bisecting cause commit starting from a6ed68d6468bd5a3da78a103344ded1435fed57a
building syzkaller on 46869e3ee2274fbf353cb2c7d6cf36ed19e52b45
testing commit a6ed68d6468bd5a3da78a103344ded1435fed57a with gcc (GCC) 8.1.0
kernel signature: 41679b81b768721cc671654b0cf7dccb8aa405dc
all runs: crashed: WARNING in generic_make_request_checks
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 1522c27036fee7808fbc993466d0cdf3a2faa0a2
all runs: crashed: WARNING in generic_make_request_checks
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 662bd7251e1597f49baacd02f0e48b059429b2c2
all runs: crashed: WARNING in generic_make_request_checks
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: c392c65634b6955586e3f19bc6265c609f7e2f9b
all runs: crashed: WARNING in generic_make_request_checks
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: f3050e857d01b42c88b8e4d17d7fd491eea0411b
all runs: crashed: WARNING in generic_make_request_checks
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: e2eca8c249d91cc18d55b3b19b78b73b614b7e26
all runs: crashed: WARNING in generic_make_request_checks
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: d1aa69e487e4e2b2e0784fbd00253f4a3e4ca528
all runs: crashed: WARNING in generic_make_request_checks
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 41562f3e83d454848eb5b7782a6d1d651ff34a34
all runs: crashed: WARNING in generic_make_request_checks
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: 3aded7d29b60767b619ab573079400fc0b83e375
all runs: crashed: WARNING in generic_make_request_checks
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 4669c2076939890e63c471672ecb673aae8dfd79
all runs: OK
# git bisect start 94710cac0ef4ee177a63b5227664b38c95bbf703 29dcea88779c856c7dc92040a0c01233263101d4
Bisecting: 7032 revisions left to test after this (roughly 13 steps)
[3036bc45364f98515a2c446d7fac2c34dcfbeff4] Merge tag 'media/v4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit 3036bc45364f98515a2c446d7fac2c34dcfbeff4 with gcc (GCC) 8.1.0
kernel signature: e23c8c6e2fe11393c21bd0a0599778957992410f
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work
run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work
# git bisect good 3036bc45364f98515a2c446d7fac2c34dcfbeff4
Bisecting: 3348 revisions left to test after this (roughly 12 steps)
[721afaa2aeb860067decdddadc84ed16f42f2048] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
testing commit 721afaa2aeb860067decdddadc84ed16f42f2048 with gcc (GCC) 8.1.0
kernel signature: 7219cd151e6600157b20062bceeabacddf88ceaf
all runs: OK
# git bisect good 721afaa2aeb860067decdddadc84ed16f42f2048
Bisecting: 1674 revisions left to test after this (roughly 11 steps)
[7b72717a20bba8bdd01b14c0460be7d15061cd6b] iw_cxgb4: correctly enforce the max reg_mr depth
testing commit 7b72717a20bba8bdd01b14c0460be7d15061cd6b with gcc (GCC) 8.1.0
kernel signature: 697ecf7cf1449b2603e063c46154c1fbefc63b55
all runs: OK
# git bisect good 7b72717a20bba8bdd01b14c0460be7d15061cd6b
Bisecting: 837 revisions left to test after this (roughly 10 steps)
[47f7dc4b845a9fe60c53b84b8c88cf14efd0de7f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit 47f7dc4b845a9fe60c53b84b8c88cf14efd0de7f with gcc (GCC) 8.1.0
kernel signature: 2c464b40d5ce72b686cfcd534b013029d20a2f35
all runs: OK
# git bisect good 47f7dc4b845a9fe60c53b84b8c88cf14efd0de7f
Bisecting: 414 revisions left to test after this (roughly 9 steps)
[0723090656a03940c5ea536342f109e34b8d1257] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit 0723090656a03940c5ea536342f109e34b8d1257 with gcc (GCC) 8.1.0
