INFO: task syz.3.1087:10512 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.3.1087      state:D stack:27992 pid:10512 tgid:10506 ppid:5819   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7008
 schedule_timeout+0x1b2/0x280 kernel/time/sleep_timeout.c:75
 ___down_common kernel/locking/semaphore.c:268 [inline]
 __down_common+0x396/0x790 kernel/locking/semaphore.c:293
 down+0x74/0xa0 kernel/locking/semaphore.c:100
 console_lock+0x5b/0xa0 kernel/printk/printk.c:2896
 do_fb_ioctl+0x1d9/0x7e0 drivers/video/fbdev/core/fb_chrdev.c:86
 fb_ioctl+0xe5/0x150 drivers/video/fbdev/core/fb_chrdev.c:169
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl fs/ioctl.c:583 [inline]
 __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc33279c799
RSP: 002b:00007fc333672028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fc332a16180 RCX: 00007fc33279c799
RDX: 0000200000000040 RSI: 0000000000004601 RDI: 0000000000000008
RBP: 00007fc332832c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc332a16218 R14: 00007fc332a16180 R15: 00007ffc53d9aac8
 </TASK>
INFO: task syz.8.1090:10523 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.8.1090      state:D stack:26712 pid:10523 tgid:10521 ppid:9799   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7008
 schedule_timeout+0x1b2/0x280 kernel/time/sleep_timeout.c:75
 ___down_common kernel/locking/semaphore.c:268 [inline]
 __down_common+0x396/0x790 kernel/locking/semaphore.c:293
 down+0x74/0xa0 kernel/locking/semaphore.c:100
 console_lock+0x5b/0xa0 kernel/printk/printk.c:2896
 class_console_lock_constructor include/linux/console.h:736 [inline]
 set_selection_kernel+0x39/0x1460 drivers/tty/vt/selection.c:379
 set_selection_user+0xeb/0x140 drivers/tty/vt/selection.c:207
 tioclinux+0x1b0/0x640 drivers/tty/vt/vt.c:3475
 vt_ioctl+0x1793/0x31a0 drivers/tty/vt/vt_ioctl.c:753
 tty_ioctl+0x26a/0x1690 drivers/tty/tty_io.c:2792
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl fs/ioctl.c:583 [inline]
 __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f58dcf9c799
RSP: 002b:00007f58dde3b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f58dd216090 RCX: 00007f58dcf9c799
RDX: 00002000000000c0 RSI: 000000000000541c RDI: 000000000000000a
RBP: 00007f58dd032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f58dd216128 R14: 00007f58dd216090 R15: 00007ffebbb391c8
 </TASK>
INFO: task syz.2.1100:10560 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.2.1100      state:D stack:26792 pid:10560 tgid:10559 ppid:5809   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7008
 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7065
 __mutex_lock_common kernel/locking/mutex.c:692 [inline]
 __mutex_lock+0xc9a/0x1b90 kernel/locking/mutex.c:776
 class_mutex_constructor include/linux/mutex.h:253 [inline]
 set_selection_kernel+0x34/0x1460 drivers/tty/vt/selection.c:378
 set_selection_user+0xeb/0x140 drivers/tty/vt/selection.c:207
 tioclinux+0x1b0/0x640 drivers/tty/vt/vt.c:3475
 vt_ioctl+0x1793/0x31a0 drivers/tty/vt/vt_ioctl.c:753
 tty_ioctl+0x26a/0x1690 drivers/tty/tty_io.c:2792
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl fs/ioctl.c:583 [inline]
 __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1db6f9c799
RSP: 002b:00007f1db7e99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f1db7215fa0 RCX: 00007f1db6f9c799
RDX: 00002000000000c0 RSI: 000000000000541c RDI: 000000000000000a
RBP: 00007f1db7032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1db7216038 R14: 00007f1db7215fa0 R15: 00007ffd8cea3208
 </TASK>
INFO: task syz.4.1101:10572 blocked for more than 143 seconds.
