BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 197s!
Showing busy workqueues and worker pools:
workqueue events: flags=0x100
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=17 refcnt=18
    pending: 4*nsim_dev_hwstats_traffic_work, psi_avgs_work, vmstat_shepherd, 5*ovs_dp_masks_rebalance, psi_avgs_work, bpf_prog_free_deferred, delayed_vfree_work, debugfs_reap_work, 2*rht_deferred_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=15 refcnt=16
    pending: switchdev_deferred_process_work, rht_deferred_worker, free_obj_work, 6*nsim_dev_hwstats_traffic_work, psi_avgs_work, 3*ovs_dp_masks_rebalance, delayed_vfree_work, rht_deferred_worker
workqueue events_long: flags=0x100
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=8 refcnt=9
    pending: 4*defense_work_handler, br_fdb_cleanup, 2*br_multicast_gc_work, br_fdb_cleanup
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=5 refcnt=6
    pending: br_multicast_gc_work, 4*defense_work_handler
workqueue events_unbound: flags=0x2
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=9 refcnt=10
    in-flight: 7756:cfg80211_wiphy_work cfg80211_wiphy_work ,7735:cfg80211_wiphy_work cfg80211_wiphy_work ,7748:cfg80211_wiphy_work cfg80211_wiphy_work
    pending: macvlan_process_broadcast, cfg80211_wiphy_work, macvlan_process_broadcast
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=20 refcnt=21
    in-flight: 7738:nsim_dev_trap_report_work ,7743:linkwatch_event ,7749:cfg80211_wiphy_work cfg80211_wiphy_work ,7726:fsnotify_mark_destroy_workfn fsnotify_mark_destroy_workfn ,1006:fsnotify_connector_destroy_workfn fsnotify_connector_destroy_workfn ,7755:nsim_dev_trap_report_work
    pending: 2*nsim_dev_trap_report_work, toggle_allocation_gate, 6*nsim_dev_trap_report_work, flush_memcg_stats_dwork, cfg80211_wiphy_work
workqueue events_freezable: flags=0x104
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: update_balloon_stats_func
workqueue events_power_efficient: flags=0x180
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=8 refcnt=9
    pending: wg_ratelimiter_gc_entries, hash_netnet4_gc, do_cache_clean, neigh_managed_work, neigh_periodic_work, 3*check_lifetime
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=9 refcnt=10
    in-flight: 5939:gc_worker
    pending: check_lifetime, 2*hash_ipport4_gc, neigh_managed_work, hash_ipmark4_gc, 3*check_lifetime
workqueue rcu_gp: flags=0x108
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: 3*srcu_invoke_callbacks
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: process_srcu
workqueue netns: flags=0x6000a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=4
    in-flight: 36:cleanup_net
workqueue mm_percpu_wq: flags=0x108
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: vmstat_update
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: vmstat_update
workqueue writeback: flags=0x4a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=2 refcnt=3
    pending: wb_update_bandwidth_workfn, wb_workfn
workqueue mld: flags=0x40108
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: mld_ifc_work
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=4
    pending: mld_dad_work
    inactive: 2*mld_dad_work
workqueue ipv6_addrconf: flags=0x6000a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=18
    in-flight: 3575:addrconf_dad_work
    inactive: addrconf_dad_work, 3*addrconf_verify_work, 3*addrconf_dad_work, 4*addrconf_verify_work, 3*addrconf_dad_work
workqueue krxrpcd: flags=0x2001a
  pwq 9: cpus=0-1 node=0 flags=0x4 nice=-20 active=1 refcnt=11
    pending: rxrpc_peer_keepalive_worker
    inactive: 7*rxrpc_peer_keepalive_worker
workqueue bat_events: flags=0x6000a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=60
    in-flight: 2933:batadv_tt_purge