kernel signature: e651beb56803b556a1c6ac73120bc94af5d6b49a
all runs: OK
# git bisect good 0723090656a03940c5ea536342f109e34b8d1257
Bisecting: 206 revisions left to test after this (roughly 8 steps)
[f67077deb4febf51cc06907fbdfd57a4869f31a2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit f67077deb4febf51cc06907fbdfd57a4869f31a2 with gcc (GCC) 8.1.0
kernel signature: d810741c93dfdcc3e74d6a4475320db078304d57
all runs: OK
# git bisect good f67077deb4febf51cc06907fbdfd57a4869f31a2
Bisecting: 103 revisions left to test after this (roughly 7 steps)
[f6229c395874a37ea72137337242055dcaf30112] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit f6229c395874a37ea72137337242055dcaf30112 with gcc (GCC) 8.1.0
kernel signature: 2461854c9d4fc72c369f3a2a19db2997fdd436ce
all runs: OK
# git bisect good f6229c395874a37ea72137337242055dcaf30112
Bisecting: 51 revisions left to test after this (roughly 6 steps)
[f39cc1c7f32dd93d19fb14dbf973fd2b5c0f7103] Merge branch 'mlx5-fixes'
testing commit f39cc1c7f32dd93d19fb14dbf973fd2b5c0f7103 with gcc (GCC) 8.1.0
kernel signature: e6f7f683b9cc7e80e5729486abf5051f25ca7edb
all runs: crashed: WARNING in generic_make_request_checks
# git bisect bad f39cc1c7f32dd93d19fb14dbf973fd2b5c0f7103
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[b9fb1fc7f921e4f52bc753d9147d1b6be6d0b675] Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit b9fb1fc7f921e4f52bc753d9147d1b6be6d0b675 with gcc (GCC) 8.1.0
kernel signature: d1a9eb5806b3dfbcf17c9b2881d586c0cb78ebd4
all runs: crashed: WARNING in generic_make_request_checks
# git bisect bad b9fb1fc7f921e4f52bc753d9147d1b6be6d0b675
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[5dbfb6eca0b23751d9ab21989a07b5a22fa544fe] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
testing commit 5dbfb6eca0b23751d9ab21989a07b5a22fa544fe with gcc (GCC) 8.1.0
kernel signature: 275855aa905722aeef14edb3e132befc1463e1ad
all runs: OK
# git bisect good 5dbfb6eca0b23751d9ab21989a07b5a22fa544fe
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[f639bef55d2bf4847d98f45087e1a5874e2320e8] Merge tag 'xfs-4.18-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
testing commit f639bef55d2bf4847d98f45087e1a5874e2320e8 with gcc (GCC) 8.1.0
kernel signature: a677350de557aab1b5a4b2d5a843cfb746a1e0d6
all runs: crashed: WARNING in generic_make_request_checks
# git bisect bad f639bef55d2bf4847d98f45087e1a5874e2320e8
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit 0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8 with gcc (GCC) 8.1.0
kernel signature: 1b8c347d2fc7a9f6c73e7f9e4646ad91203605fd
all runs: OK
# git bisect good 0b5b1f9a78b5e1bb3c3972fcd27dc013367550f8
Bisecting: 1 revision left to test after this (roughly 1 step)
[79b3dbe4adb3420e74cf755b4beb5d2b43d5928d] fs: fix iomap_bmap position calculation
testing commit 79b3dbe4adb3420e74cf755b4beb5d2b43d5928d with gcc (GCC) 8.1.0
kernel signature: 5cfb9305662441cbc84c927f5c59e5b1fb9d8bfd
all runs: OK
# git bisect good 79b3dbe4adb3420e74cf755b4beb5d2b43d5928d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[a32e236eb93e62a0f692e79b7c3c9636689559b9] Partially revert "block: fail op_is_write() requests to read-only partitions"
testing commit a32e236eb93e62a0f692e79b7c3c9636689559b9 with gcc (GCC) 8.1.0
kernel signature: cafcc01e05a38c34b95bda421e984358e05755f5
all runs: crashed: WARNING in generic_make_request_checks
# git bisect bad a32e236eb93e62a0f692e79b7c3c9636689559b9
a32e236eb93e62a0f692e79b7c3c9636689559b9 is the first bad commit
commit a32e236eb93e62a0f692e79b7c3c9636689559b9
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri Aug 3 12:22:09 2018 -0700

