bisecting fixing commit since 7fd2bf83d59a2d32e0d596c5d3e623b9a0e7e2d5
building syzkaller on 838e7e2cd9228583ca33c49a39aea4d863d3e36d
testing commit 7fd2bf83d59a2d32e0d596c5d3e623b9a0e7e2d5
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e57e867941714fd7dade89907359ce9ea30e0758fee8bb77d555b836b65a9704
run #0: crashed: INFO: task hung in paste_selection
run #1: crashed: INFO: task hung in paste_selection
run #2: crashed: INFO: task hung in paste_selection
run #3: crashed: INFO: task hung in paste_selection
run #4: crashed: INFO: task hung in paste_selection
run #5: crashed: INFO: task hung in paste_selection
run #6: crashed: INFO: task hung in paste_selection
run #7: crashed: INFO: task hung in paste_selection
run #8: crashed: INFO: task hung in paste_selection
run #9: crashed: INFO: task hung in paste_selection
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: crashed: INFO: task hung in paste_selection
run #16: OK
run #17: OK
run #18: OK
run #19: OK
testing current HEAD 1c3e979bf3e225e5b4b810b24712b16254d608b6
testing commit 1c3e979bf3e225e5b4b810b24712b16254d608b6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ddd9133d591e300e0b11a6547cc6f46500c3aae23ab3fca794a4f795ae991373
run #0: crashed: INFO: task hung in paste_selection
run #1: crashed: INFO: task hung in paste_selection
run #2: crashed: INFO: task hung in paste_selection
run #3: crashed: INFO: task hung in paste_selection
run #4: crashed: INFO: task hung in paste_selection
run #5: crashed: INFO: task hung in paste_selection
run #6: OK
run #7: OK
run #8: OK
run #9: OK
revisions tested: 2, total time: 31m30.596637368s (build: 13m20.486634528s, test: 17m23.748679729s)
the crash still happens on HEAD
commit msg: Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
crash: INFO: task hung in paste_selection
INFO: task syz-executor.4:6854 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:28536 pid: 6854 ppid:  4397 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fbb7df558d9
RSP: 002b:00007fbb7d6cc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fbb7e059f60 RCX: 00007fbb7df558d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000005
RBP: 00007fbb7dfafcb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcf9cfc04f R14: 00007fbb7d6cc300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.4:6881 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:28664 pid: 6881 ppid:  4397 flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fbb7df558d9
RSP: 002b:00007fbb7d6cc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fbb7e059f60 RCX: 00007fbb7df558d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00007fbb7dfafcb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcf9cfc04f R14: 00007fbb7d6cc300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.0:6874 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0  state:D stack:28664 pid: 6874 ppid:  6106 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f1647d5f8d9
RSP: 002b:00007f16474d6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1647e63f60 RCX: 00007f1647d5f8d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000005
RBP: 00007f1647db9cb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd43f58b1f R14: 00007f16474d6300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.5:6875 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:28664 pid: 6875 ppid:  4399 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f401ff128d9
RSP: 002b:00007f401f689188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4020016f60 RCX: 00007f401ff128d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000005
RBP: 00007f401ff6ccb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff23efe65f R14: 00007f401f689300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.2:6900 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.2  state:D stack:29416 pid: 6900 ppid:  4394 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f75fdce38d9
RSP: 002b:00007f75fd439188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f75fdde8020 RCX: 00007f75fdce38d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00007f75fdd3dcb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdc05acf8f R14: 00007f75fd439300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.1:6884 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:28800 pid: 6884 ppid:  4393 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f46cfe098d9
RSP: 002b:00007f46cf580188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f46cff0df60 RCX: 00007f46cfe098d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000005
RBP: 00007f46cfe63cb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe40a5d67f R14: 00007f46cf580300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.3:6895 blocked for more than 144 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.3  state:D stack:28664 pid: 6895 ppid:  4398 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f4d802508d9
RSP: 002b:00007f4d7f9c7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4d80354f60 RCX: 00007f4d802508d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000005
RBP: 00007f4d802aacb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff70e5b45f R14: 00007f4d7f9c7300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.0:6897 blocked for more than 145 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0  state:D stack:28664 pid: 6897 ppid:  6106 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f1647d5f8d9
RSP: 002b:00007f16474d6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1647e63f60 RCX: 00007f1647d5f8d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000005
RBP: 00007f1647db9cb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd43f58b1f R14: 00007f16474d6300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.1:6904 blocked for more than 145 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.1  state:D stack:28664 pid: 6904 ppid:  4393 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f46cfe098d9
RSP: 002b:00007f46cf580188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f46cff0df60 RCX: 00007f46cfe098d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000004
RBP: 00007f46cfe63cb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe40a5d67f R14: 00007f46cf580300 R15: 0000000000022000
 </TASK>
INFO: task syz-executor.5:6908 blocked for more than 145 seconds.
