bisecting cause commit starting from 60f5a21736322c25b297b022aa48aeb28fd56f9e
building syzkaller on 3476a2dfb9474008d37066d758843c4e0c61e513
testing commit 60f5a21736322c25b297b022aa48aeb28fd56f9e with gcc (GCC) 8.1.0
all runs: crashed: WARNING in generic_make_request_checks
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 60f5a21736322c25b297b022aa48aeb28fd56f9e 29dcea88779c856c7dc92040a0c01233263101d4
Bisecting: 7386 revisions left to test after this (roughly 13 steps)
[00979ce4fcc90d488c7f27f750097adc6b11bd07] linux/linkage.h: replace VMLINUX_SYMBOL_STR() with __stringify()
testing commit 00979ce4fcc90d488c7f27f750097adc6b11bd07 with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work
# git bisect good 00979ce4fcc90d488c7f27f750097adc6b11bd07
Bisecting: 3735 revisions left to test after this (roughly 12 steps)
[7c00e8ae041b349992047769af741b67379ce19a] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
testing commit 7c00e8ae041b349992047769af741b67379ce19a with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 7c00e8ae041b349992047769af741b67379ce19a
Bisecting: 1864 revisions left to test after this (roughly 11 steps)
[d8894a08d91e230c5af9eed3de80114c5aaa3ccf] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit d8894a08d91e230c5af9eed3de80114c5aaa3ccf with gcc (GCC) 8.1.0
all runs: OK
# git bisect good d8894a08d91e230c5af9eed3de80114c5aaa3ccf
Bisecting: 931 revisions left to test after this (roughly 10 steps)
[b83ce39b929ad55808e6a4b71579b05201f59335] Merge branch 'drm-fixes-4.18' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
testing commit b83ce39b929ad55808e6a4b71579b05201f59335 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good b83ce39b929ad55808e6a4b71579b05201f59335
Bisecting: 465 revisions left to test after this (roughly 9 steps)
[2f4f0f338cf453bfcdbcf089e177c16f35f023c8] can: xilinx_can: fix incorrect clear of non-processed interrupts
testing commit 2f4f0f338cf453bfcdbcf089e177c16f35f023c8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 2f4f0f338cf453bfcdbcf089e177c16f35f023c8
Bisecting: 233 revisions left to test after this (roughly 8 steps)
[3c9fdefe516f350469ac105943fb1bc22e3e8196] Merge tag 'drm-fixes-2018-07-27' of git://anongit.freedesktop.org/drm/drm
testing commit 3c9fdefe516f350469ac105943fb1bc22e3e8196 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 3c9fdefe516f350469ac105943fb1bc22e3e8196
Bisecting: 110 revisions left to test after this (roughly 7 steps)
[f67077deb4febf51cc06907fbdfd57a4869f31a2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit f67077deb4febf51cc06907fbdfd57a4869f31a2 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good f67077deb4febf51cc06907fbdfd57a4869f31a2
Bisecting: 48 revisions left to test after this (roughly 6 steps)
[e30cb13c5a09ff5f043a6570c32e49b063bea6a1] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit e30cb13c5a09ff5f043a6570c32e49b063bea6a1 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good e30cb13c5a09ff5f043a6570c32e49b063bea6a1
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[0585df468e8f4481b78256a2bf09449290bfcbf3] Merge tag 'media/v4.18-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit 0585df468e8f4481b78256a2bf09449290bfcbf3 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 0585df468e8f4481b78256a2bf09449290bfcbf3
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[310810ae19480f9fad76b1260eced29356506bac] Merge tag 'nfs-for-4.18-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
testing commit 310810ae19480f9fad76b1260eced29356506bac with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 310810ae19480f9fad76b1260eced29356506bac
Bisecting: 4 revisions left to test after this (roughly 3 steps)
[0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit 0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8
Bisecting: 1 revision left to test after this (roughly 1 step)
[f639bef55d2bf4847d98f45087e1a5874e2320e8] Merge tag 'xfs-4.18-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
testing commit f639bef55d2bf4847d98f45087e1a5874e2320e8 with gcc (GCC) 8.1.0
all runs: crashed: WARNING in generic_make_request_checks
# git bisect bad f639bef55d2bf4847d98f45087e1a5874e2320e8
Bisecting: 1 revision left to test after this (roughly 1 step)
[79b3dbe4adb3420e74cf755b4beb5d2b43d5928d] fs: fix iomap_bmap position calculation
testing commit 79b3dbe4adb3420e74cf755b4beb5d2b43d5928d with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 79b3dbe4adb3420e74cf755b4beb5d2b43d5928d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[a32e236eb93e62a0f692e79b7c3c9636689559b9] Partially revert "block: fail op_is_write() requests to read-only partitions"
testing commit a32e236eb93e62a0f692e79b7c3c9636689559b9 with gcc (GCC) 8.1.0
all runs: crashed: WARNING in generic_make_request_checks
# git bisect bad a32e236eb93e62a0f692e79b7c3c9636689559b9
a32e236eb93e62a0f692e79b7c3c9636689559b9 is the first bad commit
commit a32e236eb93e62a0f692e79b7c3c9636689559b9
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri Aug 3 12:22:09 2018 -0700

