------------[ cut here ]------------
WARNING: CPU: 0 PID: 25038 at kernel/rcu/tree_stall.h:1015 rcu_check_gp_start_stall+0x2e4/0x470 kernel/rcu/tree_stall.h:1015
Modules linked in:
CPU: 0 UID: 0 PID: 25038 Comm: syz.5.8492 Not tainted 6.16.0-rc6-syzkaller-g42be23e8f2dc #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:rcu_check_gp_start_stall+0x2e4/0x470 kernel/rcu/tree_stall.h:1015
Code: ff ff 48 c7 c7 00 84 af 99 be 04 00 00 00 e8 c3 8e 7b 00 4c 89 f7 b8 01 00 00 00 87 05 e5 c3 07 18 85 c0 0f 85 17 ff ff ff 90 <0f> 0b 90 48 81 ff 80 44 14 8e 74 47 48 c7 c0 30 1a a2 8f 48 c1 e8
RSP: 0000:ffffc90000007bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000a02 RCX: ffffffff81a7c00d
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8e144480
RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff335f080 R12: 0000000000002904
R13: 1ffff110170c75fa R14: ffffffff8e144480 R15: dffffc0000000000
FS:  00007fe0d09456c0(0000) GS:ffff888125c1f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000000b CR3: 00000000320da000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 rcu_core+0x5f7/0x1710 kernel/rcu/tree.c:2827
 handle_softirqs+0x286/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0xa3/0xc0 arch/x86/kernel/irq_work.c:17
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 kernel/locking/spinlock.c:194
Code: 74 05 e8 cb 9e 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 cd 1f f6 65 8b 05 bc f9 2e 07 85 c0 74 40 48 c7 04 24 0e 36
RSP: 0000:ffffc9000407fc80 EFLAGS: 00000206
RAX: 0df087b7a8e14200 RBX: 0000000000000a06 RCX: 0df087b7a8e14200
RDX: 0000000000000000 RSI: ffffffff8d99882e RDI: 0000000000000001
RBP: ffffc9000407fd10 R08: ffffffff8fa1e8f7 R09: 1ffffffff1f43d1e
R10: dffffc0000000000 R11: fffffbfff1f43d1f R12: dffffc0000000000
R13: 1ffff9200080ffa8 R14: ffff88802c53b780 R15: 1ffff9200080ff90
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 unlock_task_sighand include/linux/sched/signal.h:752 [inline]
 do_send_sig_info kernel/signal.c:1270 [inline]
 send_sig_info kernel/signal.c:1621 [inline]
 send_sig_perf+0x160/0x1c0 kernel/signal.c:1800
 perf_sigtrap kernel/events/core.c:7221 [inline]
 perf_pending_task+0x203/0x3f0 kernel/events/core.c:7325
 task_work_run+0x1d1/0x260 kernel/task_work.c:227
 resume_user_mode_work+0x5e/0x80 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]
 irqentry_exit_to_user_mode+0x90/0x120 kernel/entry/common.c:184
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0033:0x7fe0cfbb70e0
Code: 83 c0 16 83 e0 f7 74 12 50 48 8d 3d aa 2e 08 00 e8 05 90 f8 ff 0f 1f 44 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <83> ff 21 74 0b c3 66 2e 0f 1f 84 00 00 00 00 00 55 53 48 89 f3 48
RSP: 002b:00007fe0d0943c78 EFLAGS: 00000283
RAX: 0000000000000000 RBX: 00007fe0d0944d30 RCX: 00007fe0cfd77120
RDX: 00007fe0d0943c80 RSI: 00007fe0d0943db0 RDI: 0000000000000021
RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000073
R13: 00007fe0d0944eb0 R14: 9999999999999999 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	74 05                	je     0x7
   2:	e8 cb 9e 56 f6       	call   0xf6569ed2
   7:	48 c7 44 24 20 00 00 	movq   $0x0,0x20(%rsp)
   e:	00 00
  10:	9c                   	pushf
  11:	8f 44 24 20          	pop    0x20(%rsp)
  15:	f6 44 24 21 02       	testb  $0x2,0x21(%rsp)
  1a:	75 4f                	jne    0x6b
  1c:	f7 c3 00 02 00 00    	test   $0x200,%ebx
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 13 cd 1f f6       	call   0xf61fcd42 <-- trapping instruction
  2f:	65 8b 05 bc f9 2e 07 	mov    %gs:0x72ef9bc(%rip),%eax        # 0x72ef9f2
  36:	85 c0                	test   %eax,%eax
  38:	74 40                	je     0x7a
  3a:	48                   	rex.W
  3b:	c7                   	.byte 0xc7
  3c:	04 24                	add    $0x24,%al
  3e:	0e                   	(bad)
  3f:	36                   	ss