INFO: task kworker/u4:6:8637 blocked for more than 143 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:6    D24792  8637      2 0x80004000
Workqueue: events_unbound fsnotify_connector_destroy_workfn
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 schedule_timeout+0x55b/0x850 kernel/time/timer.c:1874
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x16a/0x270 kernel/sched/completion.c:138
 __synchronize_srcu+0x1a7/0x260 kernel/rcu/srcutree.c:922
 fsnotify_connector_destroy_workfn+0x49/0xa0 fs/notify/mark.c:164
 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 kthread+0x388/0x470 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
INFO: task systemd-udevd:9316 blocked for more than 143 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd   D26144  9316   4106 0x00000100
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4222
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
 sock_do_ioctl+0x1b7/0x2f0 net/socket.c:1076
 sock_ioctl+0x3ec/0x790 net/socket.c:1204
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:770
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x7fd72477f017
Code: Bad RIP value.
RSP: 002b:00007ffe17f19ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffe17f1a040 RCX: 00007fd72477f017
RDX: 00007ffe17f1a010 RSI: 0000000000008946 RDI: 0000000000000007
RBP: 00007ffe17f1a1b0 R08: 0000000000000000 R09: 00000000000000c0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000557d7b506ae0
R13: 00007ffe17f1a010 R14: 0000000000000001 R15: 0000000000000000
INFO: task systemd-udevd:9687 blocked for more than 144 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
systemd-udevd   D27368  9687   4106 0x00004100
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4222
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
 sock_do_ioctl+0x1b7/0x2f0 net/socket.c:1076
 sock_ioctl+0x3ec/0x790 net/socket.c:1204
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:770
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x7fd72477f017
Code: Bad RIP value.
RSP: 002b:00007ffe17f19ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffe17f1a040 RCX: 00007fd72477f017
RDX: 00007ffe17f1a010 RSI: 0000000000008946 RDI: 0000000000000007
RBP: 00007ffe17f1a1b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000246 R12: 0000557d7b506ae0
R13: 00007ffe17f1a010 R14: 0000000000000001 R15: 0000000000000000
INFO: task kworker/u4:7:9853 blocked for more than 144 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/u4:7    D25480  9853      2 0x80004000
Workqueue: events_unbound fsnotify_mark_destroy_workfn
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 schedule_timeout+0x55b/0x850 kernel/time/timer.c:1874
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x16a/0x270 kernel/sched/completion.c:138
 __synchronize_srcu+0x1a7/0x260 kernel/rcu/srcutree.c:922
 fsnotify_mark_destroy_workfn+0xfd/0x330 fs/notify/mark.c:832
 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 kthread+0x388/0x470 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
INFO: task syz-executor.3:3715 blocked for more than 145 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.3  D27120  3715   7335 0x00004004
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 schedule_timeout+0x55b/0x850 kernel/time/timer.c:1874
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x16a/0x270 kernel/sched/completion.c:138
 __flush_work+0x4fd/0xa80 kernel/workqueue.c:3045
 p9_mux_poll_stop net/9p/trans_fd.c:175 [inline]
 p9_conn_destroy net/9p/trans_fd.c:862 [inline]
 p9_fd_close+0x290/0x520 net/9p/trans_fd.c:898
 p9_client_create+0x99b/0x1440 net/9p/client.c:1069
 v9fs_session_init+0x1e7/0x18c0 fs/9p/v9fs.c:406
 v9fs_mount+0x79/0x970 fs/9p/vfs_super.c:124
 legacy_get_tree+0x105/0x220 fs/fs_context.c:622
 vfs_get_tree+0x89/0x2f0 fs/super.c:1547
 do_new_mount fs/namespace.c:2816 [inline]
 do_mount+0x1306/0x1b30 fs/namespace.c:3141
 __do_sys_mount fs/namespace.c:3350 [inline]
 __se_sys_mount fs/namespace.c:3327 [inline]
 __x64_sys_mount+0x18f/0x230 fs/namespace.c:3327
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c889
Code: Bad RIP value.
