------------[ cut here ]------------
task_rq(p) != rq
WARNING: kernel/sched/fair.c:7656 at hrtick_start_fair+0x196/0x1f0 kernel/sched/fair.c:7656, CPU#1: dhcpcd/6243
Modules linked in:
CPU: 1 UID: 0 PID: 6243 Comm: dhcpcd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:hrtick_start_fair+0x196/0x1f0 kernel/sched/fair.c:7656
Code: 42 80 3c 20 00 74 08 4c 89 ff e8 85 e3 97 00 4d 39 37 0f 85 0c ff ff ff 48 89 df 5b 41 5c 41 5d 41 5e 41 5f e9 4b 65 fa ff 90 <0f> 0b 90 e9 d1 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 82
RSP: 0018:ffffc90003f6ed40 EFLAGS: 00010006
RAX: ffff8880b863ba40 RBX: ffff8880b873ba40 RCX: ffffffff8197c7de
RDX: 0000000000000000 RSI: ffff8880344c1f00 RDI: ffff8880b873ba40
RBP: dffffc0000000000 R08: ffffffff8fcf0b0f R09: 1ffffffff1f9e161
R10: dffffc0000000000 R11: fffffbfff1f9e162 R12: dffffc0000000000
R13: 1ffff110170e78d6 R14: ffff8880344c1f00 R15: ffffffff8dc217d0
FS:  00007f7a29030780(0000) GS:ffff888125b76000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7a28fa8e9c CR3: 0000000037bf2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 set_next_task_fair+0xa68/0xce0 kernel/sched/fair.c:15058
 put_prev_set_next_task kernel/sched/sched.h:2770 [inline]
 pick_next_task kernel/sched/core.c:6443 [inline]
 __schedule+0x3e03/0x5550 kernel/sched/core.c:7144
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7553
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
 irqentry_exit+0x14f/0x8c0 kernel/entry/common.c:167
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:674
RIP: 0010:__orc_find arch/x86/kernel/unwind_orc.c:100 [inline]
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:238 [inline]
RIP: 0010:unwind_next_frame+0x534/0x2550 arch/x86/kernel/unwind_orc.c:510
Code: 0f b6 04 08 84 c0 75 27 49 63 07 4c 01 f8 49 8d 4f 04 4c 39 e0 48 0f 46 e9 49 8d 47 fc 48 0f 47 d8 4d 0f 46 ef 48 39 dd 76 a2 <e9> 7b fd ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 7c cc 4c 89 ff 48
RSP: 0018:ffffc90003f6f0f8 EFLAGS: 00000202
RAX: ffffffff8fef6e20 RBX: ffffffff8fef6e24 RCX: ffffffff8fef6e28
RDX: ffffffff8fef6e24 RSI: ffffffff906b1454 RDI: ffffffff8bcc4520
RBP: ffffffff8fef6e28 R08: 0000000000000007 R09: ffffffff8e3cb2a0
R10: ffffc90003f6f218 R11: ffffffff81b09bb0 R12: ffffffff8221311c
R13: ffffffff8fef6e24 R14: ffffc90003f6f1c8 R15: ffffffff8fef6e24
 arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2700 [inline]
 slab_free mm/slub.c:6308 [inline]
 kmem_cache_free+0x187/0x6c0 mm/slub.c:6435
 anon_vma_chain_free mm/rmap.c:147 [inline]
 unlink_anon_vmas+0x69d/0x730 mm/rmap.c:539
 free_pgtables+0x836/0xb70 mm/memory.c:414
 unmap_region+0x29d/0x330 mm/vma.c:490
 vms_clear_ptes mm/vma.c:1303 [inline]
 vms_complete_munmap_vmas+0x493/0xc60 mm/vma.c:1345
 do_vmi_align_munmap+0x3bd/0x4d0 mm/vma.c:1604
 do_vmi_munmap+0x252/0x2d0 mm/vma.c:1652
 __vm_munmap+0x22c/0x3d0 mm/vma.c:3288
 __do_sys_munmap mm/mmap.c:1079 [inline]
 __se_sys_munmap mm/mmap.c:1076 [inline]
 __x64_sys_munmap+0x60/0x70 mm/mmap.c:1076
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7a2923f2e7
Code: 00 00 00 b8 0a 00 00 00 0f 05 48 3d 01 f0 ff ff 73 01 c3 48 8d 0d c9 3f 01 00 f7 d8 89 01 48 83 c8 ff c3 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d a9 3f 01 00 f7 d8 89 01 48 83
RSP: 002b:00007ffef90f5b48 EFLAGS: 00000202 ORIG_RAX: 000000000000000b
RAX: ffffffffffffffda RBX: 0000557b95371960 RCX: 00007f7a2923f2e7
RDX: 0000000000000001 RSI: 0000000000029910 RDI: 00007f7a29001000
RBP: 00007ffef90f5c50 R08: 00000000000004f0 R09: 0000000000000002
R10: 00007ffef90f5a80 R11: 0000000000000202 R12: 00007ffef90f5b88
R13: 00007f7a29252000 R14: 0000557b95371960 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
   4:	84 c0                	test   %al,%al
   6:	75 27                	jne    0x2f
   8:	49 63 07             	movslq (%r15),%rax
   b:	4c 01 f8             	add    %r15,%rax
   e:	49 8d 4f 04          	lea    0x4(%r15),%rcx
  12:	4c 39 e0             	cmp    %r12,%rax
  15:	48 0f 46 e9          	cmovbe %rcx,%rbp
  19:	49 8d 47 fc          	lea    -0x4(%r15),%rax
  1d:	48 0f 47 d8          	cmova  %rax,%rbx
  21:	4d 0f 46 ef          	cmovbe %r15,%r13
  25:	48 39 dd             	cmp    %rbx,%rbp
  28:	76 a2                	jbe    0xffffffcc
* 2a:	e9 7b fd ff ff       	jmp    0xfffffdaa <-- trapping instruction
  2f:	44 89 f9             	mov    %r15d,%ecx
  32:	80 e1 07             	and    $0x7,%cl
  35:	80 c1 03             	add    $0x3,%cl
  38:	38 c1                	cmp    %al,%cl
  3a:	7c cc                	jl     0x8
  3c:	4c 89 ff             	mov    %r15,%rdi
  3f:	48                   	rex.W