    Partially revert "block: fail op_is_write() requests to read-only partitions"
    
    It turns out that commit 721c7fc701c7 ("block: fail op_is_write()
    requests to read-only partitions"), while obviously correct, causes
    problems for some older lvm2 installations.
    
    The reason is that the lvm snapshotting will continue to write to the
    snapshow COW volume, even after the volume has been marked read-only.
    End result: snapshot failure.
    
    This has actually been fixed in newer version of the lvm2 tool, but the
    old tools still exist, and the breakage was reported both in the kernel
    bugzilla and in the Debian bugzilla:
    
      https://bugzilla.kernel.org/show_bug.cgi?id=200439
      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900442
    
    The lvm2 fix is here
    
      https://sourceware.org/git/?p=lvm2.git;a=commit;h=a6fdb9d9d70f51c49ad11a87ab4243344e6701a3
    
    but until everybody has updated to recent versions, we'll have to weaken
    the "never write to read-only partitions" check.  It now allows the
    write to happen, but causes a warning, something like this:
    
      generic_make_request: Trying to write to read-only block-device dm-3 (partno X)
      Modules linked in: nf_tables xt_cgroup xt_owner kvm_intel iwlmvm kvm irqbypass iwlwifi
      CPU: 1 PID: 77 Comm: kworker/1:1 Not tainted 4.17.9-gentoo #3
      Hardware name: LENOVO 20B6A019RT/20B6A019RT, BIOS GJET91WW (2.41 ) 09/21/2016
      Workqueue: ksnaphd do_metadata
      RIP: 0010:generic_make_request_checks+0x4ac/0x600
      ...
      Call Trace:
       generic_make_request+0x64/0x400
       submit_bio+0x6c/0x140
       dispatch_io+0x287/0x430
       sync_io+0xc3/0x120
       dm_io+0x1f8/0x220
       do_metadata+0x1d/0x30
       process_one_work+0x1b9/0x3e0
       worker_thread+0x2b/0x3c0
       kthread+0x113/0x130
       ret_from_fork+0x35/0x40
    
    Note that this is a "revert" in behavior only.  I'm leaving alone the
    actual code cleanups in commit 721c7fc701c7, but letting the previously
    uncaught request go through with a warning instead of stopping it.
    
