------------[ cut here ]------------
WARNING: CPU: 1 PID: 17254 at lib/radix-tree.c:572 delete_node+0x1ef/0xa50 lib/radix-tree.c:572
Modules linked in:
CPU: 1 UID: 0 PID: 17254 Comm: rm Not tainted 6.16.0-rc4-syzkaller-gc435a4f487e8 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:delete_node+0x1ef/0xa50 lib/radix-tree.c:572
Code: f8 48 c1 e8 03 0f b6 04 18 84 c0 75 22 41 80 3f 00 0f 85 c7 00 00 00 e8 4f 0c 5d f6 4d 89 f7 e9 91 fe ff ff e8 42 0c 5d f6 90 <0f> 0b 90 eb b3 44 89 f9 80 e1 07 38 c1 7c d4 4c 89 ff e8 aa 63 be
RSP: 0000:ffffc90000a08ae0 EFLAGS: 00010246
RAX: ffffffff8b63514e RBX: dffffc0000000000 RCX: ffff88802cf89e00
RDX: 0000000000000100 RSI: 0000000000000004 RDI: 0000000000000000
RBP: 1ffff110053b3634 R08: ffffffff8fa0bdf7 R09: 1ffffffff1f417be
R10: dffffc0000000000 R11: fffffbfff1f417bf R12: ffff888029d9b1a8
R13: 0000000004000004 R14: 0000000000000000 R15: ffff88802774f718
FS:  00007fb556b01c80(0000) GS:ffff888125d50000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb556ca1850 CR3: 000000007a468000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 radix_tree_delete_item+0x2b6/0x400 lib/radix-tree.c:1430
 afs_cell_destroy+0x16f/0x2c0 fs/afs/cell.c:522
 rcu_do_batch kernel/rcu/tree.c:2576 [inline]
 rcu_core+0xca5/0x1710 kernel/rcu/tree.c:2832
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:page_table_check_set+0x2f6/0x730 mm/page_table_check.c:120
Code: be 04 00 00 00 e8 9a db f4 ff 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 55 01 00 00 44 8b 3b <31> ff 44 89 fe e8 30 85 93 ff 45 85 ff 0f 85 5e 02 00 00 48 8d 7b
RSP: 0000:ffffc900041a7938 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff88801add58c8 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801add58c8
RBP: ffff88801add5880 R08: ffff88801add58cb R09: 1ffff110035bab19
R10: dffffc0000000000 R11: ffffed10035bab1a R12: 0000000000000001
R13: 0000000000000000 R14: 000000000000dde8 R15: 0000000000000000
 page_table_check_ptes_set include/linux/page_table_check.h:76 [inline]
 set_ptes include/linux/pgtable.h:292 [inline]
 set_pte_range+0x6a5/0x700 mm/memory.c:5330
 filemap_map_order0_folio mm/filemap.c:3692 [inline]
 filemap_map_pages+0xf29/0x1740 mm/filemap.c:3746
 do_fault_around mm/memory.c:5548 [inline]
 do_read_fault mm/memory.c:5581 [inline]
 do_fault mm/memory.c:5724 [inline]
 do_pte_missing mm/memory.c:4251 [inline]
 handle_pte_fault mm/memory.c:6069 [inline]
 __handle_mm_fault+0x3687/0x5620 mm/memory.c:6212
 handle_mm_fault+0x2d5/0x7f0 mm/memory.c:6381
 do_user_addr_fault+0xa81/0x1390 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fb556ca1850
Code: 18 c3 0f 1f 84 00 00 00 00 00 48 83 ec 10 45 31 c9 45 31 c0 31 c9 6a 01 e8 5d ff ff ff 48 83 c4 18 c3 0f 1f 84 00 00 00 00 00 <48> 83 ec 10 45 31 c9 6a 00 e8 42 ff ff ff 48 83 c4 18 c3 66 66 2e
RSP: 002b:00007fff07f224a8 EFLAGS: 00010246
RAX: 0000000000000003 RBX: 00007fff07f22500 RCX: 00007fb556e40140
RDX: 00007fff07f224b0 RSI: 00007fff07f22c88 RDI: 0000000000000003
RBP: 00007fff07f22a60 R08: 0000000000000000 R09: 00007fff07f224b4
R10: 0000000000000066 R11: 00007fff07f22534 R12: 0000000000000000
R13: 00007fb556e660e8 R14: 00007fff07f22a70 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	be 04 00 00 00       	mov    $0x4,%esi
   5:	e8 9a db f4 ff       	call   0xfff4dba4
   a:	48 89 d8             	mov    %rbx,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  18:	fc ff df
  1b:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
  1f:	84 c0                	test   %al,%al
  21:	0f 85 55 01 00 00    	jne    0x17c
  27:	44 8b 3b             	mov    (%rbx),%r15d
* 2a:	31 ff                	xor    %edi,%edi <-- trapping instruction
  2c:	44 89 fe             	mov    %r15d,%esi
  2f:	e8 30 85 93 ff       	call   0xff938564
  34:	45 85 ff             	test   %r15d,%r15d
  37:	0f 85 5e 02 00 00    	jne    0x29b
  3d:	48                   	rex.W
  3e:	8d                   	.byte 0x8d
  3f:	7b                   	.byte 0x7b