INFO: task kworker/0:6:6973 blocked for more than 144 seconds.
      Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:6     state:D stack:19152 pid:6973  tgid:6973  ppid:2      flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5188 [inline]
 __schedule+0x1800/0x4a60 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6621
 schedule_timeout+0xb0/0x310 kernel/time/timer.c:2557
 do_wait_for_common kernel/sched/completion.c:95 [inline]
 __wait_for_common kernel/sched/completion.c:116 [inline]
 wait_for_common kernel/sched/completion.c:127 [inline]
 wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
 __flush_work+0xaa9/0xd00 kernel/workqueue.c:4208
 flush_request_modules drivers/media/usb/em28xx/em28xx-cards.c:3482 [inline]
 em28xx_usb_disconnect+0x190/0x530 drivers/media/usb/em28xx/em28xx-cards.c:4195
 usb_unbind_interface+0x25e/0x940 drivers/usb/core/driver.c:461
 device_remove drivers/base/dd.c:568 [inline]
 __device_release_driver drivers/base/dd.c:1272 [inline]
 device_release_driver_internal+0x503/0x7c0 drivers/base/dd.c:1295
 bus_remove_device+0x34f/0x420 drivers/base/bus.c:574
 device_del+0x57a/0x9b0 drivers/base/core.c:3871
 usb_disable_device+0x3bf/0x850 drivers/usb/core/message.c:1418
 usb_disconnect+0x340/0x950 drivers/usb/core/hub.c:2304
 hub_port_connect drivers/usb/core/hub.c:5361 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5661 [inline]
 port_event drivers/usb/core/hub.c:5821 [inline]
 hub_event+0x1ebc/0x5150 drivers/usb/core/hub.c:5903
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Showing all locks held in the system:
4 locks held by kworker/0:0/8:
 #0: ffff888015881948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff888015881948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc900000d7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc900000d7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffffffff8fc845c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 net/wireless/reg.c:2480
 #3: ffff88805daa0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:6014 [inline]
 #3: ffff88805daa0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: reg_leave_invalid_chans net/wireless/reg.c:2468 [inline]
 #3: ffff88805daa0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: reg_check_chans_work+0x164/0xfd0 net/wireless/reg.c:2483
2 locks held by kworker/0:1/9:
3 locks held by kworker/u8:0/11:
1 lock held by khungtaskd/30:
 #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline]
 #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6626
3 locks held by kworker/u8:5/1065:
2 locks held by kworker/1:2/1786:
2 locks held by kworker/u8:10/2925:
3 locks held by kworker/u8:13/2993:
2 locks held by syslogd/4665:
3 locks held by udevd/4683:
2 locks held by dhcpcd/4896:
2 locks held by getty/4981:
 #0: ffff88802b8430a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 drivers/tty/n_tty.c:2211
2 locks held by syz-executor/5215:
 #0: ffff888012b5f148 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:690 [inline]
 #0: ffff888012b5f148 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 mm/memory.c:5998
 #1: ffff88802fdd2518 (sb_pagefaults){.+.+}-{0:0}, at: __sb_start_write include/linux/fs.h:1675 [inline]
 #1: ffff88802fdd2518 (sb_pagefaults){.+.+}-{0:0}, at: sb_start_pagefault include/linux/fs.h:1840 [inline]
 #1: ffff88802fdd2518 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1f0/0xdf0 fs/ext4/inode.c:6131
4 locks held by kworker/0:8/5285:
3 locks held by kworker/u8:4/22106:
3 locks held by kworker/u8:17/22120:
3 locks held by kworker/u8:18/22122:
5 locks held by kworker/0:6/6973:
 #0: ffff88801daa1d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff88801daa1d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc900045ffd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc900045ffd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffff888023e33190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1009 [inline]
 #2: ffff888023e33190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 drivers/usb/core/hub.c:5849
 #3: ffff88801c686190 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1009 [inline]
 #3: ffff88801c686190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 drivers/usb/core/hub.c:2295
 #4: ffff88804991b160 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1009 [inline]
 #4: ffff88804991b160 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1094 [inline]
 #4: ffff88804991b160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 drivers/base/dd.c:1292
3 locks held by kworker/u8:1/7930:
5 locks held by kworker/0:7/9161:
3 locks held by kworker/u8:2/11719:
4 locks held by kworker/0:2/18211:
