bisecting cause commit starting from f8788d86ab28f61f7b46eb6be375f8a726783636
building syzkaller on 59b57593586656c1d5be820aeed0e751087e6ac6
testing commit f8788d86ab28f61f7b46eb6be375f8a726783636 with gcc (GCC) 8.1.0
kernel signature: 24f39689c9beb3cff027d69c9b974f1b5f1171d45b06b36930a5066a8b82e781
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: d995b98f2f236c9aeaa25bd0b73f98b18df7236a1c37528a8018a4d9281e5a97
all runs: OK
# git bisect start f8788d86ab28f61f7b46eb6be375f8a726783636 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 6733 revisions left to test after this (roughly 13 steps)
[4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0
kernel signature: c8ecd923d73ad8dde7bcc221a61ce9955aae1181a47ef5e8929a95e51ffef81f
all runs: OK
# git bisect good 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb
Bisecting: 3410 revisions left to test after this (roughly 12 steps)
[f3cc4e1d44a813a0685f2e558b78ace3db559722] ARM: dma-api: fix max_pfn off-by-one error in __dma_supported()
testing commit f3cc4e1d44a813a0685f2e558b78ace3db559722 with gcc (GCC) 8.1.0
kernel signature: 42eac6e045ea95d7d77a3425518b826ecd7c85c64eefb0ce2c96f52819ed2017
all runs: OK
# git bisect good f3cc4e1d44a813a0685f2e558b78ace3db559722
Bisecting: 1951 revisions left to test after this (roughly 11 steps)
[469030d454bd1620c7b2651d9ec8cdcbaa74deb9] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 469030d454bd1620c7b2651d9ec8cdcbaa74deb9 with gcc (GCC) 8.1.0
kernel signature: 7856bc89bde4e1a2051060d508341b84519b3068f3570cc5252a14ff96be1627
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
# git bisect bad 469030d454bd1620c7b2651d9ec8cdcbaa74deb9
Bisecting: 726 revisions left to test after this (roughly 10 steps)
[c1ef57a3a3f5e69e98baf89055b423da62791c13] Merge tag 'io_uring-5.6-2020-02-05' of git://git.kernel.dk/linux-block
testing commit c1ef57a3a3f5e69e98baf89055b423da62791c13 with gcc (GCC) 8.1.0
kernel signature: eb779a0ba080dc6dd34e2ddc3b9f03178157d3d687f8d272e3c0a732d17e0f16
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
# git bisect bad c1ef57a3a3f5e69e98baf89055b423da62791c13
Bisecting: 412 revisions left to test after this (roughly 9 steps)
[153b5c566d30fb984827acb12fd93c3aa6c147d3] Merge tag 'microblaze-v5.6-rc1' of git://git.monstr.eu/linux-2.6-microblaze
testing commit 153b5c566d30fb984827acb12fd93c3aa6c147d3 with gcc (GCC) 8.1.0
kernel signature: 2b94a0fef85b358656a88eaea3ebb65eab24b0ff3fb9e9d468d5e39160632258
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
# git bisect bad 153b5c566d30fb984827acb12fd93c3aa6c147d3
Bisecting: 166 revisions left to test after this (roughly 7 steps)
[fc6a15c853085f04c30e08bbba7d49cb611f7773] dt/bindings: clk: fsl,plldig: Drop 'bindings' from schema id
testing commit fc6a15c853085f04c30e08bbba7d49cb611f7773 with gcc (GCC) 8.1.0
kernel signature: 096e27afbe8c70b25365e33668e599f6d3f01292329e0ccb660a17872432bb53
all runs: OK
# git bisect good fc6a15c853085f04c30e08bbba7d49cb611f7773
Bisecting: 72 revisions left to test after this (roughly 6 steps)
[eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c] Merge tag 'rtc-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux
testing commit eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c with gcc (GCC) 8.1.0
kernel signature: 56885fbb4ba977faf5e36af3f1add76bbfb059ec8b4eee0d3f64d400345e3384
all runs: OK
# git bisect good eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c
Bisecting: 44 revisions left to test after this (roughly 5 steps)
[685097986b5ef8b8c4b19dbb6a1d6069c3626ba2] Merge tag 'hwlock-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc
testing commit 685097986b5ef8b8c4b19dbb6a1d6069c3626ba2 with gcc (GCC) 8.1.0
kernel signature: 96bc61bd1902bd4b6d95247e06276badcd55488a51978121bb52b888a00f9fda
all runs: OK
# git bisect good 685097986b5ef8b8c4b19dbb6a1d6069c3626ba2
Bisecting: 22 revisions left to test after this (roughly 5 steps)
[a45ad71e8995eed2b95c6ef0f4c442da0c4f6677] Merge tag 'rproc-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc
testing commit a45ad71e8995eed2b95c6ef0f4c442da0c4f6677 with gcc (GCC) 8.1.0
kernel signature: 34a1e5337045aba58314a27d73ef18c7b6b8dd35c2bb52cba0097935b4149d7f
all runs: OK
# git bisect good a45ad71e8995eed2b95c6ef0f4c442da0c4f6677
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[5dcdc43e24a1810d3c3f4959af3d0c8e0026d863] vfs: add vfs_iocb_iter_[read|write] helper functions
testing commit 5dcdc43e24a1810d3c3f4959af3d0c8e0026d863 with gcc (GCC) 8.1.0
kernel signature: b1f641e55a9c6f7a539aea1cdad2c1e50f31f4eec9b30e594f33fc402a99c364
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
# git bisect bad 5dcdc43e24a1810d3c3f4959af3d0c8e0026d863
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[94375f9d5103c2eb2f905381993a2fb70c297364] ovl: generalize the lower_layers[] array
testing commit 94375f9d5103c2eb2f905381993a2fb70c297364 with gcc (GCC) 8.1.0
kernel signature: 34d841bad109e94fd46c8fdc5edd10904c0f6ea2c57fa94d650f8332a441fbcc
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
# git bisect bad 94375f9d5103c2eb2f905381993a2fb70c297364
Bisecting: 2 revisions left to test after this (roughly 1 step)
[1bd0a3aea4357e1dce8b3f0f889fd3fe756353e6] ovl: use pr_fmt auto generate prefix
testing commit 1bd0a3aea4357e1dce8b3f0f889fd3fe756353e6 with gcc (GCC) 8.1.0
kernel signature: c677bd3e89e1df1e91cd6312a8d20d35212f3752a47ec3d3064f1ea850b6f765
all runs: OK
# git bisect good 1bd0a3aea4357e1dce8b3f0f889fd3fe756353e6
Bisecting: 0 revisions left to test after this (roughly 1 step)
[b504c6540d1752c73e16548062c49bc9f447cb12] ovl: improving copy-up efficiency for big sparse file
testing commit b504c6540d1752c73e16548062c49bc9f447cb12 with gcc (GCC) 8.1.0
kernel signature: 44079115d3353afefa26d5b810faa54c905fd89987d400cdc662708c2dd56330
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
# git bisect bad b504c6540d1752c73e16548062c49bc9f447cb12
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b1f9d3858f724ed45b279b689fb5b400d91352e3] ovl: use ovl_inode_lock in ovl_llseek()
testing commit b1f9d3858f724ed45b279b689fb5b400d91352e3 with gcc (GCC) 8.1.0
kernel signature: 20d98285751af4f1adc5a98767d23d2fd440763a07e2a27916b2ee2cc2ea6fa0
all runs: crashed: WARNING: bad unlock balance in ovl_llseek
# git bisect bad b1f9d3858f724ed45b279b689fb5b400d91352e3
b1f9d3858f724ed45b279b689fb5b400d91352e3 is the first bad commit
commit b1f9d3858f724ed45b279b689fb5b400d91352e3
Author: Amir Goldstein <amir73il@gmail.com>
Date:   Sat Dec 21 11:42:29 2019 +0200

