01                	je     0x3a
  39:	fb                   	sti
  3a:	48 83 c4 08          	add    $0x8,%rsp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89