 #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc9000350fd00 ((work_completion)(&dev->request_module_wk)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc9000350fd00 ((work_completion)(&dev->request_module_wk)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffffffff8f8bc2e8 (em28xx_devlist_mutex){+.+.}-{3:3}, at: em28xx_init_extension+0x32/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1113
 #3: ffff88802fff1b78 (&dev->lock#5){+.+.}-{3:3}, at: em28xx_dvb_init+0x2d0/0x4680 drivers/media/usb/em28xx/em28xx-dvb.c:1533
3 locks held by udevd/18213:
2 locks held by kworker/1:9/18727:
2 locks held by kworker/1:15/18735:
2 locks held by kworker/1:16/18736:
3 locks held by syz-executor/21600:
1 lock held by syz-executor/21695:
 #0: ffffffff8ffe9208 (uevent_sock_mutex){+.+.}-{3:3}, at: uevent_net_broadcast_untagged lib/kobject_uevent.c:317 [inline]
 #0: ffffffff8ffe9208 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_net_broadcast+0x280/0x580 lib/kobject_uevent.c:410
1 lock held by syz-executor/21910:
2 locks held by syz.2.10745/22504:
 #0: ffff888011832608 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:799 [inline]
 #0: ffff888011832608 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release net/socket.c:658 [inline]
 #0: ffff888011832608 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240 net/socket.c:1421
 #1: ffffffff8fc845c8 (rtnl_mutex){+.+.}-{3:3}, at: raw_release+0x1b8/0x8b0 net/can/raw.c:415
2 locks held by syz.4.10747/22510:
2 locks held by kworker/u8:3/22509:
2 locks held by kworker/u8:6/22511:
 #0: ffff888015889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff888015889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc9000339fd00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc9000339fd00 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
1 lock held by modprobe/22513:
6 locks held by kworker/u8:8/22514:
5 locks held by syz-executor/22515:
3 locks held by kworker/u8:11/22517:
 #0: ffff88802ae49148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3206 [inline]
 #0: ffff88802ae49148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3312
 #1: ffffc900035c7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3207 [inline]
 #1: ffffc900035c7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3312
 #2: ffffffff8fc845c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 net/ipv6/addrconf.c:4734
3 locks held by kworker/0:9/22519:
2 locks held by syz-executor/22522:
3 locks held by kworker/0:11/22524:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 nmi_cpu_backtrace+0x49c/0x4d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x198/0x320 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:223 [inline]
 watchdog+0xff4/0x1040 kernel/hung_task.c:379
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 22514 Comm: kworker/u8:8 Not tainted 6.11.0-rc4-syzkaller-00002-gb0da640826ba #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: bat_events batadv_tt_purge
RIP: 0010:csum_partial+0x5/0x2c0 lib/checksum.c:126
Code: ff e8 6f 35 11 fd e9 28 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 10 41 89 d6 89 f3 49 89 fd e8
RSP: 0018:ffffc90000a182f8 EFLAGS: 00000246
RAX: ffffffff897e7b13 RBX: 0000000000000028 RCX: ffff88806319da00
RDX: 0000000000000000 RSI: 0000000000000028 RDI: ffff888079678010
RBP: ffff888079678010 R08: ffffffff897e7a8f R09: ffffffff897e8370
R10: ffffffff897e8330 R11: ffffffff897e8370 R12: 0000000000000038
R13: 0000000000000028 R14: ffffffff897e8330 R15: ffff88804e81c718
FS:  0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4dcf1b5270 CR3: 000000000e734000 CR4: 00000000003506f0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 csum_partial_ext include/net/checksum.h:121 [inline]
 __skb_checksum+0x110/0x910 net/core/skbuff.c:3452
 skb_checksum+0x9e/0xf0 net/core/skbuff.c:3532
 nf_ip6_checksum+0x1d5/0x340 net/netfilter/utils.c:89
 nf_conntrack_icmpv6_error+0x1d2/0x5a0 net/netfilter/nf_conntrack_proto_icmpv6.c:202
 nf_conntrack_handle_icmp+0xd4/0x180 net/netfilter/nf_conntrack_core.c:1889
 nf_conntrack_in+0x13e1/0x1890 net/netfilter/nf_conntrack_core.c:1983
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312
 __netif_receive_skb_one_core net/core/dev.c:5661 [inline]
 __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775
 process_backlog+0x662/0x15b0 net/core/dev.c:6108
 __napi_poll+0xcb/0x490 net/core/dev.c:6772
 napi_poll net/core/dev.c:6841 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:6963
 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
 do_softirq+0x11b/0x1e0 kernel/softirq.c:455
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_local_purge+0x2a0/0x340 net/batman-adv/translation-table.c:1356
 batadv_tt_purge+0x35/0xa40 net/batman-adv/translation-table.c:3560
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>