    ovl: use ovl_inode_lock in ovl_llseek()
    
    In ovl_llseek() we use the overlay inode rwsem to protect against
    concurrent modifications to real file f_pos, because we copy the overlay
    file f_pos to/from the real file f_pos.
    
    This caused a lockdep warning of locking order violation when the
    ovl_llseek() operation was called on a lower nested overlay layer while the
    upper layer fs sb_writers is held (with patch improving copy-up efficiency
    for big sparse file).
    
    Use the internal ovl_inode_lock() instead of the overlay inode rwsem in
    those cases. It is meant to be used for protecting against concurrent
    changes to overlay inode internal state changes.
    
    The locking order rules are documented to explain this case.
    
    Signed-off-by: Amir Goldstein <amir73il@gmail.com>
    Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

 fs/overlayfs/file.c  |  4 ++--
 fs/overlayfs/inode.c | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)
culprit signature: 20d98285751af4f1adc5a98767d23d2fd440763a07e2a27916b2ee2cc2ea6fa0
parent  signature: c677bd3e89e1df1e91cd6312a8d20d35212f3752a47ec3d3064f1ea850b6f765
revisions tested: 16, total time: 3h42m40.954029266s (build: 1h46m26.610232231s, test: 1h55m9.184503758s)
first bad commit: b1f9d3858f724ed45b279b689fb5b400d91352e3 ovl: use ovl_inode_lock in ovl_llseek()
cc: ["amir73il@gmail.com" "linux-kernel@vger.kernel.org" "linux-unionfs@vger.kernel.org" "miklos@szeredi.hu" "mszeredi@redhat.com"]
crash: WARNING: bad unlock balance in ovl_llseek
=====================================
WARNING: bad unlock balance detected!
5.5.0-rc7-syzkaller #0 Not tainted
-------------------------------------
syz-executor.5/11435 is trying to release lock (&ovl_i_lock_key[depth]) at:
[<ffffffff825b4953>] ovl_inode_unlock fs/overlayfs/overlayfs.h:319 [inline]
[<ffffffff825b4953>] ovl_llseek+0x233/0x360 fs/overlayfs/file.c:182
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor.5/11435:
 #0: ffff888095689d60 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa3/0xc0 fs/file.c:801

stack backtrace:
CPU: 0 PID: 11435 Comm: syz-executor.5 Not tainted 5.5.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x12d/0x187 lib/dump_stack.c:118
 print_unlock_imbalance_bug.cold.53+0x114/0x123 kernel/locking/lockdep.c:4007
 __lock_release kernel/locking/lockdep.c:4241 [inline]
 lock_release+0x60e/0x910 kernel/locking/lockdep.c:4502
 __mutex_unlock_slowpath+0x86/0x690 kernel/locking/mutex.c:1228
 mutex_unlock+0xd/0x10 kernel/locking/mutex.c:740
 ovl_inode_unlock fs/overlayfs/overlayfs.h:319 [inline]
 ovl_llseek+0x233/0x360 fs/overlayfs/file.c:182
 vfs_llseek fs/read_write.c:300 [inline]
 ksys_lseek+0xc8/0x150 fs/read_write.c:313
 __do_sys_lseek fs/read_write.c:324 [inline]
 __se_sys_lseek fs/read_write.c:322 [inline]
 __x64_sys_lseek+0x6e/0xb0 fs/read_write.c:322
 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c449
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8664f16c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000008
RAX: ffffffffffffffda RBX: 00007f8664f176d4 RCX: 000000000045c449
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000718 R14: 00000000004c9a15 R15: 000000000076c06c