      Tainted: G             L      syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.4.1101      state:D stack:23864 pid:10572 tgid:10567 ppid:5810   task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7008
 schedule_timeout+0x1b2/0x280 kernel/time/sleep_timeout.c:75
 ___down_common kernel/locking/semaphore.c:268 [inline]
 __down_common+0x396/0x790 kernel/locking/semaphore.c:293
 down+0x74/0xa0 kernel/locking/semaphore.c:100
 console_lock+0x5b/0xa0 kernel/printk/printk.c:2896
 class_console_lock_constructor include/linux/console.h:736 [inline]
 vcs_open+0x64/0xc0 drivers/tty/vt/vc_screen.c:746
 chrdev_open+0x234/0x6a0 fs/char_dev.c:411
 do_dentry_open+0x6d8/0x1660 fs/open.c:949
 vfs_open+0x82/0x3f0 fs/open.c:1081
 do_open fs/namei.c:4671 [inline]
 path_openat+0x208c/0x31a0 fs/namei.c:4830
 do_file_open+0x20e/0x430 fs/namei.c:4859
 do_sys_openat2+0x10d/0x1e0 fs/open.c:1366
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_openat fs/open.c:1388 [inline]
 __se_sys_openat fs/open.c:1383 [inline]
 __x64_sys_openat+0x12d/0x210 fs/open.c:1383
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f804039c799
RSP: 002b:00007f803e1f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f8040616270 RCX: 00007f804039c799
RDX: 0000000000040e00 RSI: 0000200000001280 RDI: ffffffffffffff9c
RBP: 00007f8040432c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8040616308 R14: 00007f8040616270 R15: 00007ffe9a7398f8
 </TASK>

Showing all locks held in the system:
2 locks held by kworker/1:1/29:
 #0: ffff88813fe67148 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251
 #1: ffffc90000a57d08 (console_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252
1 lock held by khungtaskd/31:
 #0: ffffffff8e7e76a0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 #0: ffffffff8e7e76a0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline]
 #0: ffffffff8e7e76a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 kernel/locking/lockdep.c:6775
2 locks held by kworker/u8:4/64:
 #0: ffff888020edd948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251
 #1: ffffc900015f7d08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252
2 locks held by kswapd0/78:
6 locks held by kworker/u8:7/1095:
 #0: ffff88813fe9c148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251
 #1: ffffc90004fefd08 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252
 #2: ffff88801ba820b8 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x34/0x730 drivers/tty/tty_buffer.c:467
 #3: ffff88805a78b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x21/0x90 drivers/tty/tty_ldisc.c:263
 #4: ffff88805a78b2e8 (&tty->termios_rwsem){++++}-{4:4}, at: class_rwsem_read_constructor include/linux/rwsem.h:259 [inline]
 #4: ffff88805a78b2e8 (&tty->termios_rwsem){++++}-{4:4}, at: n_tty_receive_buf_common+0x85/0x1980 drivers/tty/n_tty.c:1678
 #5: ffffc900035bd380 (&ldata->output_lock){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #5: ffffc900035bd380 (&ldata->output_lock){+.+.}-{4:4}, at: commit_echoes+0x50/0x260 drivers/tty/n_tty.c:736
4 locks held by kworker/u8:8/1142:
4 locks held by kworker/u8:10/3557:
2 locks held by kworker/0:4/5880:
2 locks held by kworker/0:8/5951:
2 locks held by getty/7085:
 #0: ffff8880388030a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243
 #1: ffffc900042eb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 drivers/tty/n_tty.c:2211
4 locks held by syz.0.371/7337:
6 locks held by syz.1.900/9602:
4 locks held by kworker/u8:2/10186:
1 lock held by syz.8.1090/10523:
 #0: ffffffff8f4f9288 (vc_sel.lock){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4f9288 (vc_sel.lock){+.+.}-{4:4}, at: set_selection_kernel+0x34/0x1460 drivers/tty/vt/selection.c:378
1 lock held by syz.2.1100/10560:
 #0: ffffffff8f4f9288 (vc_sel.lock){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4f9288 (vc_sel.lock){+.+.}-{4:4}, at: set_selection_kernel+0x34/0x1460 drivers/tty/vt/selection.c:378
2 locks held by syz.5.1136/10921:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
 #1: ffff8880898461c0 (&tty->legacy_mutex){+.+.}-{4:4}, at: tty_init_dev.part.0+0x39/0x470 drivers/tty/tty_io.c:1406
1 lock held by syz.1.1146/11018:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
1 lock held by syz.9.1147/11021:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
3 locks held by kworker/u8:6/11066:
1 lock held by syz.6.1149/11086:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.0.1151/11105:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
1 lock held by syz.7.1162/11428:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
3 locks held by kworker/0:0/11523:
1 lock held by syz.4.1168/11584:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.2.1171/11594:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.8.1173/11604:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.3.1181/11630:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.5.1195/11727:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.1.1198/11795:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