    inactive: batadv_dat_purge, batadv_bla_periodic_work, 3*batadv_tt_purge, batadv_dat_purge, batadv_bla_periodic_work, 3*batadv_iv_send_outstanding_bat_ogm_packet, batadv_dat_purge, 2*batadv_bla_periodic_work, batadv_dat_purge, batadv_bla_periodic_work, batadv_dat_purge, 6*batadv_mcast_mla_update, batadv_purge_orig, 6*batadv_iv_send_outstanding_bat_ogm_packet, 3*batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, 2*batadv_iv_send_outstanding_bat_ogm_packet, 2*batadv_purge_orig, 10*batadv_iv_send_outstanding_bat_ogm_packet, batadv_tt_purge, batadv_bla_periodic_work, batadv_dat_purge, batadv_mcast_mla_update, 2*batadv_tt_purge, batadv_dat_purge, batadv_bla_periodic_work
workqueue wg-kex-wg0: flags=0x6
workqueue wg-crypt-wg0: flags=0x128
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
workqueue wg-crypt-wg0: flags=0x128
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-crypt-wg1: flags=0x128
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-crypt-wg2: flags=0x128
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 12944 Comm: syz.3.1640 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x10/0x70 kernel/kcov.c:217
Code: de 5b e9 d3 a3 5e 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0d 48 32 56 11 <65> 8b 15 69 32 56 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75
RSP: 0018:ffffc900000068e0 EFLAGS: 00000046
RAX: ffffffff81f8d52a RBX: ffff888046b94b60 RCX: ffff888028e90000
RDX: 0000000000010100 RSI: 000000000000db79 RDI: 000000000000db79
RBP: 1ffff11008d729b0 R08: ffff888046b95017 R09: 1ffff11008d72a02
R10: dffffc0000000000 R11: ffffed1008d72a03 R12: ffff888046b94d80
R13: 000000000000db79 R14: 0000000000000001 R15: 000000000000db79
FS:  00007f81e27ee6c0(0000) GS:ffff888125463000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555c8474e8 CR3: 0000000061164000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 __perf_event_account_interrupt+0x6a/0x250 kernel/events/core.c:10545
 __perf_event_overflow+0x105/0xec0 kernel/events/core.c:10698
 perf_event_overflow kernel/events/core.c:10787 [inline]
 perf_swevent_hrtimer+0x481/0x650 kernel/events/core.c:12198
 __run_hrtimer kernel/time/hrtimer.c:1785 [inline]
 __hrtimer_run_queues+0x4e7/0xcc0 kernel/time/hrtimer.c:1849
 hrtimer_interrupt+0x42b/0x1010 kernel/time/hrtimer.c:1911
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x102/0x460 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1056
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x90 kernel/kcov.c:293
Code: 11 10 48 89 74 11 18 48 89 44 11 20 c3 cc cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d e8 2f 56 11 65 8b 15 09 30 56
RSP: 0018:ffffc90000007038 EFLAGS: 00000246
RAX: ffffc900000070c0 RBX: 000000000000000a RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000001f
RBP: ffffc90000007160 R08: ffffc900000070d7 R09: 0000000000000000
R10: ffffc900000070c0 R11: fffff52000000e1b R12: 000000000000001f
R13: 000000000000001f R14: ffffc90000007341 R15: 00ffffffffffff0a
 number+0x28e/0xf80 lib/vsprintf.c:507
 vsnprintf+0x8e5/0xee0 lib/vsprintf.c:2912
 snprintf+0xe8/0x140 lib/vsprintf.c:3042
 print_caller kernel/printk/printk.c:1368 [inline]
 info_print_prefix+0x1fd/0x360 kernel/printk/printk.c:1387
 record_print_text+0x176/0x450 kernel/printk/printk.c:1434
 printk_get_next_message+0x29c/0x880 kernel/printk/printk.c:3072
 console_emit_next_record kernel/printk/printk.c:3137 [inline]
 console_flush_one_record kernel/printk/printk.c:3269 [inline]
 console_flush_all+0x501/0xb20 kernel/printk/printk.c:3343
 __console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
 console_unlock+0xd1/0x1c0 kernel/printk/printk.c:3413
 vprintk_emit+0x485/0x560 kernel/printk/printk.c:2479
 _printk+0xdd/0x130 kernel/printk/printk.c:2504
 show_one_workqueue+0x102/0x280 kernel/workqueue.c:6423
