------------[ cut here ]------------
WARNING: CPU: 0 PID: 23177 at kernel/rcu/tree_stall.h:1050 rcu_check_gp_start_stall+0x2e4/0x470 kernel/rcu/tree_stall.h:1050
Modules linked in:
CPU: 0 UID: 0 PID: 23177 Comm: syz.5.5296 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:rcu_check_gp_start_stall+0x2e4/0x470 kernel/rcu/tree_stall.h:1050
Code: ff ff 48 c7 c7 60 04 9f 99 be 04 00 00 00 e8 03 c5 7e 00 4c 89 f7 b8 01 00 00 00 87 05 95 ff f8 17 85 c0 0f 85 17 ff ff ff 90 <0f> 0b 90 48 81 ff 80 05 14 8e 74 47 48 c7 c0 30 e4 9d 8f 48 c1 e8
RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000a02 RCX: ffffffff81a604bd
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8e140580
RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff333e08c R12: 0000000000002904
R13: 1ffff110170c7602 R14: ffffffff8e140580 R15: dffffc0000000000
FS:  00007f73674976c0(0000) GS:ffff888125d27000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6cc95b12f8 CR3: 0000000053688000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000200000000300
DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 rcu_core+0x5fa/0x1770 kernel/rcu/tree.c:2856
 handle_softirqs+0x283/0x870 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch+0x26b/0x950 kernel/sched/core.c:5193
Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 6f 8a b9 09 e8 6a af 36 00 fb 4c 8b 65 c0 <49> 8d bc 24 58 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc900033a7458 EFLAGS: 00000282
RAX: a1735f82b1895300 RBX: 0000000000000000 RCX: a1735f82b1895300
RDX: 0000000000000000 RSI: ffffffff8d7e3703 RDI: ffffffff8bc060e0
RBP: ffffc900033a74b0 R08: ffffffff8f9db437 R09: 1ffffffff1f3b686
R10: dffffc0000000000 R11: fffffbfff1f3b687 R12: ffff88802fd79e40
R13: dffffc0000000000 R14: ffff88807612dac0 R15: ffff8880b863abd8
 context_switch kernel/sched/core.c:5328 [inline]
 __schedule+0x17a0/0x4cc0 kernel/sched/core.c:6929
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7113
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7137
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0xfd/0x110 kernel/locking/spinlock.c:194
 __debug_check_no_obj_freed lib/debugobjects.c:1108 [inline]
 debug_check_no_obj_freed+0x451/0x470 lib/debugobjects.c:1129
 slab_free_hook mm/slub.c:2445 [inline]
 slab_free mm/slub.c:6566 [inline]
 kfree+0x115/0x6d0 mm/slub.c:6773
 call_usermodehelper_freeinfo kernel/umh.c:42 [inline]
 call_usermodehelper_exec+0x14f/0x4b0 kernel/umh.c:462
 call_modprobe kernel/module/kmod.c:102 [inline]
 __request_module+0x3c0/0x5e0 kernel/module/kmod.c:172
 dev_load+0x190/0x1f0 net/core/dev_ioctl.c:696
 dev_ioctl+0x429/0x1150 net/core/dev_ioctl.c:744
 sock_do_ioctl+0x22c/0x300 net/socket.c:1268
 sock_ioctl+0x576/0x790 net/socket.c:1375
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f736658eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7367497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f73667e5fa0 RCX: 00007f736658eec9
RDX: 0000200000000000 RSI: 0000000000008927 RDI: 0000000000000009
RBP: 00007f7366611f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f73667e6038 R14: 00007f73667e5fa0 R15: 00007ffe97d324d8
 </TASK>
----------------
Code disassembly (best guess):
   0:	0f 84 3c 01 00 00    	je     0x142
   6:	48 85 db             	test   %rbx,%rbx
   9:	0f 85 63 01 00 00    	jne    0x172
   f:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  14:	4c 8b 75 d0          	mov    -0x30(%rbp),%r14
  18:	4c 89 e7             	mov    %r12,%rdi
  1b:	e8 6f 8a b9 09       	call   0x9b98a8f
  20:	e8 6a af 36 00       	call   0x36af8f
  25:	fb                   	sti
  26:	4c 8b 65 c0          	mov    -0x40(%rbp),%r12
* 2a:	49 8d bc 24 58 16 00 	lea    0x1658(%r12),%rdi <-- trapping instruction
  31:	00
  32:	48 89 f8             	mov    %rdi,%rax
  35:	48 c1 e8 03          	shr    $0x3,%rax
  39:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax
  3e:	84 c0                	test   %al,%al