BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620
in_atomic(): 1, irqs_disabled(): 0, pid: 3090, name: syz-executor3
3 locks held by syz-executor3/3090:
 #0:  (sb_writers#4){.+.+.+}, at: [<ffffffff814fc6af>] sb_start_write include/linux/fs.h:1517 [inline]
 #0:  (sb_writers#4){.+.+.+}, at: [<ffffffff814fc6af>] mnt_want_write+0x3f/0xb0 fs/namespace.c:391
 #1:  (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81492592>] do_truncate2+0x132/0x210 fs/open.c:61
 #2:  (&ei->i_mmap_sem){++++.+}, at: [<ffffffff81663579>] ext4_setattr+0x1109/0x2090 fs/ext4/inode.c:5015
Preemption disabled at:[<ffffffff81b0bda9>] __debug_check_no_obj_freed lib/debugobjects.c:691 [inline]
Preemption disabled at:[<ffffffff81b0bda9>] debug_check_no_obj_freed+0x159/0x6e0 lib/debugobjects.c:729

CPU: 0 PID: 3090 Comm: syz-executor3 Not tainted 4.4.169+ #2
 0000000000000000 3b52a39b0ad055f1 ffff8801db607870 ffffffff81aab9c1
 ffff8800b91417c0 0000000000000102 ffff8800b91417c0 0000000000000102
 ffff8800b91417c0 ffff8801db6078a8 ffffffff813a6d4d ffff8800b91417c0
Call Trace:
 <IRQ>  [<ffffffff81aab9c1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aab9c1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813a6d4d>] ___might_sleep.cold+0x1c6/0x1dc kernel/sched/core.c:7988
 [<ffffffff81159b40>] __might_sleep+0x90/0x1a0 kernel/sched/core.c:7948
 [<ffffffff82708bcd>] mutex_lock_nested+0x8d/0xb80 kernel/locking/mutex.c:620
 [<ffffffff81512f1f>] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944
 [<ffffffff81513088>] generic_file_fsync+0x78/0x120 fs/libfs.c:977
 [<ffffffff81635192>] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109
 [<ffffffff81538941>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff81552e46>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff81552e46>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff815532f6>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a21687>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a405d7>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a405d7>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d73cac>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7c4b5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d5fc74>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7aa09>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5d8b8>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff82718316>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e189a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e189a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff82717911>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff82717911>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff82715f1d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI>  [<ffffffff81b093dc>] ? check_preemption_disabled+0x3c/0x200 lib/smp_processor_id.c:51
 [<ffffffff81242cf5>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1050 [inline]
 [<ffffffff81242cf5>] rcu_lockdep_current_cpu_online+0x35/0x140 kernel/rcu/tree.c:1042
 [<ffffffff8123a727>] rcu_read_lock_sched_held+0x97/0x130 kernel/rcu/update.c:105
 [<ffffffff813cb994>] trace_mm_page_free_batched include/trace/events/kmem.h:195 [inline]
 [<ffffffff813cb994>] free_hot_cold_page_list+0x254/0x3c0 mm/page_alloc.c:2159
 [<ffffffff813e1188>] release_pages+0x158/0x680 mm/swap.c:970
 [<ffffffff813e3b2d>] __pagevec_release+0x5d/0xb0 mm/swap.c:987
 [<ffffffff813e56ee>] pagevec_release include/linux/pagevec.h:77 [inline]
 [<ffffffff813e56ee>] truncate_inode_pages_range+0x50e/0xde0 mm/truncate.c:284
 [<ffffffff813e6119>] truncate_inode_pages mm/truncate.c:390 [inline]
 [<ffffffff813e6119>] truncate_pagecache+0x69/0x90 mm/truncate.c:689
 [<ffffffff816635a2>] ext4_setattr+0x1132/0x2090 fs/ext4/inode.c:5020
 [<ffffffff814ef3b1>] notify_change2+0x871/0xb70 fs/attr.c:283
 [<ffffffff814925aa>] do_truncate2+0x14a/0x210 fs/open.c:63
 [<ffffffff814c70d6>] handle_truncate fs/namei.c:2816 [inline]
 [<ffffffff814c70d6>] do_last fs/namei.c:3286 [inline]
 [<ffffffff814c70d6>] path_openat+0x2cf6/0x4470 fs/namei.c:3406
 [<ffffffff814cc421>] do_filp_open+0x1a1/0x270 fs/namei.c:3440
 [<ffffffff81495158>] do_sys_open+0x2f8/0x600 fs/open.c:1038
 [<ffffffff81495507>] SYSC_open fs/open.c:1056 [inline]
 [<ffffffff81495507>] SyS_open fs/open.c:1051 [inline]
 [<ffffffff81495507>] SYSC_creat fs/open.c:1076 [inline]
 [<ffffffff81495507>] SyS_creat+0x27/0x30 fs/open.c:1074
 [<ffffffff827153a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a