    Fixes: 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions")
    Reported-and-tested-by: WGH <wgh@torlan.ru>
    Acked-by: Mike Snitzer <snitzer@redhat.com>
    Cc: Sagi Grimberg <sagi@grimberg.me>
    Cc: Ilya Dryomov <idryomov@gmail.com>
    Cc: Jens Axboe <axboe@kernel.dk>
    Cc: Zdenek Kabelac <zkabelac@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

:040000 040000 b95f9a13d8b2654212bff2d49e44d47482be2bbb 21889d033f917c28dba2cc7a1ea94eca0a7905d6 M	block
revisions tested: 16, total time: 4h8m10.754207826s (build: 1h13m17.250367481s, test: 2h50m17.069092871s)
first bad commit: a32e236eb93e62a0f692e79b7c3c9636689559b9 Partially revert "block: fail op_is_write() requests to read-only partitions"
cc: ["axboe@kernel.dk" "idryomov@gmail.com" "sagi@grimberg.me" "snitzer@redhat.com" "torvalds@linux-foundation.org" "wgh@torlan.ru" "zkabelac@redhat.com"]
crash: WARNING in generic_make_request_checks
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: crng init done
------------[ cut here ]------------
generic_make_request: Trying to write to read-only block-device loop0 (partno 0)
WARNING: CPU: 0 PID: 6597 at block/blk-core.c:2161 bio_check_ro block/blk-core.c:2158 [inline]
WARNING: CPU: 0 PID: 6597 at block/blk-core.c:2161 generic_make_request_checks+0x114f/0x2140 block/blk-core.c:2263
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 6597 Comm: syz-executor901 Not tainted 4.18.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x16a/0x22a lib/dump_stack.c:113
 panic+0x1c6/0x37d kernel/panic.c:184
 __warn.cold.8+0x120/0x16c kernel/panic.c:536
 report_bug+0x1a4/0x200 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:bio_check_ro block/blk-core.c:2158 [inline]
RIP: 0010:generic_make_request_checks+0x114f/0x2140 block/blk-core.c:2263
Code: 48 89 ce 48 89 8d 40 fd ff ff 89 95 38 fd ff ff e8 f6 23 07 00 8b 95 38 fd ff ff 48 c7 c7 40 b3 f6 86 48 89 c6 e8 d1 2e 16 fe <0f> 0b 48 8b 8d 40 fd ff ff e9 7f f1 ff ff 4c 89 ef e8 eb 17 82 fe 
RSP: 0018:ffff8801c5e67650 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 1ffff10038bcced3 RCX: 0000000000000000
RDX: 1ffff10038bcce6f RSI: 0000000000000001 RDI: 0000000000000286
RBP: ffff8801c5e67940 R08: fffffbfff0f7067d R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000000 R12: ffff8801d448a140
R13: ffff8801d87702f0 R14: ffff8801d87702c0 R15: ffff8801d87702c8
 generic_make_request+0x22f/0x1720 block/blk-core.c:2387
 submit_bio+0x9f/0x400 block/blk-core.c:2552
 submit_bio_wait+0x126/0x1d0 block/bio.c:1004
 blkdev_issue_flush+0x1e1/0x2c0 block/blk-flush.c:553
 blkdev_fsync+0x70/0xc0 fs/block_dev.c:633
 vfs_fsync_range+0xf0/0x220 fs/sync.c:197
 vfs_fsync fs/sync.c:211 [inline]
 do_fsync+0x38/0x70 fs/sync.c:221
 __do_sys_fsync fs/sync.c:229 [inline]
 __se_sys_fsync fs/sync.c:227 [inline]
 __x64_sys_fsync+0x2e/0x40 fs/sync.c:227
 do_syscall_64+0x183/0x700 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4449b9
Code: e8 fc b2 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b d4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007ffd986cd488 EFLAGS: 00000246 ORIG_RAX: 000000000000004a
RAX: ffffffffffffffda RBX: 00000000004a60d2 RCX: 00000000004449b9
RDX: 00000000004012a0 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000074780 R08: 0000000001766880 R09: 00000000004002e0
R10: 000000000000000f R11: 0000000000000246 R12: 00000000004022a0
R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..