bisecting cause commit starting from f8788d86ab28f61f7b46eb6be375f8a726783636 building syzkaller on 59b57593586656c1d5be820aeed0e751087e6ac6 testing commit f8788d86ab28f61f7b46eb6be375f8a726783636 with gcc (GCC) 8.1.0 kernel signature: 24f39689c9beb3cff027d69c9b974f1b5f1171d45b06b36930a5066a8b82e781 all runs: crashed: WARNING: bad unlock balance in ovl_llseek testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: d995b98f2f236c9aeaa25bd0b73f98b18df7236a1c37528a8018a4d9281e5a97 all runs: OK # git bisect start f8788d86ab28f61f7b46eb6be375f8a726783636 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 6733 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: c8ecd923d73ad8dde7bcc221a61ce9955aae1181a47ef5e8929a95e51ffef81f all runs: OK # git bisect good 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 3410 revisions left to test after this (roughly 12 steps) [f3cc4e1d44a813a0685f2e558b78ace3db559722] ARM: dma-api: fix max_pfn off-by-one error in __dma_supported() testing commit f3cc4e1d44a813a0685f2e558b78ace3db559722 with gcc (GCC) 8.1.0 kernel signature: 42eac6e045ea95d7d77a3425518b826ecd7c85c64eefb0ce2c96f52819ed2017 all runs: OK # git bisect good f3cc4e1d44a813a0685f2e558b78ace3db559722 Bisecting: 1951 revisions left to test after this (roughly 11 steps) [469030d454bd1620c7b2651d9ec8cdcbaa74deb9] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 469030d454bd1620c7b2651d9ec8cdcbaa74deb9 with gcc (GCC) 8.1.0 kernel signature: 7856bc89bde4e1a2051060d508341b84519b3068f3570cc5252a14ff96be1627 all runs: crashed: WARNING: bad unlock balance in ovl_llseek # git bisect bad 469030d454bd1620c7b2651d9ec8cdcbaa74deb9 Bisecting: 726 revisions left to test after this (roughly 10 steps) [c1ef57a3a3f5e69e98baf89055b423da62791c13] Merge tag 'io_uring-5.6-2020-02-05' of git://git.kernel.dk/linux-block testing commit c1ef57a3a3f5e69e98baf89055b423da62791c13 with gcc (GCC) 8.1.0 kernel signature: eb779a0ba080dc6dd34e2ddc3b9f03178157d3d687f8d272e3c0a732d17e0f16 all runs: crashed: WARNING: bad unlock balance in ovl_llseek # git bisect bad c1ef57a3a3f5e69e98baf89055b423da62791c13 Bisecting: 412 revisions left to test after this (roughly 9 steps) [153b5c566d30fb984827acb12fd93c3aa6c147d3] Merge tag 'microblaze-v5.6-rc1' of git://git.monstr.eu/linux-2.6-microblaze testing commit 153b5c566d30fb984827acb12fd93c3aa6c147d3 with gcc (GCC) 8.1.0 kernel signature: 2b94a0fef85b358656a88eaea3ebb65eab24b0ff3fb9e9d468d5e39160632258 all runs: crashed: WARNING: bad unlock balance in ovl_llseek # git bisect bad 153b5c566d30fb984827acb12fd93c3aa6c147d3 Bisecting: 166 revisions left to test after this (roughly 7 steps) [fc6a15c853085f04c30e08bbba7d49cb611f7773] dt/bindings: clk: fsl,plldig: Drop 'bindings' from schema id testing commit fc6a15c853085f04c30e08bbba7d49cb611f7773 with gcc (GCC) 8.1.0 kernel signature: 096e27afbe8c70b25365e33668e599f6d3f01292329e0ccb660a17872432bb53 all runs: OK # git bisect good fc6a15c853085f04c30e08bbba7d49cb611f7773 Bisecting: 72 revisions left to test after this (roughly 6 steps) [eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c] Merge tag 'rtc-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux testing commit eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c with gcc (GCC) 8.1.0 kernel signature: 56885fbb4ba977faf5e36af3f1add76bbfb059ec8b4eee0d3f64d400345e3384 all runs: OK # git bisect good eadc4e40e68832fc61ae5e3ef2ef5cfcd9308b2c Bisecting: 44 revisions left to test after this (roughly 5 steps) [685097986b5ef8b8c4b19dbb6a1d6069c3626ba2] Merge tag 'hwlock-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit 685097986b5ef8b8c4b19dbb6a1d6069c3626ba2 with gcc (GCC) 8.1.0 kernel signature: 96bc61bd1902bd4b6d95247e06276badcd55488a51978121bb52b888a00f9fda all runs: OK # git bisect good 685097986b5ef8b8c4b19dbb6a1d6069c3626ba2 Bisecting: 22 revisions left to test after this (roughly 5 steps) [a45ad71e8995eed2b95c6ef0f4c442da0c4f6677] Merge tag 'rproc-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit a45ad71e8995eed2b95c6ef0f4c442da0c4f6677 with gcc (GCC) 8.1.0 kernel signature: 34a1e5337045aba58314a27d73ef18c7b6b8dd35c2bb52cba0097935b4149d7f all runs: OK # git bisect good a45ad71e8995eed2b95c6ef0f4c442da0c4f6677 Bisecting: 11 revisions left to test after this (roughly 4 steps) [5dcdc43e24a1810d3c3f4959af3d0c8e0026d863] vfs: add vfs_iocb_iter_[read|write] helper functions testing commit 5dcdc43e24a1810d3c3f4959af3d0c8e0026d863 with gcc (GCC) 8.1.0 kernel signature: b1f641e55a9c6f7a539aea1cdad2c1e50f31f4eec9b30e594f33fc402a99c364 all runs: crashed: WARNING: bad unlock balance in ovl_llseek # git bisect bad 5dcdc43e24a1810d3c3f4959af3d0c8e0026d863 Bisecting: 5 revisions left to test after this (roughly 3 steps) [94375f9d5103c2eb2f905381993a2fb70c297364] ovl: generalize the lower_layers[] array testing commit 94375f9d5103c2eb2f905381993a2fb70c297364 with gcc (GCC) 8.1.0 kernel signature: 34d841bad109e94fd46c8fdc5edd10904c0f6ea2c57fa94d650f8332a441fbcc all runs: crashed: WARNING: bad unlock balance in ovl_llseek # git bisect bad 94375f9d5103c2eb2f905381993a2fb70c297364 Bisecting: 2 revisions left to test after this (roughly 1 step) [1bd0a3aea4357e1dce8b3f0f889fd3fe756353e6] ovl: use pr_fmt auto generate prefix testing commit 1bd0a3aea4357e1dce8b3f0f889fd3fe756353e6 with gcc (GCC) 8.1.0 kernel signature: c677bd3e89e1df1e91cd6312a8d20d35212f3752a47ec3d3064f1ea850b6f765 all runs: OK # git bisect good 1bd0a3aea4357e1dce8b3f0f889fd3fe756353e6 Bisecting: 0 revisions left to test after this (roughly 1 step) [b504c6540d1752c73e16548062c49bc9f447cb12] ovl: improving copy-up efficiency for big sparse file testing commit b504c6540d1752c73e16548062c49bc9f447cb12 with gcc (GCC) 8.1.0 kernel signature: 44079115d3353afefa26d5b810faa54c905fd89987d400cdc662708c2dd56330 all runs: crashed: WARNING: bad unlock balance in ovl_llseek # git bisect bad b504c6540d1752c73e16548062c49bc9f447cb12 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b1f9d3858f724ed45b279b689fb5b400d91352e3] ovl: use ovl_inode_lock in ovl_llseek() testing commit b1f9d3858f724ed45b279b689fb5b400d91352e3 with gcc (GCC) 8.1.0 kernel signature: 20d98285751af4f1adc5a98767d23d2fd440763a07e2a27916b2ee2cc2ea6fa0 all runs: crashed: WARNING: bad unlock balance in ovl_llseek # git bisect bad b1f9d3858f724ed45b279b689fb5b400d91352e3 b1f9d3858f724ed45b279b689fb5b400d91352e3 is the first bad