BUG: sleeping function called from invalid context at mm/vmalloc.c:3409
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 9292, name: syz.1.1075
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
Preemption disabled at:
[<ffffffff8b91af20>] __schedule_loop kernel/sched/core.c:7042 [inline]
[<ffffffff8b91af20>] schedule+0xe0/0x3a0 kernel/sched/core.c:7058
CPU: 3 UID: 0 PID: 9292 Comm: syz.1.1075 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 __might_resched+0x3c0/0x5e0 kernel/sched/core.c:8957
 vfree+0x75/0xb50 mm/vmalloc.c:3409
 futex_hash_free+0x98/0xc0 kernel/futex/core.c:1742
 __mmdrop+0x33f/0x580 kernel/fork.c:692
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7a4/0xc10 kernel/sched/core.c:5250
 context_switch kernel/sched/core.c:5360 [inline]
 __schedule+0x1198/0x5de0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7058
 exit_to_user_mode_loop kernel/entry/common.c:31 [inline]
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 irqentry_exit_to_user_mode+0xcf/0x270 kernel/entry/common.c:73
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0023:0xf712e6cf
Code: 00 89 4c 24 04 8d ae 0c b0 01 00 88 5c 24 17 89 7c 24 0c 89 54 24 1c 89 5c 24 18 8b 7c 24 0c 89 c2 81 e2 ff 1f 00 00 8b 34 d7 <8b> 7c d7 04 89 f1 89 fb 33 0c 24 33 5c 24 04 09 d9 74 4e 09 fe 74
RSP: 002b:00000000ff98c958 EFLAGS: 00000202
RAX: 00000000849fa068 RBX: 0000000000000002 RCX: 00000000ffffffff
RDX: 0000000000000068 RSI: 00000000849fa068 RDI: 00000000f7492000
RBP: 00000000f7490000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 89 4c 24 04 8d    	add    %cl,-0x72fbdbb4(%rcx)
   6:	ae                   	scas   %es:(%rdi),%al
   7:	0c b0                	or     $0xb0,%al
   9:	01 00                	add    %eax,(%rax)
   b:	88 5c 24 17          	mov    %bl,0x17(%rsp)
   f:	89 7c 24 0c          	mov    %edi,0xc(%rsp)
  13:	89 54 24 1c          	mov    %edx,0x1c(%rsp)
  17:	89 5c 24 18          	mov    %ebx,0x18(%rsp)
  1b:	8b 7c 24 0c          	mov    0xc(%rsp),%edi
  1f:	89 c2                	mov    %eax,%edx
  21:	81 e2 ff 1f 00 00    	and    $0x1fff,%edx
  27:	8b 34 d7             	mov    (%rdi,%rdx,8),%esi
* 2a:	8b 7c d7 04          	mov    0x4(%rdi,%rdx,8),%edi <-- trapping instruction
  2e:	89 f1                	mov    %esi,%ecx
  30:	89 fb                	mov    %edi,%ebx
  32:	33 0c 24             	xor    (%rsp),%ecx
  35:	33 5c 24 04          	xor    0x4(%rsp),%ebx
  39:	09 d9                	or     %ebx,%ecx
  3b:	74 4e                	je     0x8b
  3d:	09 fe                	or     %edi,%esi
  3f:	74                   	.byte 0x74