INFO: task khugepaged:33 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:khugepaged      state:D stack:20696 pid:   33 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 schedule_timeout+0xac/0x300 kernel/time/timer.c:1857
 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x46/0x60 kernel/sched/completion.c:138
 __flush_work+0x135/0x1b0 kernel/workqueue.c:3084
 __lru_add_drain_all+0x8d3/0x9d0 mm/swap.c:849
 khugepaged_do_scan+0xd1/0x640 mm/khugepaged.c:2222
 khugepaged+0xf5/0x890 mm/khugepaged.c:2283
 kthread+0x468/0x490 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30
 </TASK>
INFO: task kworker/u4:5:1092 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:5    state:D stack:22240 pid: 1092 ppid:     2 flags:0x00004000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 schedule_timeout+0xac/0x300 kernel/time/timer.c:1857
 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x46/0x60 kernel/sched/completion.c:138
 __synchronize_srcu+0x2aa/0x350 kernel/rcu/srcutree.c:930
 fsnotify_connector_destroy_workfn+0x40/0xa0 fs/notify/mark.c:164
 process_one_work+0x853/0x1140 kernel/workqueue.c:2298
 worker_thread+0xac1/0x1320 kernel/workqueue.c:2445
 kthread+0x468/0x490 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30
 </TASK>
INFO: task kworker/u4:12:10509 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:12   state:D stack:22448 pid:10509 ppid:     2 flags:0x00004000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xb72/0x1460 kernel/sched/core.c:6253
 schedule+0x12b/0x1f0 kernel/sched/core.c:6326
 schedule_timeout+0xac/0x300 kernel/time/timer.c:1857
 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x46/0x60 kernel/sched/completion.c:138
 __synchronize_srcu+0x2aa/0x350 kernel/rcu/srcutree.c:930
 fsnotify_mark_destroy_workfn+0x126/0x300 fs/notify/mark.c:861
 process_one_work+0x853/0x1140 kernel/workqueue.c:2298
 worker_thread+0xac1/0x1320 kernel/workqueue.c:2445
 kthread+0x468/0x490 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8cb1db40 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
1 lock held by khugepaged/33:
 #0: ffffffff8cbb64e8 (lock#5){+.+.}-{3:3}, at: __lru_add_drain_all+0x67/0x9d0 mm/swap.c:798
2 locks held by kworker/u4:2/44:
2 locks held by kworker/u4:5/1092:
 #0: ffff888011469138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140
 #1: ffffc90004c1fd20 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2273
3 locks held by systemd-udevd/2976:
1 lock held by in:imklog/6194:
 #0: ffff888023198370 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:990
3 locks held by kworker/0:6/7810:
2 locks held by kworker/u4:12/10509:
 #0: ffff888011469138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7ca/0x1140
 #1: ffffc90002b1fd20 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x808/0x1140 kernel/workqueue.c:2273
3 locks held by kworker/1:4/16125:
1 lock held by syz-executor.1/21334:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x45f/0x490 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x16a/0x280 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xc82/0xcd0 kernel/hung_task.c:295
 kthread+0x468/0x490 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 7810 Comm: kworker/0:6 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_power_efficient gc_worker
RIP: 0010:mark_lock+0x57/0x1e00 kernel/locking/lockdep.c:4566
Code: 00 00 00 fc ff df 48 c7 44 24 60 b3 8a b5 41 48 c7 44 24 68 4d 5e 3e 8c 48 c7 44 24 70 b0 6e 66 81 4c 8d 64 24 60 49 c1 ec 03 <48> b8 f1 f1 f1 f1 05 f2 f2 f2 4b 89 04 3c 48 b8 f2 f2 f2 f2 f2 00
RSP: 0018:ffffc90007307820 EFLAGS: 00000802
RAX: ea690e9f71c5a000 RBX: ffff8880867861a8 RCX: ffffffff81667041
RDX: 0000000000000006 RSI: ffff888086786188 RDI: ffff888086785700
RBP: ffffc90007307a10 R08: dffffc0000000000 R09: fffffbfff1ff35e4
R10: fffffbfff1ff35e4 R11: 0000000000000000 R12: 1ffff92000e60f10
R13: ffff888086786158 R14: ffff888086785700 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000203fa030 CR3: 000000001e0b5000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 mark_held_locks kernel/locking/lockdep.c:4206 [inline]
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:4232 [inline]
 lockdep_hardirqs_on_prepare+0x37e/0x780 kernel/locking/lockdep.c:4292
 trace_hardirqs_on+0x6f/0x80 kernel/trace/trace_preemptirq.c:49
 native_save_fl arch/x86/include/asm/irqflags.h:22 [inline]
 arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
 arch_irqs_disabled arch/x86/include/asm/irqflags.h:132 [inline]
 seqcount_lockdep_reader_access+0x15f/0x230 include/linux/seqlock.h:105
 nf_conntrack_get_ht include/net/netfilter/nf_conntrack.h:326 [inline]
 gc_worker+0x19a/0xbb0 net/netfilter/nf_conntrack_core.c:1441
 process_one_work+0x853/0x1140 kernel/workqueue.c:2298
 worker_thread+0xac1/0x1320 kernel/workqueue.c:2445
 kthread+0x468/0x490 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30
 </TASK>
----------------
Code disassembly (best guess), 5 bytes skipped:
   0:	df 48 c7             	fisttps -0x39(%rax)
   3:	44 24 60             	rex.R and $0x60,%al
   6:	b3 8a                	mov    $0x8a,%bl
   8:	b5 41                	mov    $0x41,%ch
   a:	48 c7 44 24 68 4d 5e 	movq   $0xffffffff8c3e5e4d,0x68(%rsp)
  11:	3e 8c
  13:	48 c7 44 24 70 b0 6e 	movq   $0xffffffff81666eb0,0x70(%rsp)
  1a:	66 81
  1c:	4c 8d 64 24 60       	lea    0x60(%rsp),%r12
  21:	49 c1 ec 03          	shr    $0x3,%r12
* 25:	48 b8 f1 f1 f1 f1 05 	movabs $0xf2f2f205f1f1f1f1,%rax <-- trapping instruction
  2c:	f2 f2 f2
  2f:	4b 89 04 3c          	mov    %rax,(%r12,%r15,1)
  33:	48                   	rex.W
  34:	b8 f2 f2 f2 f2       	mov    $0xf2f2f2f2,%eax
  39:	f2                   	repnz