BUG: sleeping function called from invalid context at block/blk-sysfs.c:766 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6905, name: syz-executor.2 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:396 [inline] [] __do_softirq+0xe1/0x9c2 kernel/softirq.c:534 CPU: 1 PID: 6905 Comm: syz-executor.2 Tainted: G W 5.17.0-syzkaller-13573-g8e9d0d7a76c5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9733 blk_release_queue+0x1f/0x320 block/blk-sysfs.c:766 kobject_cleanup lib/kobject.c:705 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x1c8/0x540 lib/kobject.c:753 blkg_free.part.0+0x112/0x1f0 block/blk-cgroup.c:86 blkg_free block/blk-cgroup.c:78 [inline] __blkg_release+0x105/0x160 block/blk-cgroup.c:102 rcu_do_batch kernel/rcu/tree.c:2535 [inline] rcu_core+0x7b1/0x1880 kernel/rcu/tree.c:2786 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline] RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:106 [inline] RIP: 0010:free_unref_page_list+0x611/0xf60 mm/page_alloc.c:3497 Code: 48 c7 c6 cf 16 ba 81 4c 89 ef e8 fa 8f a3 ff 48 85 ed 0f 85 61 03 00 00 9c 58 f6 c4 02 0f 85 98 04 00 00 48 85 ed 74 01 fb 9c <41> 5f 4c 89 7c 24 08 fa 4c 89 fd 81 e5 00 02 00 00 0f 85 2e 03 00 RSP: 0018:ffffc90003307848 EFLAGS: 00000206 RAX: 0000000000000046 RBX: ffffea0001348180 RCX: 1ffffffff1b6de05 RDX: 0000000000000000 RSI: ffffffff817f6ba1 RDI: ffffffff81ba1a55 RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff817f6b88 R11: 1ffffd40002ce78a R12: dffffc0000000000 R13: ffff8880b9d35840 R14: 0000000000000001 R15: ffff8880b9d35868 release_pages+0xff1/0x2290 mm/swap.c:978 tlb_batch_pages_flush mm/mmu_gather.c:50 [inline] tlb_flush_mmu_free mm/mmu_gather.c:243 [inline] tlb_flush_mmu mm/mmu_gather.c:250 [inline] tlb_finish_mmu+0x165/0x8c0 mm/mmu_gather.c:341 exit_mmap+0x1de/0x4a0 mm/mmap.c:3150 __mmput+0x122/0x4b0 kernel/fork.c:1183 mmput+0x56/0x60 kernel/fork.c:1205 exit_mm kernel/exit.c:510 [inline] do_exit+0xa12/0x2a00 kernel/exit.c:782 do_group_exit+0xd2/0x2f0 kernel/exit.c:925 get_signal+0x22df/0x24c0 kernel/signal.c:2904 arch_do_signal_or_restart+0x82/0x20f0 arch/x86/kernel/signal.c:867 exit_to_user_mode_loop kernel/entry/common.c:180 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:215 __syscall_exit_to_user_mode_work kernel/entry/common.c:297 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:308 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f17c6c89049 Code: Unable to access opcode bytes at RIP 0x7f17c6c8901f. RSP: 002b:00007f17c7dc2218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f17c6d9bf68 RCX: 00007f17c6c89049 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f17c6d9bf68 RBP: 00007f17c6d9bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17c6d9bf6c R13: 00007fff34e2657f R14: 00007f17c7dc2300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 48 c7 c6 cf 16 ba 81 mov $0xffffffff81ba16cf,%rsi 7: 4c 89 ef mov %r13,%rdi a: e8 fa 8f a3 ff callq 0xffa39009 f: 48 85 ed test %rbp,%rbp 12: 0f 85 61 03 00 00 jne 0x379 18: 9c pushfq 19: 58 pop %rax 1a: f6 c4 02 test $0x2,%ah 1d: 0f 85 98 04 00 00 jne 0x4bb 23: 48 85 ed test %rbp,%rbp 26: 74 01 je 0x29 28: fb sti 29: 9c pushfq * 2a: 41 5f pop %r15 <-- trapping instruction 2c: 4c 89 7c 24 08 mov %r15,0x8(%rsp) 31: fa cli 32: 4c 89 fd mov %r15,%rbp 35: 81 e5 00 02 00 00 and $0x200,%ebp 3b: 0f .byte 0xf 3c: 85 2e test %ebp,(%rsi) 3e: 03 00 add (%rax),%eax