INFO: task kworker/1:13:18893 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:13    state:D stack:27632 pid:18893 ppid:     2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xa9a/0x4940 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4595
 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
INFO: task syz-executor.4:5823 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc5-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4  state:D stack:26448 pid: 5823 ppid:  3632 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xa9a/0x4940 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6385
 __mutex_lock_common kernel/locking/mutex.c:680 [inline]
 __mutex_lock+0xa32/0x12f0 kernel/locking/mutex.c:740
 rtnl_lock net/core/rtnetlink.c:72 [inline]
 rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5567
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2492
 netlink_unicast_kernel net/netlink/af_netlink.c:1315 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1341
 netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:704 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:724
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f9c670e5e99
RSP: 002b:00007f9c65a3a168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9c671f9030 RCX: 00007f9c670e5e99
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005
RBP: 00007f9c6713fff1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe3254a1bf R14: 00007f9c65a3a300 R15: 0000000000022000
 </TASK>

Showing all locks held in the system:
1 lock held by init/1:
 #0: ffff888146e9f338 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:838 [inline]
 #0: ffff888146e9f338 (mapping.invalidate_lock){++++}-{3:3}, at: page_cache_ra_unbounded+0x1b3/0x940 mm/readahead.c:194
4 locks held by kworker/u4:1/10:
1 lock held by khungtaskd/27:
 #0: ffffffff8bb83de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
3 locks held by jbd2/sda1-8/2935:
1 lock held by dhcpcd/3181:
 #0: ffffffff8c35e038 (tomoyo_ss){....}-{0:0}, at: tomoyo_path_number_perm+0x18d/0x590 security/tomoyo/file.c:720
2 locks held by getty/3283:
 #0: ffff88814a88d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:252
 #1: ffffc90002b962e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xcf0/0x1230 drivers/tty/n_tty.c:2113
1 lock held by syz-fuzzer/3595:
 #0: ffff888072409980 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:838 [inline]
 #0: ffff888072409980 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0xc7e/0x26d0 mm/filemap.c:3081
1 lock held by syz-fuzzer/3597:
 #0: ffff888072409980 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:838 [inline]
 #0: ffff888072409980 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_fault+0xc7e/0x26d0 mm/filemap.c:3081
1 lock held by syz-fuzzer/3601:
 #0: ffff888072409980 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:838 [inline]
 #0: ffff888072409980 (mapping.invalidate_lock){++++}-{3:3}, at: page_cache_ra_unbounded+0x1b3/0x940 mm/readahead.c:194
2 locks held by syz-executor.2/3629:
 #0: ffff88807aa81000 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x2a/0x70 net/bluetooth/hci_core.c:551
 #1: ffff88807aa80078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x26d/0x1120 net/bluetooth/hci_sync.c:4015
1 lock held by syz-executor.5/3630:
 #0: ffff88801b330de8 (&type->i_mutex_dir_key#4){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:793 [inline]
 #0: ffff88801b330de8 (&type->i_mutex_dir_key#4){++++}-{3:3}, at: lookup_slow fs/namei.c:1673 [inline]
 #0: ffff88801b330de8 (&type->i_mutex_dir_key#4){++++}-{3:3}, at: walk_component+0x400/0x6a0 fs/namei.c:1970
1 lock held by syz-executor.1/3679:
 #0: ffff88801b3321d8 (&type->i_mutex_dir_key#4){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:793 [inline]
 #0: ffff88801b3321d8 (&type->i_mutex_dir_key#4){++++}-{3:3}, at: lookup_slow fs/namei.c:1673 [inline]
 #0: ffff88801b3321d8 (&type->i_mutex_dir_key#4){++++}-{3:3}, at: walk_component+0x400/0x6a0 fs/namei.c:1970
3 locks held by kworker/1:13/18893:
 #0: ffff88802253e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88802253e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88802253e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
 #0: ffff88802253e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
 #0: ffff88802253e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
 #0: ffff88802253e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
 #1: ffffc9000428fdb0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