=================================
[ INFO: inconsistent lock state ]
4.4.169+ #2 Not tainted
---------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor3/3090 [HC0[0]:SC1[1]:HE1:SE0] takes:
 (&sb->s_type->i_mutex_key#9){+.?.+.}, at: [<ffffffff81512f1f>] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944
{SOFTIRQ-ON-W} state was registered at:
  [<ffffffff81200233>] mark_irqflags kernel/locking/lockdep.c:2817 [inline]
  [<ffffffff81200233>] __lock_acquire+0xe73/0x4f50 kernel/locking/lockdep.c:3169
  [<ffffffff81205d7e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
  [<ffffffff82708c01>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
  [<ffffffff82708c01>] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621
  [<ffffffff814aad8f>] bprm_fill_uid fs/exec.c:1357 [inline]
  [<ffffffff814aad8f>] prepare_binprm+0x2bf/0x770 fs/exec.c:1391
  [<ffffffff814ad306>] do_execveat_common.isra.0+0xd86/0x1e90 fs/exec.c:1620
  [<ffffffff814aed92>] do_execve fs/exec.c:1683 [inline]
  [<ffffffff814aed92>] SYSC_execve fs/exec.c:1764 [inline]
  [<ffffffff814aed92>] SyS_execve+0x42/0x50 fs/exec.c:1759
  [<ffffffff827156f5>] return_from_execve+0x0/0x23
irq event stamp: 1470
hardirqs last  enabled at (1470): [<ffffffff82715fa6>] restore_regs_and_iret+0x0/0x1d
hardirqs last disabled at (1469): [<ffffffff82715f18>] common_interrupt+0x98/0x9d arch/x86/entry/entry_64.S:623
softirqs last  enabled at (0): [<ffffffff810cbe1b>] copy_process+0x127b/0x68c0 kernel/fork.c:1468
softirqs last disabled at (1387): [<ffffffff810e189a>] invoke_softirq kernel/softirq.c:350 [inline]
softirqs last disabled at (1387): [<ffffffff810e189a>] irq_exit+0x10a/0x150 kernel/softirq.c:391

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sb->s_type->i_mutex_key#9);
  <Interrupt>
    lock(&sb->s_type->i_mutex_key#9);

 *** DEADLOCK ***

3 locks held by syz-executor3/3090:
 #0:  (sb_writers#4){.+.+.+}, at: [<ffffffff814fc6af>] sb_start_write include/linux/fs.h:1517 [inline]
 #0:  (sb_writers#4){.+.+.+}, at: [<ffffffff814fc6af>] mnt_want_write+0x3f/0xb0 fs/namespace.c:391
 #1:  (&sb->s_type->i_mutex_key#9){+.?.+.}, at: [<ffffffff81492592>] do_truncate2+0x132/0x210 fs/open.c:61
 #2:  (&ei->i_mmap_sem){++++.+}, at: [<ffffffff81663579>] ext4_setattr+0x1109/0x2090 fs/ext4/inode.c:5015

