------------[ cut here ]------------ WARNING: kernel/sched/sched.h:1549 at lockdep_assert_rq_held kernel/sched/sched.h:1549 [inline], CPU#0: syz.0.3194/20578 WARNING: kernel/sched/sched.h:1549 at lockdep_assert_rq_held kernel/sched/sched.h:1547 [inline], CPU#0: syz.0.3194/20578 WARNING: kernel/sched/sched.h:1549 at update_rq_clock+0x34a/0xc70 kernel/sched/core.c:837, CPU#0: syz.0.3194/20578 Modules linked in: CPU: 0 UID: 0 PID: 20578 Comm: syz.0.3194 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:lockdep_assert_rq_held kernel/sched/sched.h:1549 [inline] RIP: 0010:lockdep_assert_rq_held kernel/sched/sched.h:1547 [inline] RIP: 0010:update_rq_clock+0x34a/0xc70 kernel/sched/core.c:837 Code: ab 48 0b 00 00 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f e9 48 af ed 09 a8 04 0f 84 9c fd ff ff 90 0f 0b 90 e9 93 fd ff ff 90 <0f> 0b 90 e9 4f fd ff ff 48 8d bb 18 0e 00 00 48 b8 00 00 00 00 00 RSP: 0018:ffffc900040adfb8 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff8880b853adc0 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff8daa490a RDI: ffffffff8bf2b580 RBP: 0000000000000001 R08: ffff8880b843b8c8 R09: fffffbfff2111d1a R10: ffffffff9088e8d7 R11: 0000000000000001 R12: ffffffff90891954 R13: ffffffff8dd64f20 R14: ffff88801dabbd00 R15: ffff8880b853adc0 FS: 000055556dcf1500(0000) GS:ffff8881248fc000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f27d4fd1034 CR3: 0000000077a38000 CR4: 00000000003526f0 Call Trace: pick_next_task kernel/sched/core.c:6088 [inline] __schedule+0x212d/0x6150 kernel/sched/core.c:6805 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7190 irqentry_exit+0x1d8/0x8c0 kernel/entry/common.c:216 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x62/0x330 kernel/locking/lockdep.c:5872 Code: bb 18 12 83 f8 07 0f 87 a2 02 00 00 89 c0 48 0f a3 05 f2 63 ef 0e 0f 82 74 02 00 00 8b 35 6a 94 ef 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 09 bb 18 12 0f 85 ad 02 00 00 48 83 c4 RSP: 0018:ffffc900040ae270 EFLAGS: 00000206 RAX: 0000000000000046 RBX: ffffffff8e3c9520 RCX: 000000002ae30024 RDX: 0000000000000000 RSI: ffffffff8daa490a RDI: ffffffff8bf2b580 RBP: 0000000000000002 R08: 0000000065ee595f R09: 00000000f65ee595 R10: 0000000000000002 R11: ffff888030eee6b0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 rcu_lock_acquire include/linux/rcupdate.h:331 [inline] rcu_read_lock include/linux/rcupdate.h:867 [inline] class_rcu_constructor include/linux/rcupdate.h:1195 [inline] unwind_next_frame+0xd1/0x20b0 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122 save_stack+0x160/0x1f0 mm/page_owner.c:165 __reset_page_owner+0x84/0x1a0 mm/page_owner.c:320 reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1395 [inline] free_unref_folios+0xa22/0x1610 mm/page_alloc.c:3000 shrink_folio_list+0x35c8/0x4bc0 mm/vmscan.c:1534 evict_folios+0x79c/0x1b30 mm/vmscan.c:4711 try_to_shrink_lruvec+0x585/0x9b0 mm/vmscan.c:4874 lru_gen_shrink_lruvec mm/vmscan.c:5023 [inline] shrink_lruvec+0x312/0x2b00 mm/vmscan.c:5784 shrink_node_memcgs mm/vmscan.c:6020 [inline] shrink_node+0x8a6/0x3bb0 mm/vmscan.c:6061 shrink_zones mm/vmscan.c:6300 [inline] do_try_to_free_pages+0x362/0x1920 mm/vmscan.c:6362 try_to_free_mem_cgroup_pages+0x31b/0x740 mm/vmscan.c:6690 try_charge_memcg+0x42a/0xd30 mm/memcontrol.c:2388 try_charge mm/memcontrol.c:2530 [inline] charge_memcg+0x8a/0x230 mm/memcontrol.c:4728 mem_cgroup_swapin_charge_folio+0xeb/0x470 mm/memcontrol.c:4814 __read_swap_cache_async+0x397/0x500 mm/swap_state.c:481 swap_cluster_readahead+0x528/0x770 mm/swap_state.c:665 swapin_readahead+0x160/0x1220 mm/swap_state.c:821 do_swap_page+0x962/0x64a0 mm/memory.c:4753 handle_pte_fault mm/memory.c:6276 [inline] __handle_mm_fault+0x19cb/0x2bb0 mm/memory.c:6411 handle_mm_fault+0x3fe/0xad0 mm/memory.c:6580 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x64/0xc0 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618 RIP: 0033:0x7f27d4c4d750 Code: 74 28 48 85 c9 74 29 45 38 1c 10 75 23 83 c0 01 44 39 d0 75 dc 48 89 f0 25 ff 1f 00 00 49 89 34 c1 41 88 3c 00 31 c0 c3 66 90 <41> 38 3c 10 74 0b 41 88 3c 10 31 c0 49 89 34 d1 c3 b8 01 00 00 00 RSP: 002b:00007ffe35fdae28 EFLAGS: 00010246 RAX: 000000008465d034 RBX: 00007f27d5b15720 RCX: ffffffff8465d034 RDX: 0000000000001034 RSI: ffffffff8465d034 RDI: 000000000000000f RBP: ffffffff8465d034 R08: 00007f27d4fd0000 R09: 00007f27d4fd2000 R10: 000000008465d038 R11: 000000000000000f R12: 000000000000000f R13: 0000000000000009 R14: ffffffff8465d932 R15: 000000000000000a ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 18 12 sbb %dl,(%rdx) 2: 83 f8 07 cmp $0x7,%eax 5: 0f 87 a2 02 00 00 ja 0x2ad b: 89 c0 mov %eax,%eax d: 48 0f a3 05 f2 63 ef bt %rax,0xeef63f2(%rip) # 0xeef6407 14: 0e 15: 0f 82 74 02 00 00 jb 0x28f 1b: 8b 35 6a 94 ef 0e mov 0xeef946a(%rip),%esi # 0xeef948b 21: 85 f6 test %esi,%esi 23: 0f 85 8d 00 00 00 jne 0xb6 * 29: 48 8b 44 24 30 mov 0x30(%rsp),%rax <-- trapping instruction 2e: 65 48 2b 05 09 bb 18 sub %gs:0x1218bb09(%rip),%rax # 0x1218bb3f 35: 12 36: 0f 85 ad 02 00 00 jne 0x2e9 3c: 48 rex.W 3d: 83 .byte 0x83 3e: c4 .byte 0xc4