------------[ cut here ]------------
WARNING: kernel/rcu/tree_stall.h:1050 at rcu_check_gp_start_stall+0x2e4/0x470 kernel/rcu/tree_stall.h:1050, CPU#1: vhost-26370/26371
Modules linked in:
CPU: 1 UID: 0 PID: 26371 Comm: vhost-26370 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:rcu_check_gp_start_stall+0x2e4/0x470 kernel/rcu/tree_stall.h:1050
Code: ff ff 48 c7 c7 a0 f5 85 99 be 04 00 00 00 e8 93 22 80 00 4c 89 f7 b8 01 00 00 00 87 05 05 9b dd 17 85 c0 0f 85 17 ff ff ff 90 <0f> 0b 90 48 81 ff 40 2a f4 8d 74 47 48 c7 c0 a0 23 7e 8f 48 c1 e8
RSP: 0018:ffffc90000a08bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000a02 RCX: ffffffff81a85a8d
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8df42a40
RBP: ffffc90000a08e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff330beb4 R12: 0000000000002904
R13: 1ffff110170e771a R14: ffffffff8df42a40 R15: dffffc0000000000
FS:  00007febd08bc6c0(0000) GS:ffff888125fb8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2eb0dff8 CR3: 0000000084130000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_core+0x5fa/0x1770 kernel/rcu/tree.c:2856
 handle_softirqs+0x27d/0x880 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__kasan_check_write+0x0/0x20 mm/kasan/shadow.c:36
Code: 48 8b 0c 24 31 d2 e9 ef e4 ff ff 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 89 f6 48 8b 0c 24 ba 01 00 00 00 e9 bc e4 ff ff 66 66
RSP: 0018:ffffc9000c3ef578 EFLAGS: 00000202
RAX: ffff88801fb69e80 RBX: ffff88807de2c010 RCX: ffffffff819e2218
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88807de2c018
RBP: ffffc9000c3ef640 R08: ffff88807de2c01f R09: 1ffff1100fbc5803
R10: dffffc0000000000 R11: ffffed100fbc5804 R12: 0000000000000001
R13: 1ffff1100fbc5803 R14: ffff88801fb69e80 R15: ffff88807de2c018
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 atomic_long_try_cmpxchg include/linux/atomic/atomic-instrumented.h:4434 [inline]
 rwsem_clear_reader_owned kernel/locking/rwsem.c:221 [inline]
 __up_read+0x1c7/0x690 kernel/locking/rwsem.c:1357
 mmap_read_unlock include/linux/mmap_lock.h:418 [inline]
 __get_user_pages_locked mm/gup.c:1779 [inline]
 __gup_longterm_locked+0x1359/0x1660 mm/gup.c:2476
 gup_fast_fallback+0x1d6b/0x22d0 mm/gup.c:3220
 set_bit_to_user drivers/vhost/vhost.c:2425 [inline]
 log_write+0xc3/0x390 drivers/vhost/vhost.c:2451
 vhost_update_used_flags+0x1c8/0x290 drivers/vhost/vhost.c:2582
 vhost_enable_notify+0xb9/0x650 drivers/vhost/vhost.c:3179
 vhost_vsock_handle_tx_kick+0x2cb/0xfe0 drivers/vhost/vsock.c:518
 vhost_run_work_list+0x14e/0x1e0 drivers/vhost/vhost.c:454
 vhost_task_fn+0x27c/0x430 kernel/vhost_task.c:49
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess):
   0:	48 8b 0c 24          	mov    (%rsp),%rcx
   4:	31 d2                	xor    %edx,%edx
   6:	e9 ef e4 ff ff       	jmp    0xffffe4fa
   b:	66 66 66 66 66 66 2e 	data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
  12:	0f 1f 84 00 00 00 00
  19:	00
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	90                   	nop
  25:	90                   	nop
  26:	90                   	nop
  27:	90                   	nop
  28:	90                   	nop
  29:	90                   	nop
* 2a:	f3 0f 1e fa          	endbr64 <-- trapping instruction
  2e:	89 f6                	mov    %esi,%esi
  30:	48 8b 0c 24          	mov    (%rsp),%rcx
  34:	ba 01 00 00 00       	mov    $0x1,%edx
  39:	e9 bc e4 ff ff       	jmp    0xffffe4fa
  3e:	66                   	data16
  3f:	66                   	data16