INFO: task kworker/0:0:5 blocked for more than 143 seconds.
      Not tainted 5.16.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:D stack:26328 pid:    5 ppid:     2 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4972 [inline]
 __schedule+0xa9a/0x4940 kernel/sched/core.c:6253
 schedule+0xd2/0x260 kernel/sched/core.c:6326
 usb_kill_urb.part.0+0x19a/0x220 drivers/usb/core/urb.c:720
 usb_kill_urb+0x7f/0xa0 drivers/usb/core/urb.c:715
 usb_start_wait_urb+0x24a/0x4c0 drivers/usb/core/message.c:64
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
 usb_get_descriptor+0xdd/0x1d0 drivers/usb/core/message.c:793
 usb_get_device_descriptor+0x81/0xf0 drivers/usb/core/message.c:1071
 hub_port_init+0x971/0x2e80 drivers/usb/core/hub.c:4922
 hub_port_connect drivers/usb/core/hub.c:5282 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5643 [inline]
 hub_event+0x21ea/0x4460 drivers/usb/core/hub.c:5725
 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Showing all locks held in the system:
5 locks held by kworker/0:0/5:
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
 #1: ffffc90000ca7db0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
 #2: ffff888147e8f220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
 #2: ffff888147e8f220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4460 drivers/usb/core/hub.c:5671
 #3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3086 [inline]
 #3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5249 [inline]
 #3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 #3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
 #3: ffff88801d79a5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1e17/0x4460 drivers/usb/core/hub.c:5725
 #4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5250 [inline]
 #4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 #4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
 #4: ffff888147e06768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1e40/0x4460 drivers/usb/core/hub.c:5725
1 lock held by khungtaskd/27:
 #0: ffffffff8bb83b60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
1 lock held by in:imklog/6222:
 #0: ffff8880700c0d70 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990
5 locks held by kworker/0:8/9228:
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
 #0: ffff88801238f938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269
 #1: ffffc900052dfdb0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
 #2: ffff88801d9af220 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:760 [inline]
 #2: ffff88801d9af220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c1/0x4460 drivers/usb/core/hub.c:5671
 #3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_lock_port drivers/usb/core/hub.c:3086 [inline]
 #3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5249 [inline]
 #3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 #3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
 #3: ffff88801da025c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1e17/0x4460 drivers/usb/core/hub.c:5725
 #4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect drivers/usb/core/hub.c:5250 [inline]
 #4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 #4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: port_event drivers/usb/core/hub.c:5643 [inline]
 #4: ffff88801d73ad68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1e40/0x4460 drivers/usb/core/hub.c:5725
1 lock held by syz-executor.5/15038:
1 lock held by syz-executor.3/15214:

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xc1d/0xf50 kernel/hung_task.c:295
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8865 Comm: kworker/u4:7 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_nc_worker
RIP: 0010:kasan_check_range+0xe/0x180 mm/kasan/generic.c:188
Code: f0 b2 38 8b 48 8d 50 ff a8 01 48 0f 45 fa e8 69 74 ec ff 0f 0b 0f 1f 80 00 00 00 00 48 85 f6 0f 84 3c 01 00 00 49 89 f9 41 54 <44> 0f b6 c2 49 01 f1 55 53 0f 82 18 01 00 00 48 b8 ff ff ff ff ff
RSP: 0018:ffffc9000419fa50 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffffffff8bb83b60 RCX: ffffffff815c61c6
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ff72a00
RBP: 0000000000000028 R08: 1ffff11006828895 R09: ffffffff8ff72a00
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880341444b0
R13: ffff888034143a00 R14: 0000000000020000 R15: 0000000000020028
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010038 CR3: 000000000b88e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 hlock_class kernel/locking/lockdep.c:199 [inline]
 check_wait_context kernel/locking/lockdep.c:4700 [inline]
 __lock_acquire+0x3e6/0x54a0 kernel/locking/lockdep.c:4977
 lock_acquire kernel/locking/lockdep.c:5637 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5602
 rcu_lock_acquire include/linux/rcupdate.h:268 [inline]
 rcu_read_lock include/linux/rcupdate.h:688 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:412 [inline]
 batadv_nc_worker+0x12d/0xfa0 net/batman-adv/network-coding.c:723
 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
----------------
Code disassembly (best guess):
   0:	f0 b2 38             	lock mov $0x38,%dl
   3:	8b 48 8d             	mov    -0x73(%rax),%ecx
   6:	50                   	push   %rax
   7:	ff a8 01 48 0f 45    	ljmp   *0x450f4801(%rax)
   d:	fa                   	cli
   e:	e8 69 74 ec ff       	callq  0xffec747c
  13:	0f 0b                	ud2
  15:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)
  1c:	48 85 f6             	test   %rsi,%rsi
  1f:	0f 84 3c 01 00 00    	je     0x161
  25:	49 89 f9             	mov    %rdi,%r9
  28:	41 54                	push   %r12
* 2a:	44 0f b6 c2          	movzbl %dl,%r8d <-- trapping instruction
  2e:	49 01 f1             	add    %rsi,%r9
  31:	55                   	push   %rbp
  32:	53                   	push   %rbx
  33:	0f 82 18 01 00 00    	jb     0x151
  39:	48                   	rex.W
  3a:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  3f:	ff                   	.byte 0xff