================================================
WARNING: lock held when returning to user space!
syzkaller #0 Not tainted
------------------------------------------------
cmp/5590 is leaving the kernel with locks still held!
1 lock held by cmp/5590:
 #0: ffffffff8e95cd60 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x29/0x240
------------[ cut here ]------------
Voluntary context switch within RCU read-side critical section!
WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xcac/0xf40, CPU#0: cmp/5590
Modules linked in:
CPU: 0 UID: 0 PID: 5590 Comm: cmp Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:rcu_note_context_switch+0xcac/0xf40
Code: 00 41 c6 45 00 00 48 8b 3d f1 cb 84 0e 48 81 c4 b8 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 8b 60 ff ff 48 8d 3d 04 af 88 0e <67> 48 0f b9 3a e9 1b f4 ff ff 90 0f 0b 90 45 84 e4 0f 84 ea f3 ff
RSP: 0000:ffffc9000458fb90 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff88816ca10000 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff8c28aa40 RDI: ffffffff90342820
RBP: dffffc0000000000 R08: ffffffff903097f7 R09: 1ffffffff20612fe
R10: dffffc0000000000 R11: fffffbfff20612ff R12: 0000000000000000
R13: ffff88816ca10000 R14: ffff88812103be80 R15: ffff88816ca104c4
FS:  00007fa8f0e42380(0000) GS:ffff88818dc93000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa8f106d750 CR3: 0000000115204000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 __schedule+0x2e6/0x5680
 schedule+0x164/0x360
 irqentry_exit+0x263/0x730
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0033:0x7fa8f1159d4e
Code: 00 00 75 ce eb 27 41 8b 45 08 48 8b 95 78 ff ff ff 49 03 55 00 48 83 f8 26 75 19 48 8b 85 78 ff ff ff 49 03 45 10 49 83 c5 18 <48> 89 02 4c 39 eb 77 d4 eb 9e 48 83 f8 08 74 e1 48 8d 0d 6b a7 01
RSP: 002b:00007ffd727c1060 EFLAGS: 00010212
RAX: 00007fa8f10723a0 RBX: 00007fa8f0ef6260 RCX: 00007ffd727c10f0
RDX: 00007fa8f106d750 RSI: 00007fa8f0ef6a88 RDI: 00007fa8f0ef6f38
RBP: 00007ffd727c1160 R08: 00007fa8f0ef6a88 R09: 0000000000000001
R10: 0000000053053053 R11: 0000000000000246 R12: 00007fa8f1143500
R13: 00007fa8f0eef270 R14: 0000000000000000 R15: 00007fa8f117d2a0
 </TASK>
