bisecting cause commit starting from 6fbc7275c7a9ba97877050335f290341a1fd8dbf building syzkaller on cccc4302d7da39e2fc41f9275442c267935632b7 testing commit 6fbc7275c7a9ba97877050335f290341a1fd8dbf with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in blkdev_issue_flush testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in blkdev_issue_flush testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in blkdev_issue_flush testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in blkdev_issue_flush testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in blkdev_issue_flush testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in generic_make_request_checks testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.18 v4.17 Bisecting: 7032 revisions left to test after this (roughly 13 steps) [3036bc45364f98515a2c446d7fac2c34dcfbeff4] Merge tag 'media/v4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 3036bc45364f98515a2c446d7fac2c34dcfbeff4 with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect good 3036bc45364f98515a2c446d7fac2c34dcfbeff4 Bisecting: 3348 revisions left to test after this (roughly 12 steps) [721afaa2aeb860067decdddadc84ed16f42f2048] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit 721afaa2aeb860067decdddadc84ed16f42f2048 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 721afaa2aeb860067decdddadc84ed16f42f2048 Bisecting: 1674 revisions left to test after this (roughly 11 steps) [7b72717a20bba8bdd01b14c0460be7d15061cd6b] iw_cxgb4: correctly enforce the max reg_mr depth testing commit 7b72717a20bba8bdd01b14c0460be7d15061cd6b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7b72717a20bba8bdd01b14c0460be7d15061cd6b Bisecting: 837 revisions left to test after this (roughly 10 steps) [47f7dc4b845a9fe60c53b84b8c88cf14efd0de7f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 47f7dc4b845a9fe60c53b84b8c88cf14efd0de7f with gcc (GCC) 8.1.0 all runs: OK # git bisect good 47f7dc4b845a9fe60c53b84b8c88cf14efd0de7f Bisecting: 414 revisions left to test after this (roughly 9 steps) [0723090656a03940c5ea536342f109e34b8d1257] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 0723090656a03940c5ea536342f109e34b8d1257 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0723090656a03940c5ea536342f109e34b8d1257 Bisecting: 206 revisions left to test after this (roughly 8 steps) [f67077deb4febf51cc06907fbdfd57a4869f31a2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit f67077deb4febf51cc06907fbdfd57a4869f31a2 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f67077deb4febf51cc06907fbdfd57a4869f31a2 Bisecting: 103 revisions left to test after this (roughly 7 steps) [f6229c395874a37ea72137337242055dcaf30112] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit f6229c395874a37ea72137337242055dcaf30112 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f6229c395874a37ea72137337242055dcaf30112 Bisecting: 51 revisions left to test after this (roughly 6 steps) [f39cc1c7f32dd93d19fb14dbf973fd2b5c0f7103] Merge branch 'mlx5-fixes' testing commit f39cc1c7f32dd93d19fb14dbf973fd2b5c0f7103 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in generic_make_request_checks # git bisect bad f39cc1c7f32dd93d19fb14dbf973fd2b5c0f7103 Bisecting: 26 revisions left to test after this (roughly 5 steps) [b9fb1fc7f921e4f52bc753d9147d1b6be6d0b675] Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit b9fb1fc7f921e4f52bc753d9147d1b6be6d0b675 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in generic_make_request_checks # git bisect bad b9fb1fc7f921e4f52bc753d9147d1b6be6d0b675 Bisecting: 11 revisions left to test after this (roughly 4 steps) [5dbfb6eca0b23751d9ab21989a07b5a22fa544fe] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit 5dbfb6eca0b23751d9ab21989a07b5a22fa544fe with gcc (GCC) 8.1.0 all runs: OK # git bisect good 5dbfb6eca0b23751d9ab21989a07b5a22fa544fe Bisecting: 5 revisions left to test after this (roughly 3 steps) [f639bef55d2bf4847d98f45087e1a5874e2320e8] Merge tag 'xfs-4.18-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit f639bef55d2bf4847d98f45087e1a5874e2320e8 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in generic_make_request_checks # git bisect bad f639bef55d2bf4847d98f45087e1a5874e2320e8 Bisecting: 2 revisions left to test after this (roughly 2 steps) [0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8 Bisecting: 1 revision left to test after this (roughly 1 step) [79b3dbe4adb3420e74cf755b4beb5d2b43d5928d] fs: fix iomap_bmap position calculation testing commit 79b3dbe4adb3420e74cf755b4beb5d2b43d5928d with gcc (GCC) 8.1.0 all runs: OK # git bisect good 79b3dbe4adb3420e74cf755b4beb5d2b43d5928d Bisecting: 0 revisions left to test after this (roughly 0 steps) [a32e236eb93e62a0f692e79b7c3c9636689559b9] Partially revert "block: fail op_is_write() requests to read-only partitions" testing commit a32e236eb93e62a0f692e79b7c3c9636689559b9 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in generic_make_request_checks # git bisect bad a32e236eb93e62a0f692e79b7c3c9636689559b9 a32e236eb93e62a0f692e79b7c3c9636689559b9 is the first bad commit commit a32e236eb93e62a0f692e79b7c3c9636689559b9 Author: Linus Torvalds Date: Fri Aug 3 12:22:09 