 show_all_workqueues+0x148/0x6d0 kernel/workqueue.c:6513
 wq_watchdog_timer_fn+0x4ff/0x7b0 kernel/workqueue.c:7719
 call_timer_fn+0x192/0x640 kernel/time/timer.c:1748
 expire_timers kernel/time/timer.c:1799 [inline]
 __run_timers kernel/time/timer.c:2373 [inline]
 __run_timer_base+0x652/0x8b0 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2394 [inline]
 run_timer_softirq+0x103/0x170 kernel/time/timer.c:2405
 handle_softirqs+0x22a/0x870 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:preempt_schedule_irq+0x48/0xa0 kernel/sched/core.c:7235
Code: 49 be 00 00 00 00 00 fc ff df eb 09 48 f7 03 10 00 00 00 74 53 bf 01 00 00 00 e8 63 c5 e4 f5 e8 1e 60 1e f6 fb bf 01 00 00 00 <e8> c3 a6 ff ff 9c 58 fa a9 00 02 00 00 74 05 e8 f4 61 1e f6 bf 01
RSP: 0018:ffffc9000cd1f160 EFLAGS: 00000202
RAX: 00000000012e2249 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000007 RSI: ffffffff8def4cb8 RDI: 0000000000000001
RBP: 0000000000000000 R08: ffffffff90118db7 R09: 1ffffffff20231b6
R10: dffffc0000000000 R11: fffffbfff20231b7 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
 irqentry_exit+0x599/0x620 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__page_table_check_zero+0x1db/0x3e0 mm/page_table_check.c:142
Code: 50 0c 4c 01 fb 48 89 df be 04 00 00 00 e8 2d cd f3 ff 48 89 d8 48 c1 e8 03 49 89 ee 0f b6 04 28 84 c0 0f 85 e3 00 00 00 8b 2b <31> ff 89 ee e8 ac 79 89 ff 85 ed 0f 85 db 01 00 00 48 83 c3 04 48
RSP: 0018:ffffc9000cd1f288 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff88801d4fafe8 RCX: ffffffff823c2823
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801d4fafe8
RBP: 0000000000000000 R08: ffff88801d4fafeb R09: 1ffff11003a9f5fd
R10: dffffc0000000000 R11: ffffed1003a9f5fe R12: 0000000000000002
R13: 000000000005b231 R14: dffffc0000000000 R15: ffff88801d4fafa0
 page_table_check_free include/linux/page_table_check.h:46 [inline]
 __free_pages_prepare mm/page_alloc.c:1434 [inline]
 __free_frozen_pages+0xc3b/0xdb0 mm/page_alloc.c:2978
 __slab_free+0x263/0x2b0 mm/slub.c:5576
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x97/0x100 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4542 [inline]
 slab_alloc_node mm/slub.c:4869 [inline]
 __do_kmalloc_node mm/slub.c:5262 [inline]
 __kvmalloc_node_noprof+0x4d7/0x8a0 mm/slub.c:6755
 kvmalloc_array_node_noprof include/linux/slab.h:1216 [inline]
 compute_scc+0x102/0xab0 kernel/bpf/verifier.c:25829
 bpf_check+0x5ecd/0x1ce00 kernel/bpf/verifier.c:26115
 bpf_prog_load+0x1484/0x1ae0 kernel/bpf/syscall.c:3089
 __sys_bpf+0x618/0x950 kernel/bpf/syscall.c:6228
 __do_sys_bpf kernel/bpf/syscall.c:6341 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6339 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6339
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f81e459c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f81e27ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f81e4815fa0 RCX: 00007f81e459c799
RDX: 0000000000000094 RSI: 0000200000000f80 RDI: 0000000000000005
RBP: 00007f81e4632bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f81e4816038 R14: 00007f81e4815fa0 R15: 00007fff1b775728
 </TASK>
----------------
Code disassembly (best guess):
   0:	de 5b e9             	ficomps -0x17(%rbx)
   3:	d3 a3 5e 00 cc cc    	shll   %cl,-0x3333ffa2(%rbx)
   9:	cc                   	int3
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	f3 0f 1e fa          	endbr64
  1e:	48 8b 04 24          	mov    (%rsp),%rax
  22:	65 48 8b 0d 48 32 56 	mov    %gs:0x11563248(%rip),%rcx        # 0x11563272
  29:	11
* 2a:	65 8b 15 69 32 56 11 	mov    %gs:0x11563269(%rip),%edx        # 0x1156329a <-- trapping instruction
  31:	81 e2 00 01 ff 00    	and    $0xff0100,%edx
  37:	74 11                	je     0x4a
  39:	81 fa 00 01 00 00    	cmp    $0x100,%edx
  3f:	75                   	.byte 0x75