commit commit b1f9d3858f724ed45b279b689fb5b400d91352e3 Author: Amir Goldstein Date: Sat Dec 21 11:42:29 2019 +0200 ovl: use ovl_inode_lock in ovl_llseek() In ovl_llseek() we use the overlay inode rwsem to protect against concurrent modifications to real file f_pos, because we copy the overlay file f_pos to/from the real file f_pos. This caused a lockdep warning of locking order violation when the ovl_llseek() operation was called on a lower nested overlay layer while the upper layer fs sb_writers is held (with patch improving copy-up efficiency for big sparse file). Use the internal ovl_inode_lock() instead of the overlay inode rwsem in those cases. It is meant to be used for protecting against concurrent changes to overlay inode internal state changes. The locking order rules are documented to explain this case. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/file.c | 4 ++-- fs/overlayfs/inode.c | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) culprit signature: 20d98285751af4f1adc5a98767d23d2fd440763a07e2a27916b2ee2cc2ea6fa0 parent signature: c677bd3e89e1df1e91cd6312a8d20d35212f3752a47ec3d3064f1ea850b6f765 revisions tested: 16, total time: 3h42m40.954029266s (build: 1h46m26.610232231s, test: 1h55m9.184503758s) first bad commit: b1f9d3858f724ed45b279b689fb5b400d91352e3 ovl: use ovl_inode_lock in ovl_llseek() cc: ["amir73il@gmail.com" "linux-kernel@vger.kernel.org" "linux-unionfs@vger.kernel.org" "miklos@szeredi.hu" "mszeredi@redhat.com"] crash: WARNING: bad unlock balance in ovl_llseek ===================================== WARNING: bad unlock balance detected! 5.5.0-rc7-syzkaller #0 Not tainted ------------------------------------- syz-executor.5/11435 is trying to release lock (&ovl_i_lock_key[depth]) at: [] ovl_inode_unlock fs/overlayfs/overlayfs.h:319 [inline] [] ovl_llseek+0x233/0x360 fs/overlayfs/file.c:182 but there are no more locks to release! other info that might help us debug this: 1 lock held by syz-executor.5/11435: #0: ffff888095689d60 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xa3/0xc0 fs/file.c:801 stack backtrace: CPU: 0 PID: 11435 Comm: syz-executor.5 Not tainted 5.5.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x12d/0x187 lib/dump_stack.c:118 print_unlock_imbalance_bug.cold.53+0x114/0x123 kernel/locking/lockdep.c:4007 __lock_release kernel/locking/lockdep.c:4241 [inline] lock_release+0x60e/0x910 kernel/locking/lockdep.c:4502 __mutex_unlock_slowpath+0x86/0x690 kernel/locking/mutex.c:1228 mutex_unlock+0xd/0x10 kernel/locking/mutex.c:740 ovl_inode_unlock fs/overlayfs/overlayfs.h:319 [inline] ovl_llseek+0x233/0x360 fs/overlayfs/file.c:182 vfs_llseek fs/read_write.c:300 [inline] ksys_lseek+0xc8/0x150 fs/read_write.c:313 __do_sys_lseek fs/read_write.c:324 [inline] __se_sys_lseek fs/read_write.c:322 [inline] __x64_sys_lseek+0x6e/0xb0 fs/read_write.c:322 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c449 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f8664f16c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 RAX: ffffffffffffffda RBX: 00007f8664f176d4 RCX: 000000000045c449 RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000718 R14: 00000000004c9a15 R15: 000000000076c06c