2018 -0700 Partially revert "block: fail op_is_write() requests to read-only partitions" It turns out that commit 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions"), while obviously correct, causes problems for some older lvm2 installations. The reason is that the lvm snapshotting will continue to write to the snapshow COW volume, even after the volume has been marked read-only. End result: snapshot failure. This has actually been fixed in newer version of the lvm2 tool, but the old tools still exist, and the breakage was reported both in the kernel bugzilla and in the Debian bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200439 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900442 The lvm2 fix is here https://sourceware.org/git/?p=lvm2.git;a=commit;h=a6fdb9d9d70f51c49ad11a87ab4243344e6701a3 but until everybody has updated to recent versions, we'll have to weaken the "never write to read-only partitions" check. It now allows the write to happen, but causes a warning, something like this: generic_make_request: Trying to write to read-only block-device dm-3 (partno X) Modules linked in: nf_tables xt_cgroup xt_owner kvm_intel iwlmvm kvm irqbypass iwlwifi CPU: 1 PID: 77 Comm: kworker/1:1 Not tainted 4.17.9-gentoo #3 Hardware name: LENOVO 20B6A019RT/20B6A019RT, BIOS GJET91WW (2.41 ) 09/21/2016 Workqueue: ksnaphd do_metadata RIP: 0010:generic_make_request_checks+0x4ac/0x600 ... Call Trace: generic_make_request+0x64/0x400 submit_bio+0x6c/0x140 dispatch_io+0x287/0x430 sync_io+0xc3/0x120 dm_io+0x1f8/0x220 do_metadata+0x1d/0x30 process_one_work+0x1b9/0x3e0 worker_thread+0x2b/0x3c0 kthread+0x113/0x130 ret_from_fork+0x35/0x40 Note that this is a "revert" in behavior only. I'm leaving alone the actual code cleanups in commit 721c7fc701c7, but letting the previously uncaught request go through with a warning instead of stopping it. Fixes: 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions") Reported-and-tested-by: WGH Acked-by: Mike Snitzer Cc: Sagi Grimberg Cc: Ilya Dryomov Cc: Jens Axboe Cc: Zdenek Kabelac Signed-off-by: Linus Torvalds :040000 040000 b95f9a13d8b2654212bff2d49e44d47482be2bbb 21889d033f917c28dba2cc7a1ea94eca0a7905d6 M block revisions tested: 21, total time: 5h5m36.965235365s (build: 1h57m15.79576229s, test: 3h1m44.346354763s) first bad commit: a32e236eb93e62a0f692e79b7c3c9636689559b9 Partially revert "block: fail op_is_write() requests to read-only partitions" cc: ["axboe@kernel.dk" "idryomov@gmail.com" "sagi@grimberg.me" "snitzer@redhat.com" "torvalds@linux-foundation.org" "wgh@torlan.ru" "zkabelac@redhat.com"] crash: WARNING in generic_make_request_checks 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready generic_make_request: Trying to write to read-only block-device nbd0 (partno 0) IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready WARNING: CPU: 0 PID: 6587 at block/blk-core.c:2161 bio_check_ro block/blk-core.c:2158 [inline] WARNING: CPU: 0 PID: 6587 at block/blk-core.c:2161 generic_make_request_checks+0xffe/0x1ea0 block/blk-core.c:2263 IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6587 Comm: syz-executor.5 Not tainted 4.18.0-rc7+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x109/0x15a lib/dump_stack.c:113 panic+0x1c6/0x36b kernel/panic.c:184 __warn.cold.8+0x120/0x168 kernel/panic.c:536 report_bug+0x1a4/0x200 lib/bug.c:186 IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992 RIP: 0010:bio_check_ro block/blk-core.c:2158 [inline] RIP: 0010:generic_make_request_checks+0xffe/0x1ea0 block/blk-core.c:2263 IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready Code: 48 8d b5 78 ff ff ff 4c 89 ff 89 95 40 ff ff ff e8 87 c8 05 00 8b 95 40 ff ff ff 48 c7 c7 00 49 fc 86 48 89 c6 e8 75 e9 5d fe <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 80 3c 02 RSP: 0018:ffff880092e8fa88 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 1ffff100125d1f5b RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff89a22960 RBP: ffff880092e8fb80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800a47570c0 R13: ffff8800a0e557b0 R14: ffff8800a0e55788 R15: ffff8800a0e55780 IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready generic_make_request+0x1c0/0xe30 block/blk-core.c:2387 IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network submit_bio+0x9f/0x400 block/blk-core.c:2552 hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network submit_bio_wait+0x108/0x1b0 block/bio.c:1004 blkdev_issue_flush+0x1e1/0x2c0 block/blk-flush.c:553 blkdev_fsync+0x70/0xc0 fs/block_dev.c:633 vfs_fsync_range+0xee/0x220 fs/sync.c:197 vfs_fsync fs/sync.c:211 [inline] do_fsync+0x38/0x70 fs/sync.c:221 __do_sys_fdatasync fs/sync.c:234 [inline] __se_sys_fdatasync fs/sync.c:232 [inline] __x64_sys_fdatasync+0x31/0x40 fs/sync.c:232 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4597c9 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007efd2f2f8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000004b RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004597c9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007efd2f2f96d4 R13: 00000000004c005d R14: 00000000004d1e50 R15: 00000000ffffffff Kernel Offset: disabled Rebooting in 86400 seconds..