INFO: task kworker/0:0:5 blocked for more than 143 seconds.
Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0 state:D stack:26328 pid: 5 ppid: 2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:4972 [inline]
__schedule+0xa9a/0x4940 kernel/sched/core.c:6253
schedule+0xd2/0x260 kernel/sched/core.c:6326
usb_kill_urb.part.0+0x19a/0x220 drivers/usb/core/urb.c:720
usb_kill_urb+0x7f/0xa0 drivers/usb/core/urb.c:715
usb_start_wait_urb+0x24a/0x4c0 drivers/usb/core/message.c:64
usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
usb_get_descriptor+0xdd/0x1d0 drivers/usb/core/message.c:793
usb_get_device_descriptor+0x81/0xf0 drivers/usb/core/message.c:1071
hub_port_init+0x971/0x2e80 drivers/usb/core/hub.c:4922
hub_port_connect drivers/usb/core/hub.c:5282 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
port_event drivers/usb/core/hub.c:5643 [inline]
hub_event+0x21ea/0x4460 drivers/usb/core/hub.c:5725
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
Showing all locks held in the system:
5 locks held by kworker/0:0/5:
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
#1: ffffc90000ca7db0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
#2: ffff888147e8f220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#2: ffff888147e8f220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4460 drivers/usb/core/hub.c:5671
#3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3086 [inline]
#3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5249 [inline]
#3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
#3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
#3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1e17/0x4460 drivers/usb/core/hub.c:5725
#4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5250 [inline]
#4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
#4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
#4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1e40/0x4460 drivers/usb/core/hub.c:5725
1 lock held by khungtaskd/27:
#0: ffffffff8bb83b60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
1 lock held by in:imklog/6222:
#0: ffff8880700c0d70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990
5 locks held by kworker/0:8/9228:
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
#0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
#1: ffffc900052dfdb0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
#2: ffff88801d9af220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
#2: ffff88801d9af220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4460 drivers/usb/core/hub.c:5671
#3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3086 [inline]
#3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5249 [inline]
#3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
#3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
#3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1e17/0x4460 drivers/usb/core/hub.c:5725
#4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5250 [inline]
#4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
#4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
#4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1e40/0x4460 drivers/usb/core/hub.c:5725
1 lock held by syz-executor.5/15038:
1 lock held by syz-executor.3/15214:
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xc1d/0xf50 kernel/hung_task.c:295
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8865 Comm: kworker/u4:7 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
RIP: 0010:kasan_check_range+0xe/0x180 mm/kasan/generic.c:188
Code: f0 b2 38 8b 48 8d 50 ff a8 01 48 0f 45 fa e8 69 74 ec ff 0f 0b 0f 1f 80 00 00 00 00 48 85 f6 0f 84 3c 01 00 00 49 89 f9 41 54 <44> 0f b6 c2 49 01 f1 55 53 0f 82 18 01 00 00 48 b8 ff ff ff ff ff
RSP: 0018:ffffc9000419fa50 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffffffff8bb83b60 RCX: ffffffff815c61c6
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ff72a00
RBP: 0000000000000028 R08: 1ffff11006828895 R09: ffffffff8ff72a00
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880341444b0
R13: ffff888034143a00 R14: 0000000000020000 R15: 0000000000020028
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010038 CR3: 000000000b88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
instrument_atomic_read include/linux/instrumented.h:71 [inline]
test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
hlock_class kernel/locking/lockdep.c:199 [inline]
check_wait_context kernel/locking/lockdep.c:4700 [inline]
__lock_acquire+0x3e6/0x54a0 kernel/locking/lockdep.c:4977
lock_acquire kernel/locking/lockdep.c:5637 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
rcu_lock_acquire include/linux/rcupdate.h:268 [inline]
rcu_read_lock include/linux/rcupdate.h:688 [inline]
batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:412 [inline]
batadv_nc_worker+0x12d/0xfa0 net/batman-adv/network-coding.c:723
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
----------------
Code disassembly (best guess):
0: f0 b2 38 lock mov $0x38,%dl
3: 8b 48 8d mov -0x73(%rax),%ecx
6: 50 push %rax
7: ff a8 01 48 0f 45 ljmp *0x450f4801(%rax)
d: fa cli
e: e8 69 74 ec ff callq 0xffec747c
13: 0f 0b ud2
15: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
1c: 48 85 f6 test %rsi,%rsi
1f: 0f 84 3c 01 00 00 je 0x161
25: 49 89 f9 mov %rdi,%r9
28: 41 54 push %r12
* 2a: 44 0f b6 c2 movzbl %dl,%r8d <-- trapping instruction
2e: 49 01 f1 add %rsi,%r9
31: 55 push %rbp
32: 53 push %rbx
33: 0f 82 18 01 00 00 jb 0x151
39: 48 rex.W
3a: b8 ff ff ff ff mov $0xffffffff,%eax
3f: ff .byte 0xff