      Not tainted 5.16.0-rc6-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.5  state:D stack:28664 pid: 6908 ppid:  4399 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0x90d/0x26c0 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
 vt_ioctl+0x19a7/0x2120 drivers/tty/vt/vt_ioctl.c:762
 tty_ioctl+0x478/0x12d0 drivers/tty/tty_io.c:2805
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl fs/ioctl.c:860 [inline]
 __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f401ff128d9
RSP: 002b:00007f401f689188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f4020016f60 RCX: 00007f401ff128d9
RDX: 00000000200000c0 RSI: 000000000000541c RDI: 0000000000000005
RBP: 00007f401ff6ccb4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff23efe65f R14: 00007f401f689300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8ab76280 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
2 locks held by kworker/u4:4/996:
 #0: ffff8880b9f39ad8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:478 [inline]
 #0: ffff8880b9f39ad8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1316 [inline]
 #0: ffff8880b9f39ad8 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1614 [inline]
 #0: ffff8880b9f39ad8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x236/0x26c0 kernel/sched/core.c:6167
 #1: ffff8880b9f279c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x173/0x490 kernel/sched/psi.c:871
2 locks held by getty/3313:
 #0: ffff88807e659098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc9000278e2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9dd/0xed0 drivers/tty/n_tty.c:2113
2 locks held by syz-executor.0/6844:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.4/6854:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.4/6881:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.0/6874:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.5/6875:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.2/6900:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.1/6884:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.3/6895:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.0/6897:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.1/6904:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.5/6908:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.3/6916:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390
2 locks held by syz-executor.0/6921:
 #0: ffff8880713f7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x1f/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffff88801043d0b8 (&buf->lock){+.+.}-{3:3}, at: paste_selection+0x109/0x450 drivers/tty/vt/selection.c:390

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x30/0xc0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x11f/0x170 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0x88c/0xbf0 kernel/hung_task.c:295
 kthread+0x3ab/0x480 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.16.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
RIP: 0010:__this_cpu_preempt_check+0x0/0x10 lib/smp_processor_id.c:65
Code: 0b cf ff eb a4 0f 1f 44 00 00 48 c7 c6 e0 b0 20 89 48 c7 c7 20 b1 20 89 e9 0d ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 89 fe 48 c7 c7 60 b1 20 89 e9 f1 fe ff ff cc eb 1e 0f 1f 00 48
RSP: 0018:ffffc90000eefae8 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8ab761c0 RDI: ffffffff88cb4840
RBP: ffffffff8ab761c0 R08: 0000000000000000 R09: ffffffff8c810c17
R10: fffffbfff1902182 R11: 1ffffffff156fe11 R12: ffff888010c38200
R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888010c38c70
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7ff0c29990 CR3: 000000000a88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lockdep_recursion_finish kernel/locking/lockdep.c:438 [inline]
 lock_is_held_type+0xd7/0x140 kernel/locking/lockdep.c:5681
 lock_is_held include/linux/lockdep.h:283 [inline]
 rcu_read_lock_sched_held+0x3a/0x70 kernel/rcu/update.c:125
 trace_lock_release include/trace/events/lock.h:58 [inline]
 lock_release+0x522/0x720 kernel/locking/lockdep.c:5648
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]
 _raw_spin_unlock_bh+0x12/0x30 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:394 [inline]
 batadv_nc_purge_paths+0x1e9/0x2d0 net/batman-adv/network-coding.c:475
 batadv_nc_worker+0x722/0xd70 net/batman-adv/network-coding.c:726
 process_one_work+0x87f/0x1450 kernel/workqueue.c:2298
 worker_thread+0x598/0x1040 kernel/workqueue.c:2445
 kthread+0x3ab/0x480 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	eb a4                	jmp    0xffffffa6
   2:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   7:	48 c7 c6 e0 b0 20 89 	mov    $0xffffffff8920b0e0,%rsi
   e:	48 c7 c7 20 b1 20 89 	mov    $0xffffffff8920b120,%rdi
  15:	e9 0d ff ff ff       	jmpq   0xffffff27
  1a:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  21:	00 00 00 00
  25:	66 90                	xchg   %ax,%ax
* 27:	48 89 fe             	mov    %rdi,%rsi <-- trapping instruction
  2a:	48 c7 c7 60 b1 20 89 	mov    $0xffffffff8920b160,%rdi
  31:	e9 f1 fe ff ff       	jmpq   0xffffff27
  36:	cc                   	int3
  37:	eb 1e                	jmp    0x57
  39:	0f 1f 00             	nopl   (%rax)
  3c:	48                   	rex.W