RSP: 002b:00007f75b0d8fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f75b0d906d4 RCX: 000000000045c889
RDX: 0000000020000280 RSI: 0000000020000080 RDI: 0000000000000000
RBP: 000000000076bfa0 R08: 00000000200002c0 R09: 0000000000000000
R10: 000000000d000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000074c R14: 00000000004ca0ed R15: 000000000076bfac
INFO: task syz-executor.0:3758 blocked for more than 145 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.0  D28128  3758   7029 0x00000004
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 schedule_timeout+0x55b/0x850 kernel/time/timer.c:1874
 do_wait_for_common kernel/sched/completion.c:85 [inline]
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion+0x16a/0x270 kernel/sched/completion.c:138
 __synchronize_srcu+0x1a7/0x260 kernel/rcu/srcutree.c:922
 tracepoint_synchronize_unregister include/linux/tracepoint.h:82 [inline]
 perf_trace_event_unreg.isra.0+0xba/0x200 kernel/trace/trace_event_perf.c:168
 perf_trace_destroy+0xb5/0xf0 kernel/trace/trace_event_perf.c:243
 _free_event+0x33b/0x1330 kernel/events/core.c:4792
 put_event+0x40/0x50 kernel/events/core.c:4886
 perf_event_release_kernel+0x6e1/0xdc0 kernel/events/core.c:5001
 perf_release+0x33/0x40 kernel/events/core.c:5011
 __fput+0x33e/0x880 fs/file_table.c:280
 task_work_run+0xf4/0x1b0 kernel/task_work.c:123
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x2fa/0x360 arch/x86/entry/common.c:165
 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:279 [inline]
 do_syscall_64+0x6b1/0x7d0 arch/x86/entry/common.c:305
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x416421
Code: Bad RIP value.
RSP: 002b:00007ffda8d30770 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000416421
RDX: 0000001b33020000 RSI: 0000000000000cfd RDI: 0000000000000003
RBP: 0000000000000001 R08: 00000000f56eacfc R09: 00000000f56ead00
R10: 00007ffda8d30850 R11: 0000000000000293 R12: 000000000076c900
R13: 000000000076c900 R14: 000000000009f454 R15: 000000000076bf0c
INFO: task syz-executor.5:3765 blocked for more than 145 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.5  D27472  3765   7519 0x00000004
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 synchronize_rcu_expedited+0x45a/0x620 kernel/rcu/tree_exp.h:872
 synchronize_net+0x37/0x50 net/core/dev.c:9941
 dev_deactivate_many+0x495/0xba0 net/sched/sch_generic.c:1208
 __dev_close_many+0x130/0x2e0 net/core/dev.c:1507
 dev_close_many+0x226/0x620 net/core/dev.c:1545
 rollback_registered_many+0x3ad/0xe70 net/core/dev.c:8803
 rollback_registered+0xf2/0x1c0 net/core/dev.c:8871
 unregister_netdevice_queue net/core/dev.c:9967 [inline]
 unregister_netdevice_queue+0x1d7/0x2b0 net/core/dev.c:9960
 unregister_netdevice include/linux/netdevice.h:2725 [inline]
 ser_release+0x17f/0x270 drivers/net/caif/caif_serial.c:314
 ldisc_open+0xe7/0x950 drivers/net/caif/caif_serial.c:337
 tty_ldisc_open.isra.0+0x9b/0x110 drivers/tty/tty_ldisc.c:464
 tty_set_ldisc+0x2e8/0x670 drivers/tty/tty_ldisc.c:591
 tiocsetd drivers/tty/tty_io.c:2333 [inline]
 tty_ioctl+0xcde/0x1440 drivers/tty/tty_io.c:2593
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:770
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c889
Code: Bad RIP value.
RSP: 002b:00007f08d1118c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f08d11196d4 RCX: 000000000045c889
RDX: 0000000020000600 RSI: 0000000000005423 RDI: 0000000000000003
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000584 R14: 00000000004c81df R15: 000000000076bf0c
INFO: task syz-executor.4:3780 blocked for more than 146 seconds.
      Not tainted 5.7.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor.4  D27056  3780   7466 0x00000004
Call Trace:
 schedule+0xd0/0x2a0 kernel/sched/core.c:4163
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:4222
 __mutex_lock_common kernel/locking/mutex.c:1033 [inline]
 __mutex_lock+0x7ab/0x13c0 kernel/locking/mutex.c:1103
 perf_trace_init+0x49/0x240 kernel/trace/trace_event_perf.c:223
 perf_tp_event_init+0xa2/0x120 kernel/events/core.c:9320
 perf_try_init_event+0x12a/0x560 kernel/events/core.c:10772
 perf_init_event kernel/events/core.c:10824 [inline]
 perf_event_alloc.part.0+0xe26/0x38e0 kernel/events/core.c:11100
 perf_event_alloc kernel/events/core.c:11479 [inline]
 __do_sys_perf_event_open+0x695/0x2890 kernel/events/core.c:11595
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c889
Code: 60 48 85 c9 74 1a 8b 54 24 24 85 d2 74 12 8b 5c 24 68 0f b7 0c 59 81 e1 ff 7f 00 00 39 d1 75 30 48 8b 4c 24 28 48 8b 54 24 40 <48> 8b 4c ca 08 48 03 48 10 48 8b 84 24 88 00 00 00 48 89 08 c6 84
RSP: 002b:00007f8c6cfaac78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007f8c6cfab6d4 RCX: 000000000045c889
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000818 R14: 00000000004cad49 R15: 000000000076bf0c

Showing all locks held in the system:
1 lock held by khungtaskd/1139:
 #0: ffffffff899bed00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5754
1 lock held by in:imklog/6695:
 #0: ffff8880a870f3f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:826