1 lock held by syz.6.1199/11799:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
1 lock held by syz.9.1202/11808:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.9.1202/11809:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
1 lock held by syz.0.1204/11829:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
1 lock held by syz.7.1224/12020:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
4 locks held by kworker/u8:13/12053:
1 lock held by syz.3.1230/12058:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.2.1248/12115:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: class_mutex_constructor include/linux/mutex.h:253 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open drivers/tty/pty.c:798 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: ptmx_open+0x150/0x3c0 drivers/tty/pty.c:765
1 lock held by syz.5.1247/12212:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz.4.1270/12262:
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open_by_driver drivers/tty/tty_io.c:2037 [inline]
 #0: ffffffff8f4ec8a8 (tty_mutex){+.+.}-{4:4}, at: tty_open+0x539/0xfa0 drivers/tty/tty_io.c:2120
1 lock held by syz-executor/12380:
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_lock include/linux/rtnetlink.h:130 [inline]
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x49c/0x1bb0 net/ipv6/addrconf.c:5031
4 locks held by syz-executor/12414:
1 lock held by syz.1.1312/12465:
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: tun_detach drivers/net/tun.c:634 [inline]
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 drivers/net/tun.c:3436
1 lock held by syz.9.1313/12470:
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: ip6_mroute_setsockopt+0xe71/0x36d0 net/ipv6/ip6mr.c:1747
1 lock held by syz.9.1313/12472:
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #0: ffffffff90611728 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8bb/0x2380 net/core/rtnetlink.c:4071

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 nmi_cpu_backtrace.cold+0x12d/0x151 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x1d7/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:161 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x141/0x190 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xd25/0x1050 kernel/hung_task.c:515
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 10186 Comm: kworker/u8:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:hlock_class kernel/locking/lockdep.c:234 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4879 [inline]
RIP: 0010:__lock_acquire+0x350/0x2630 kernel/locking/lockdep.c:5187
Code: 44 f8 41 83 c6 01 48 83 c3 28 44 3b b5 50 0b 00 00 0f 8d b2 00 00 00 0f b7 43 20 66 25 ff 1f 0f b7 c0 48 0f a3 05 10 e6 2f 14 <72> a9 44 8b 1d 27 92 38 19 45 85 db 0f 84 d2 03 00 00 31 f6 eb a5
RSP: 0018:ffffc9000685e9a0 EFLAGS: 00000007
RAX: 00000000000006e2 RBX: ffff888028a35550 RCX: 0000000000000004
RDX: 0000000000000001 RSI: ffffffff9617d6f0 RDI: 0000000000000000
RBP: ffff888028a34980 R08: 0000000000000000 R09: 0000000000000007
R10: 0000000000000004 R11: 0000000000000000 R12: ffff888028a35578
R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000004
FS:  0000000000000000(0000) GS:ffff888124442000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c436bb5 CR3: 000000006d2bc000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
 rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 rcu_read_lock include/linux/rcupdate.h:850 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0xd1/0x1ea0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5260 [inline]
 __kmalloc_noprof+0x301/0x850 mm/slub.c:5272
 kmalloc_noprof include/linux/slab.h:954 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 ieee802_11_parse_elems_full+0x177/0x3720 net/mac80211/parse.c:1051
 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2480 [inline]
 ieee80211_inform_bss+0x159/0x1150 net/mac80211/scan.c:79
 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline]
 cfg80211_inform_single_bss_data+0x898/0x1e20 net/wireless/scan.c:2372
 cfg80211_inform_bss_data+0x237/0x3a00 net/wireless/scan.c:3226
 cfg80211_inform_bss_frame_data+0x247/0x790 net/wireless/scan.c:3317
 ieee80211_bss_info_update+0x310/0xab0 net/mac80211/scan.c:230
 ieee80211_rx_bss_info net/mac80211/ibss.c:1094 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1575 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x1919/0x2f80 net/mac80211/ibss.c:1602
 ieee80211_iface_process_skb net/mac80211/iface.c:1748 [inline]
 ieee80211_iface_work+0xbff/0x13d0 net/mac80211/iface.c:1802
 cfg80211_wiphy_work+0x446/0x5c0 net/wireless/core.c:440
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>