------------[ cut here ]------------
WARNING: CPU: 1 PID: 7524 at kernel/rcu/tree_stall.h:1001 rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:993
Modules linked in:
CPU: 1 PID: 7524 Comm: vhost-7523 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:1001
Code: ff ff ff 48 c7 c7 a0 04 ef 96 be 04 00 00 00 e8 ba ac 6c 00 48 89 df b8 01 00 00 00 87 05 ac cc 7e 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff 80 50 d3 8c 74 47 48 c7 c0 5c c6 4a 8e 48 c1 e8 03
RSP: 0018:ffffc900001f0bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffffffff8cd35080 RCX: ffffffff817037e6
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd35080
RBP: ffffc900001f0e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff2dde094 R12: 0000000000002904
R13: 1ffff110171e7a22 R14: 0000000000000a02 R15: dffffc0000000000
FS:  00007f9d3655a6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000002 CR3: 000000002c39c000 CR4: 00000000003506e0
Call Trace:
 <IRQ>
 rcu_core+0x612/0x1720 kernel/rcu/tree.c:2462
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:check_kcov_mode kernel/kcov.c:184 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:245 [inline]
RIP: 0010:__sanitizer_cov_trace_switch+0xb2/0x120 kernel/kcov.c:350
Code: 77 4e 8b 54 ce 10 65 44 8b 1d d2 1a 7e 7e 41 81 e3 00 01 ff 00 74 13 41 81 fb 00 01 00 00 75 d9 41 83 b8 1c 16 00 00 00 74 cf <45> 8b 98 f8 15 00 00 41 83 fb 03 75 c2 4d 8b 98 00 16 00 00 45 8b
RSP: 0018:ffffc9000f8877b8 EFLAGS: 00000246
RAX: 0000000000000002 RBX: ffffffff8a5bd7ee RCX: 0000000000000007
RDX: ffffffff8a5bd8f8 RSI: ffffffff8e328110 RDI: 0000000000000000
RBP: ffffc9000f8878f0 R08: ffff888057db8000 R09: 0000000000000001
R10: 0000000000000406 R11: 0000000000000000 R12: ffffc9000f887840
R13: 0000000000000000 R14: ffff8880796f4e0c R15: ffffffffffffffff
 mt_find+0x248/0x5b0 lib/maple_tree.c:6550
 find_vma+0x12e/0x1b0 mm/mmap.c:1888
 lock_mm_and_find_vma+0x5f/0x300 mm/memory.c:5421
 do_user_addr_fault+0x36c/0x12e0 arch/x86/mm/fault.c:1345
 handle_page_fault arch/x86/mm/fault.c:1465 [inline]
 exc_page_fault+0x67/0x110 arch/x86/mm/fault.c:1521
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0010:__get_user_nocheck_2+0xa/0x20 arch/x86/lib/getuser.S:117
Code: f3 0f 1e fa 0f 01 cb 0f ae e8 0f b6 10 31 c0 0f 01 ca c3 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 01 cb 0f ae e8 <0f> b7 10 31 c0 0f 01 ca c3 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000f887b60 EFLAGS: 00050202
RAX: 0000000000000002 RBX: ffff888057570290 RCX: 0000000000100000
RDX: ffffc900181bc000 RSI: 000000000000012e RDI: 000000000000012f
RBP: 0000000000000000 R08: ffffffff90da760f R09: 1ffffffff21b4ec1
R10: dffffc0000000000 R11: fffffbfff21b4ec2 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff8880575701e0 R15: ffffc9000f887b68
 vhost_get_avail_idx drivers/vhost/vhost.c:1364 [inline]
 vhost_enable_notify+0x39a/0x810 drivers/vhost/vhost.c:2916
 vhost_transport_do_send_pkt+0xe73/0x1230 drivers/vhost/vsock.c:122
 vhost_run_work_list+0x13d/0x1b0 drivers/vhost/vhost.c:419
 vhost_task_fn+0x25a/0x3c0 kernel/vhost_task.c:49
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
----------------
Code disassembly (best guess):
   0:	77 4e                	ja     0x50
   2:	8b 54 ce 10          	mov    0x10(%rsi,%rcx,8),%edx
   6:	65 44 8b 1d d2 1a 7e 	mov    %gs:0x7e7e1ad2(%rip),%r11d        # 0x7e7e1ae0
   d:	7e
   e:	41 81 e3 00 01 ff 00 	and    $0xff0100,%r11d
  15:	74 13                	je     0x2a
  17:	41 81 fb 00 01 00 00 	cmp    $0x100,%r11d
  1e:	75 d9                	jne    0xfffffff9
  20:	41 83 b8 1c 16 00 00 	cmpl   $0x0,0x161c(%r8)
  27:	00
  28:	74 cf                	je     0xfffffff9
* 2a:	45 8b 98 f8 15 00 00 	mov    0x15f8(%r8),%r11d <-- trapping instruction
  31:	41 83 fb 03          	cmp    $0x3,%r11d
  35:	75 c2                	jne    0xfffffff9
  37:	4d 8b 98 00 16 00 00 	mov    0x1600(%r8),%r11
  3e:	45                   	rex.RB
  3f:	8b                   	.byte 0x8b