    Partially revert "block: fail op_is_write() requests to read-only partitions"
    
    It turns out that commit 721c7fc701c7 ("block: fail op_is_write()
    requests to read-only partitions"), while obviously correct, causes
    problems for some older lvm2 installations.
    
    The reason is that the lvm snapshotting will continue to write to the
    snapshow COW volume, even after the volume has been marked read-only.
    End result: snapshot failure.
    
    This has actually been fixed in newer version of the lvm2 tool, but the
    old tools still exist, and the breakage was reported both in the kernel
    bugzilla and in the Debian bugzilla:
    
      https://bugzilla.kernel.org/show_bug.cgi?id=200439
      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900442
    
    The lvm2 fix is here
    
      https://sourceware.org/git/?p=lvm2.git;a=commit;h=a6fdb9d9d70f51c49ad11a87ab4243344e6701a3
    
    but until everybody has updated to recent versions, we'll have to weaken
    the "never write to read-only partitions" check.  It now allows the
    write to happen, but causes a warning, something like this:
    
      generic_make_request: Trying to write to read-only block-device dm-3 (partno X)
      Modules linked in: nf_tables xt_cgroup xt_owner kvm_intel iwlmvm kvm irqbypass iwlwifi
      CPU: 1 PID: 77 Comm: kworker/1:1 Not tainted 4.17.9-gentoo #3
      Hardware name: LENOVO 20B6A019RT/20B6A019RT, BIOS GJET91WW (2.41 ) 09/21/2016
      Workqueue: ksnaphd do_metadata
      RIP: 0010:generic_make_request_checks+0x4ac/0x600
      ...
      Call Trace:
       generic_make_request+0x64/0x400
       submit_bio+0x6c/0x140
       dispatch_io+0x287/0x430
       sync_io+0xc3/0x120
       dm_io+0x1f8/0x220
       do_metadata+0x1d/0x30
       process_one_work+0x1b9/0x3e0
       worker_thread+0x2b/0x3c0
       kthread+0x113/0x130
       ret_from_fork+0x35/0x40
    
    Note that this is a "revert" in behavior only.  I'm leaving alone the
    actual code cleanups in commit 721c7fc701c7, but letting the previously
    uncaught request go through with a warning instead of stopping it.
    
    Fixes: 721c7fc701c7 ("block: fail op_is_write() requests to read-only partitions")
    Reported-and-tested-by: WGH <wgh@torlan.ru>
    Acked-by: Mike Snitzer <snitzer@redhat.com>
    Cc: Sagi Grimberg <sagi@grimberg.me>
    Cc: Ilya Dryomov <idryomov@gmail.com>
    Cc: Jens Axboe <axboe@kernel.dk>
    Cc: Zdenek Kabelac <zkabelac@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

 block/blk-core.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
kernel signature:   cafcc01e05a38c34b95bda421e984358e05755f5
previous signature: 1b8c347d2fc7a9f6c73e7f9e4646ad91203605fd
revisions tested: 24, total time: 4h54m6.095457989s (build: 2h14m1.9865526s, test: 2h32m56.739081421s)
first bad commit: a32e236eb93e62a0f692e79b7c3c9636689559b9 Partially revert "block: fail op_is_write() requests to read-only partitions"
cc: ["axboe@kernel.dk" "idryomov@gmail.com" "sagi@grimberg.me" "snitzer@redhat.com" "torvalds@linux-foundation.org" "wgh@torlan.ru" "zkabelac@redhat.com"]
crash: WARNING in generic_make_request_checks
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
------------[ cut here ]------------
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
generic_make_request: Trying to write to read-only block-device loop0 (partno 0)
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
WARNING: CPU: 1 PID: 6569 at block/blk-core.c:2161 bio_check_ro block/blk-core.c:2158 [inline]
WARNING: CPU: 1 PID: 6569 at block/blk-core.c:2161 generic_make_request_checks+0xffe/0x1ea0 block/blk-core.c:2263
Kernel panic - not syncing: panic_on_warn set ...

IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
CPU: 1 PID: 6569 Comm: syz-executor.1 Not tainted 4.18.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x109/0x15a lib/dump_stack.c:113
 panic+0x1c6/0x36b kernel/panic.c:184
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
8021q: adding VLAN 0 to HW filter on device batadv0
kobject: 'vlan0' ((____ptrval____)): kobject_add_internal: parent: 'mesh', set: '<NULL>'
 __warn.cold.8+0x120/0x168 kernel/panic.c:536
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
 report_bug+0x1a4/0x200 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:bio_check_ro block/blk-core.c:2158 [inline]
RIP: 0010:generic_make_request_checks+0xffe/0x1ea0 block/blk-core.c:2263
Code: 48 8d b5 78 ff ff ff 4c 89 ff 89 95 40 
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
ff ff ff e8 37 ca 05 00 8b 95 40 ff 
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
ff ff 48 c7 c7 40 26 fc 86 48 89 c6 e8 b5 84 5e fe 
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
<0f> 0b 
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 80 
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
3c 02 
RSP: 0018:ffff8800a62d71c8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 1ffff10014c5ae43 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff86fd9c80 RDI: ffffffff89a20120
RBP: ffff8800a62d72c0 R08: ffffed0015da4f99 R09: ffffed0015da4f98
R10: ffffed0015da4f98 R11: ffff8800aed27cc7 R12: ffff8800a44d0000
R13: ffff8800a1248e30 R14: ffff8800a1248e08 R15: ffff8800a1248e00
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
 generic_make_request+0x1c0/0xe30 block/blk-core.c:2387
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
 submit_bio+0x9f/0x400 block/blk-core.c:2552
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
 submit_bh_wbc+0x4d1/0x700 fs/buffer.c:3076
 __block_write_full_page+0x514/0xbd0 fs/buffer.c:1758
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
 block_write_full_page+0x1b1/0x240 fs/buffer.c:2944
 blkdev_writepage+0x13/0x20 fs/block_dev.c:567
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
 __writepage+0x56/0xb0 mm/page-writeback.c:2302
 write_cache_pages+0x62d/0xfd0 mm/page-writeback.c:2240
 generic_writepages+0xca/0x130 mm/page-writeback.c:2326
 blkdev_writepages+0x9/0x10 fs/block_dev.c:1955
 do_writepages+0xca/0x240 mm/page-writeback.c:2341
 __filemap_fdatawrite_range+0x230/0x2f0 mm/filemap.c:445
 __filemap_fdatawrite mm/filemap.c:453 [inline]
 filemap_fdatawrite mm/filemap.c:458 [inline]
 filemap_write_and_wait+0x2c/0x80 mm/filemap.c:617
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
 __sync_blockdev fs/block_dev.c:449 [inline]
 sync_blockdev fs/block_dev.c:458 [inline]
 set_blocksize+0x176/0x2b0 fs/block_dev.c:119
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
 loop_set_fd drivers/block/loop.c:971 [inline]
 lo_ioctl+0xfb8/0x1b30 drivers/block/loop.c:1411
 __blkdev_driver_ioctl block/ioctl.c:303 [inline]
 blkdev_ioctl+0x7a0/0x16d0 block/ioctl.c:601
kobject: 'loop3' ((____ptrval____)): kobject_uevent_env
kobject: 'loop3' ((____ptrval____)): fill_kobj_path: path = '/devices/virtual/block/loop3'
 block_ioctl+0xd7/0x130 fs/block_dev.c:1881
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x196/0x1050 fs/ioctl.c:684
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
 ksys_ioctl+0x62/0x90 fs/ioctl.c:701
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:706
 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
RIP: 0033:0x45a679
Code: ad b6 fb ff c3 66 2e 0f 1f 
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 
IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
<48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 
IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
0f 1f 
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
84 00 
hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
00 00 00 
RSP: 002b:00007f1c8521fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1c852206d4
R13: 00000000004c416b R14: 00000000004d8bc8 R15: 00000000ffffffff
Kernel Offset: disabled
Rebooting in 86400 seconds..