stack backtrace:
CPU: 0 PID: 3090 Comm: syz-executor3 Not tainted 4.4.169+ #2
 0000000000000000 3b52a39b0ad055f1 ffff8801db607610 ffffffff81aab9c1
 0000000000000090 ffff8800b91417c0 ffffffff83abd470 ffffffff84055ac0
 ffff8800b9142120 ffff8801db607688 ffffffff813ad270 0000000000000001
Call Trace:
 <IRQ>  [<ffffffff81aab9c1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aab9c1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ad270>] print_usage_bug.cold+0x454/0x592 kernel/locking/lockdep.c:2267
 [<ffffffff811fdfcd>] valid_state kernel/locking/lockdep.c:2280 [inline]
 [<ffffffff811fdfcd>] mark_lock_irq kernel/locking/lockdep.c:2478 [inline]
 [<ffffffff811fdfcd>] mark_lock+0x6fd/0x1440 kernel/locking/lockdep.c:2933
 [<ffffffff8120081e>] mark_irqflags kernel/locking/lockdep.c:2799 [inline]
 [<ffffffff8120081e>] __lock_acquire+0x145e/0x4f50 kernel/locking/lockdep.c:3169
 [<ffffffff81205d7e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
 [<ffffffff82708c01>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff82708c01>] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621
 [<ffffffff81512f1f>] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944
 [<ffffffff81513088>] generic_file_fsync+0x78/0x120 fs/libfs.c:977
 [<ffffffff81635192>] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109
 [<ffffffff81538941>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff81552e46>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff81552e46>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff815532f6>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a21687>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a405d7>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a405d7>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d73cac>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7c4b5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d5fc74>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7aa09>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5d8b8>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff82718316>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e189a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e189a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff82717911>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff82717911>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff82715f1d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI>  [<ffffffff81b093dc>] ? check_preemption_disabled+0x3c/0x200 lib/smp_processor_id.c:51
 [<ffffffff81242cf5>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1050 [inline]
 [<ffffffff81242cf5>] rcu_lockdep_current_cpu_online+0x35/0x140 kernel/rcu/tree.c:1042
 [<ffffffff8123a727>] rcu_read_lock_sched_held+0x97/0x130 kernel/rcu/update.c:105
 [<ffffffff813cb994>] trace_mm_page_free_batched include/trace/events/kmem.h:195 [inline]
 [<ffffffff813cb994>] free_hot_cold_page_list+0x254/0x3c0 mm/page_alloc.c:2159
 [<ffffffff813e1188>] release_pages+0x158/0x680 mm/swap.c:970
 [<ffffffff813e3b2d>] __pagevec_release+0x5d/0xb0 mm/swap.c:987
 [<ffffffff813e56ee>] pagevec_release include/linux/pagevec.h:77 [inline]
 [<ffffffff813e56ee>] truncate_inode_pages_range+0x50e/0xde0 mm/truncate.c:284
 [<ffffffff813e6119>] truncate_inode_pages mm/truncate.c:390 [inline]
 [<ffffffff813e6119>] truncate_pagecache+0x69/0x90 mm/truncate.c:689
 [<ffffffff816635a2>] ext4_setattr+0x1132/0x2090 fs/ext4/inode.c:5020
 [<ffffffff814ef3b1>] notify_change2+0x871/0xb70 fs/attr.c:283
 [<ffffffff814925aa>] do_truncate2+0x14a/0x210 fs/open.c:63
 [<ffffffff814c70d6>] handle_truncate fs/namei.c:2816 [inline]
 [<ffffffff814c70d6>] do_last fs/namei.c:3286 [inline]
 [<ffffffff814c70d6>] path_openat+0x2cf6/0x4470 fs/namei.c:3406
 [<ffffffff814cc421>] do_filp_open+0x1a1/0x270 fs/namei.c:3440
 [<ffffffff81495158>] do_sys_open+0x2f8/0x600 fs/open.c:1038
 [<ffffffff81495507>] SYSC_open fs/open.c:1056 [inline]
 [<ffffffff81495507>] SyS_open fs/open.c:1051 [inline]
 [<ffffffff81495507>] SYSC_creat fs/open.c:1076 [inline]
 [<ffffffff81495507>] SyS_creat+0x27/0x30 fs/open.c:1074
 [<ffffffff827153a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
BUG: scheduling while atomic: syz-executor3/3090/0x00000103
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:[<ffffffff81b0bda9>] __debug_check_no_obj_freed lib/debugobjects.c:691 [inline]
Preemption disabled at:[<ffffffff81b0bda9>] debug_check_no_obj_freed+0x159/0x6e0 lib/debugobjects.c:729

