------------[ cut here ]------------ WARNING: kernel/sched/sched.h:1549 at lockdep_assert_rq_held kernel/sched/sched.h:1549 [inline], CPU#0: syz.2.22/6048 WARNING: kernel/sched/sched.h:1549 at lockdep_assert_rq_held kernel/sched/sched.h:1547 [inline], CPU#0: syz.2.22/6048 WARNING: kernel/sched/sched.h:1549 at update_rq_clock+0x34a/0xc70 kernel/sched/core.c:837, CPU#0: syz.2.22/6048 Modules linked in: CPU: 0 UID: 0 PID: 6048 Comm: syz.2.22 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:lockdep_assert_rq_held kernel/sched/sched.h:1549 [inline] RIP: 0010:lockdep_assert_rq_held kernel/sched/sched.h:1547 [inline] RIP: 0010:update_rq_clock+0x34a/0xc70 kernel/sched/core.c:837 Code: ab 48 0b 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f e9 98 6b dc 09 a8 04 0f 84 9c fd ff ff 90 0f 0b 90 e9 93 fd ff ff 90 <0f> 0b 90 e9 4f fd ff ff 48 8d bb 18 0e 00 00 48 b8 00 00 00 00 00 RSP: 0018:ffffc900045ce0e8 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff8880b853acc0 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff8da94318 RDI: ffffffff8bf21680 RBP: 0000000000000001 R08: ffff8880b843b7c8 R09: fffffbfff210eafa R10: ffffffff908757d7 R11: 0000000000000001 R12: ffffffff90878854 R13: ffffffff8dd53260 R14: ffff88801daa3d00 R15: ffff8880b853acc0 FS: 00007f85bb0b36c0(0000) GS:ffff888124965000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3151eff8 CR3: 0000000077e08000 CR4: 00000000003526f0 Call Trace: pick_next_task kernel/sched/core.c:6088 [inline] __schedule+0x212d/0x6150 kernel/sched/core.c:6805 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7190 irqentry_exit+0x1d8/0x8c0 kernel/entry/common.c:216 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:220 [inline] RIP: 0010:unwind_next_frame+0x2bb/0x20a0 arch/x86/kernel/unwind_orc.c:494 Code: 20 44 8b 5c 24 18 89 cf 8b 14 95 30 b9 da 91 48 8d 04 7f 48 8d 84 00 fc 09 19 91 83 c2 01 48 3d 30 b9 da 91 0f 83 4d 08 00 00 <41> 89 d0 4f 8d 04 40 4f 8d 84 00 fc 09 19 91 49 81 f8 30 b9 da 91 RSP: 0018:ffffc900045ce3a0 EFLAGS: 00000287 RAX: ffffffff912dd12c RBX: 0000000000000001 RCX: 0000000000037688 RDX: 0000000000037689 RSI: 00000000000a67bf RDI: 0000000000037688 RBP: ffffc900045ce458 R08: 0000000000000000 R09: 000000007ab8ae4a R10: ffff88807b230b30 R11: 0000000000012266 R12: ffffc900045ce460 R13: ffffc900045ce410 R14: ffffc900045ce445 R15: ffffffff822266ba arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122 save_stack+0x160/0x1f0 mm/page_owner.c:156 __set_page_owner+0x91/0x560 mm/page_owner.c:332 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1af/0x220 mm/page_alloc.c:1845 prep_new_page mm/page_alloc.c:1853 [inline] get_page_from_freelist+0xd0b/0x31a0 mm/page_alloc.c:3879 __alloc_frozen_pages_noprof+0x25f/0x2440 mm/page_alloc.c:5183 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2416 folio_alloc_mpol_noprof+0x36/0xe0 mm/mempolicy.c:2435 shmem_alloc_folio+0x135/0x160 mm/shmem.c:1870 shmem_alloc_and_add_folio+0x494/0xc20 mm/shmem.c:1912 shmem_get_folio_gfp+0x67f/0x1610 mm/shmem.c:2535 shmem_get_folio mm/shmem.c:2641 [inline] shmem_write_begin+0x160/0x300 mm/shmem.c:3291 generic_perform_write+0x3c4/0x900 mm/filemap.c:4300 shmem_file_write_iter+0x10e/0x140 mm/shmem.c:3466 __kernel_write_iter+0x31a/0xb10 fs/read_write.c:619 dump_emit_page fs/coredump.c:1298 [inline] dump_user_range+0x413/0xb70 fs/coredump.c:1372 elf_core_dump+0x29c3/0x3c10 fs/binfmt_elf.c:2111 coredump_write fs/coredump.c:1049 [inline] do_coredump fs/coredump.c:1126 [inline] vfs_coredump+0x2b85/0x55e0 fs/coredump.c:1200 get_signal+0x22e1/0x26d0 kernel/signal.c:3019 arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline] exit_to_user_mode_loop kernel/entry/common.c:75 [inline] __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline] irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:270 [inline] irqentry_exit_to_user_mode include/linux/irq-entry-common.h:339 [inline] irqentry_exit+0x38a/0x8c0 kernel/entry/common.c:196 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 RIP: 0033:0x7f85ba18f7d1 Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f RSP: 002b:0000000080000007 EFLAGS: 00010217 RAX: 0000000000000000 RBX: 00007f85ba3e6090 RCX: 00007f85ba18f7c9 RDX: 9999999999999999 RSI: 0000000080000007 RDI: 0000000000000021 RBP: 00007f85ba213f91 R08: 0000000000000006 R09: 0000000000000000 R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f85ba3e6128 R14: 00007f85ba3e6090 R15: 00007fff5af9e828 ---------------- Code disassembly (best guess): 0: 20 44 8b 5c and %al,0x5c(%rbx,%rcx,4) 4: 24 18 and $0x18,%al 6: 89 cf mov %ecx,%edi 8: 8b 14 95 30 b9 da 91 mov -0x6e2546d0(,%rdx,4),%edx f: 48 8d 04 7f lea (%rdi,%rdi,2),%rax 13: 48 8d 84 00 fc 09 19 lea -0x6ee6f604(%rax,%rax,1),%rax 1a: 91 1b: 83 c2 01 add $0x1,%edx 1e: 48 3d 30 b9 da 91 cmp $0xffffffff91dab930,%rax 24: 0f 83 4d 08 00 00 jae 0x877 * 2a: 41 89 d0 mov %edx,%r8d <-- trapping instruction 2d: 4f 8d 04 40 lea (%r8,%r8,2),%r8 31: 4f 8d 84 00 fc 09 19 lea -0x6ee6f604(%r8,%r8,1),%r8 38: 91 39: 49 81 f8 30 b9 da 91 cmp $0xffffffff91dab930,%r8