 #2: ffffffff8d3162a8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4595
2 locks held by syz-executor.4/5819:
 #0: ffffffff8d3162a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d3162a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5567
 #1: ffffffff8bcaab80 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4585 [inline]
 #1: ffffffff8bcaab80 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4609 [inline]
 #1: ffffffff8bcaab80 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0xa1e/0x20d0 mm/page_alloc.c:5007
1 lock held by syz-executor.4/5823:
 #0: ffffffff8d3162a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff8d3162a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5567
1 lock held by dhcpcd/5825:
 #0: ffffffff8bcaab80 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:4585 [inline]
 #0: ffffffff8bcaab80 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:4609 [inline]
 #0: ffffffff8bcaab80 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0xa1e/0x20d0 mm/page_alloc.c:5007

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xc1d/0xf50 kernel/hung_task.c:295
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2935 Comm: jbd2/sda1-8 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:shrink_node+0x1695/0x1eb0 mm/vmscan.c:3248
Code: 0f be 66 2b bf 3f 00 00 00 44 89 e6 44 89 e5 e8 f1 c0 d2 ff 41 83 fc 3f 0f 87 c6 ea 61 07 e8 c2 be d2 ff 89 e9 31 ff 48 d3 eb <48> 89 de e8 43 c1 d2 ff 48 85 db 41 0f 95 c4 e8 a7 be d2 ff 48 8b
RSP: 0000:ffffc9000c35ea18 EFLAGS: 00000206
RAX: 0000000000000000 RBX: 000000000000000c RCX: 000000000000000c
RDX: ffff88807f275700 RSI: ffffffff81a4f30e RDI: 0000000000000000
RBP: 000000000000000c R08: 000000000000003f R09: 0000000000000000
R10: ffffffff81a4f2ff R11: 0000000000000000 R12: 000000000000000c
R13: 000000000000348c R14: ffffc9000c35ec88 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000444392 CR3: 000000000b88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 shrink_zones mm/vmscan.c:3485 [inline]
 do_try_to_free_pages+0x4e2/0x1640 mm/vmscan.c:3541
 try_to_free_pages+0x29f/0x750 mm/vmscan.c:3776
 __perform_reclaim mm/page_alloc.c:4588 [inline]
 __alloc_pages_direct_reclaim mm/page_alloc.c:4609 [inline]
 __alloc_pages_slowpath.constprop.0+0xac7/0x20d0 mm/page_alloc.c:5007
 __alloc_pages+0x412/0x500 mm/page_alloc.c:5382
 alloc_pages+0x1a7/0x300 mm/mempolicy.c:2191
 __stack_depot_save+0x3b5/0x4f0 lib/stackdepot.c:359
 save_stack+0x15e/0x1e0 mm/page_owner.c:120
 __set_page_owner+0x45/0x2d0 mm/page_owner.c:181
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages_cpuset_fallback mm/page_alloc.c:4231 [inline]
 __alloc_pages_may_oom mm/page_alloc.c:4322 [inline]
 __alloc_pages_slowpath.constprop.0+0x1d3d/0x20d0 mm/page_alloc.c:5051
 __alloc_pages+0x412/0x500 mm/page_alloc.c:5382
 alloc_pages+0x1a7/0x300 mm/mempolicy.c:2191
 folio_alloc+0x1c/0x70 mm/mempolicy.c:2201
 filemap_alloc_folio mm/filemap.c:1036 [inline]
 __filemap_get_folio+0x60e/0xe10 mm/filemap.c:1951
 pagecache_get_page+0x2c/0x1a0 mm/folio-compat.c:125
 find_or_create_page include/linux/pagemap.h:489 [inline]
 grow_dev_page fs/buffer.c:949 [inline]
 grow_buffers fs/buffer.c:1014 [inline]
 __getblk_slow+0x1ed/0xae0 fs/buffer.c:1041
 __getblk_gfp+0x6e/0x80 fs/buffer.c:1334
 __getblk include/linux/buffer_head.h:382 [inline]
 jbd2_journal_get_descriptor_buffer+0x10a/0x410 fs/jbd2/journal.c:1014
 journal_submit_commit_record.part.0+0x8b/0xa00 fs/jbd2/commit.c:131
 journal_submit_commit_record fs/jbd2/commit.c:128 [inline]
 jbd2_journal_commit_transaction+0x3fbd/0x6be0 fs/jbd2/commit.c:925
 kjournald2+0x1d0/0x930 fs/jbd2/journal.c:213
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
----------------
Code disassembly (best guess):
   0:	0f be 66 2b          	movsbl 0x2b(%rsi),%esp
   4:	bf 3f 00 00 00       	mov    $0x3f,%edi
   9:	44 89 e6             	mov    %r12d,%esi
   c:	44 89 e5             	mov    %r12d,%ebp
   f:	e8 f1 c0 d2 ff       	callq  0xffd2c105
  14:	41 83 fc 3f          	cmp    $0x3f,%r12d
  18:	0f 87 c6 ea 61 07    	ja     0x761eae4
  1e:	e8 c2 be d2 ff       	callq  0xffd2bee5
  23:	89 e9                	mov    %ebp,%ecx
  25:	31 ff                	xor    %edi,%edi
  27:	48 d3 eb             	shr    %cl,%rbx
* 2a:	48 89 de             	mov    %rbx,%rsi <-- trapping instruction
  2d:	e8 43 c1 d2 ff       	callq  0xffd2c175
  32:	48 85 db             	test   %rbx,%rbx
  35:	41 0f 95 c4          	setne  %r12b
  39:	e8 a7 be d2 ff       	callq  0xffd2bee5
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b