2 locks held by kworker/u4:6/8637:
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: __write_once_size include/linux/compiler.h:226 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 kernel/workqueue.c:2239
 #1: ffffc90003307dc0 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 kernel/workqueue.c:2243
1 lock held by systemd-udevd/9316:
 #0: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
1 lock held by systemd-udevd/9426:
 #0: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
1 lock held by systemd-udevd/9687:
 #0: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
2 locks held by kworker/u4:7/9853:
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: __write_once_size include/linux/compiler.h:226 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline]
 #0: ffff8880aa034138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 kernel/workqueue.c:2239
 #1: ffffc90001b57dc0 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 kernel/workqueue.c:2243
1 lock held by systemd-udevd/10128:
 #0: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
1 lock held by systemd-udevd/10313:
 #0: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
1 lock held by systemd-udevd/10423:
 #0: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x4bf/0xc60 net/core/dev_ioctl.c:430
2 locks held by kworker/1:6/11629:
1 lock held by syz-executor.0/3758:
 #0: ffffffff89a061e8 (event_mutex){+.+.}-{3:3}, at: perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:241
4 locks held by syz-executor.5/3765:
 #0: ffff88808f7321c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 drivers/tty/tty_mutex.c:19
 #1: ffff88808f732098 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:315 [inline]
 #1: ffff88808f732098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x61/0xb0 drivers/tty/tty_ldisc.c:339
 #2: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: ser_release+0xf9/0x270 drivers/net/caif/caif_serial.c:311
 #3: ffffffff899c2d60 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:290 [inline]
 #3: ffffffff899c2d60 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x501/0x620 kernel/rcu/tree_exp.h:856
3 locks held by syz-executor.4/3780:
 #0: ffff8880944ed4c8 (&sig->exec_update_mutex){+.+.}-{3:3}, at: __do_sys_perf_event_open+0xd89/0x2890 kernel/events/core.c:11575
 #1: ffffffff8c672640 (&pmus_srcu){....}-{0:0}, at: perf_event_alloc.part.0+0xc72/0x38e0 kernel/events/core.c:11098
 #2: ffffffff89a061e8 (event_mutex){+.+.}-{3:3}, at: perf_trace_init+0x49/0x240 kernel/trace/trace_event_perf.c:223
3 locks held by kworker/0:1/3924:
 #0: ffff8880a8f63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: __write_once_size include/linux/compiler.h:226 [inline]
 #0: ffff8880a8f63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff8880a8f63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff8880a8f63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff8880a8f63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff8880a8f63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline]
 #0: ffff8880a8f63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 kernel/workqueue.c:2239
 #1: ffffc900032afdc0 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 kernel/workqueue.c:2243
 #2: ffffffff8a5823e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4584

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1139 Comm: khungtaskd Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0xa8c/0x1010 kernel/hung_task.c:289
 kthread+0x388/0x470 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 11629 Comm: kworker/1:6 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events p9_read_work
RIP: 0010:__lock_acquire+0x2511/0x4c50 kernel/locking/lockdep.c:4351
Code: 00 00 00 e9 18 e6 ff ff 48 8d 7d d8 e8 18 2d ff ff 48 ba 00 00 00 00 00 fc ff df 48 8d 78 40 48 89 f9 48 c1 e9 03 80 3c 11 00 <0f> 85 2e 1d 00 00 48 83 78 40 00 0f 85 4b e7 ff ff 0f 0b e9 44 e7
RSP: 0018:ffffc900174b7738 EFLAGS: 00000046
RAX: ffffffff8c36df48 RBX: 0000000054d695bc RCX: 1ffffffff186dbf1
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffffff8c36df88
RBP: ffff8880a1006998 R08: 0000000000000001 R09: fffffbfff185cd6b
R10: ffffffff8c2e6b57 R11: fffffbfff185cd6a R12: ffff8880a1006080
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff8a897750
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557d7cfd0188 CR3: 00000000a3273000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 lock_acquire+0x1f2/0x8f0 kernel/locking/lockdep.c:4934
 __mutex_lock_common kernel/locking/mutex.c:956 [inline]
 __mutex_lock+0x156/0x13c0 kernel/locking/mutex.c:1103
 snd_pcm_oss_read1 sound/core/oss/pcm_oss.c:1490 [inline]
 snd_pcm_oss_read+0x32e/0x6f0 sound/core/oss/pcm_oss.c:2742
 __vfs_read+0x76/0x100 fs/read_write.c:426
 vfs_read+0x1f0/0x420 fs/read_write.c:462
 kernel_read+0xaf/0x120 fs/read_write.c:441
 p9_fd_read net/9p/trans_fd.c:263 [inline]
 p9_read_work+0x2aa/0xfa0 net/9p/trans_fd.c:298
 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 kthread+0x388/0x470 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352