CPU: 0 PID: 3090 Comm: syz-executor3 Not tainted 4.4.169+ #2
 0000000000000000 3b52a39b0ad055f1 ffff8801db607800 ffffffff81aab9c1
 0000000000000000 ffff8800b91417c0 0000000000000103 0000000000000000
 000000000001e880 ffff8801db607820 ffffffff813a6dc3 ffff8801db61e880
Call Trace:
 <IRQ>  [<ffffffff81aab9c1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aab9c1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813a6dc3>] __schedule_bug.cold+0x60/0x71 kernel/sched/core.c:3138
 [<ffffffff8270564b>] schedule_debug kernel/sched/core.c:3153 [inline]
 [<ffffffff8270564b>] __schedule+0x118b/0x1ee0 kernel/sched/core.c:3265
 [<ffffffff827065e9>] schedule+0x99/0x1d0 kernel/sched/core.c:3355
 [<ffffffff82706da3>] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:3388
 [<ffffffff82708f02>] __mutex_lock_common kernel/locking/mutex.c:582 [inline]
 [<ffffffff82708f02>] mutex_lock_nested+0x3c2/0xb80 kernel/locking/mutex.c:621
 [<ffffffff81512f1f>] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944
 [<ffffffff81513088>] generic_file_fsync+0x78/0x120 fs/libfs.c:977
 [<ffffffff81635192>] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109
 [<ffffffff81538941>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff81552e46>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff81552e46>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff815532f6>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a21687>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a405d7>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a405d7>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d73cac>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7c4b5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d5fc74>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7aa09>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5d8b8>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff82718316>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e189a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e189a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff82717911>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff82717911>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff82715f1d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI>  [<ffffffff81b093dc>] ? check_preemption_disabled+0x3c/0x200 lib/smp_processor_id.c:51
 [<ffffffff81242cf5>] rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1050 [inline]
 [<ffffffff81242cf5>] rcu_lockdep_current_cpu_online+0x35/0x140 kernel/rcu/tree.c:1042
 [<ffffffff8123a727>] rcu_read_lock_sched_held+0x97/0x130 kernel/rcu/update.c:105
 [<ffffffff813cb994>] trace_mm_page_free_batched include/trace/events/kmem.h:195 [inline]
 [<ffffffff813cb994>] free_hot_cold_page_list+0x254/0x3c0 mm/page_alloc.c:2159
 [<ffffffff813e1188>] release_pages+0x158/0x680 mm/swap.c:970
 [<ffffffff813e3b2d>] __pagevec_release+0x5d/0xb0 mm/swap.c:987
 [<ffffffff813e56ee>] pagevec_release include/linux/pagevec.h:77 [inline]
 [<ffffffff813e56ee>] truncate_inode_pages_range+0x50e/0xde0 mm/truncate.c:284
 [<ffffffff813e6119>] truncate_inode_pages mm/truncate.c:390 [inline]
 [<ffffffff813e6119>] truncate_pagecache+0x69/0x90 mm/truncate.c:689
 [<ffffffff816635a2>] ext4_setattr+0x1132/0x2090 fs/ext4/inode.c:5020
 [<ffffffff814ef3b1>] notify_change2+0x871/0xb70 fs/attr.c:283
 [<ffffffff814925aa>] do_truncate2+0x14a/0x210 fs/open.c:63
 [<ffffffff814c70d6>] handle_truncate fs/namei.c:2816 [inline]
 [<ffffffff814c70d6>] do_last fs/namei.c:3286 [inline]
 [<ffffffff814c70d6>] path_openat+0x2cf6/0x4470 fs/namei.c:3406
 [<ffffffff814cc421>] do_filp_open+0x1a1/0x270 fs/namei.c:3440
 [<ffffffff81495158>] do_sys_open+0x2f8/0x600 fs/open.c:1038
 [<ffffffff81495507>] SYSC_open fs/open.c:1056 [inline]
 [<ffffffff81495507>] SyS_open fs/open.c:1051 [inline]
 [<ffffffff81495507>] SYSC_creat fs/open.c:1076 [inline]
 [<ffffffff81495507>] SyS_creat+0x27/0x30 fs/open.c:1074
 [<ffffffff827153a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
NOHZ: local_softirq_pending 292
NOHZ: local_softirq_pending 292