bisecting fixing commit since 9a95f25269bd9257ab9fba7bb14355d50b5f39ec
building syzkaller on c8e81ce4c7e3b59e7c83c6fab56c217916f3b3b6
testing commit 9a95f25269bd9257ab9fba7bb14355d50b5f39ec with gcc (GCC) 8.4.1 20210217
kernel signature: 7d8e65e44a25c0dc9531fc8887ae956af7c817932342c2c6b585c1e76d14f758
run #0: crashed: BUG: unable to handle kernel
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #2: crashed: BUG: unable to handle kernel
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #4: crashed: BUG: unable to handle kernel
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #8: crashed: BUG: unable to handle kernel
run #9: crashed: BUG: unable to handle kernel
run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #12: crashed: BUG: unable to handle kernel
run #13: crashed: BUG: unable to handle kernel
run #14: crashed: BUG: unable to handle kernel
run #15: crashed: BUG: unable to handle kernel
run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #18: crashed: BUG: unable to handle kernel
run #19: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
testing current HEAD 670d6552eda8ff0c5f396d3d6f0174237917c66c
testing commit 670d6552eda8ff0c5f396d3d6f0174237917c66c with gcc (GCC) 8.4.1 20210217
kernel signature: 271d0c3c9c8a050df39c67e7753d4810c30c52f334b599295b925fec38b2c41b
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #1: crashed: BUG: unable to handle kernel
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #3: crashed: BUG: unable to handle kernel
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #5: crashed: BUG: unable to handle kernel
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #7: crashed: BUG: unable to handle kernel
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
run #9: crashed: BUG: unable to handle kernel
revisions tested: 2, total time: 22m10.692345658s (build: 15m20.254334328s, test: 6m1.671313208s)
the crash still happens on HEAD
commit msg: Linux 4.14.227
crash: BUG: unable to handle kernel
RAX: ffffffffffffffda RBX: 00000000000003fd RCX: 0000000000462c89
RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005
RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000052bfa8
R13: 00007f6aff4f56bc R14: 0000000000000008 R15: 0000000000000001
BUG: unable to handle kernel 
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
NULL pointer dereference at 0000000000000120
IP: set_bit arch/x86/include/asm/bitops.h:81 [inline]
IP: cpumask_set_cpu include/linux/cpumask.h:283 [inline]
IP: blk_mq_map_swqueue+0x23a/0xa90 block/blk-mq.c:2171
PGD 1db87e067 P4D 1db87e067 PUD 1db87d067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 6984 Comm: syz-executor.1 Not tainted 4.14.227-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8881db19e640 task.stack: ffff8881dd4c0000
RIP: 0010:set_bit arch/x86/include/asm/bitops.h:81 [inline]
RIP: 0010:cpumask_set_cpu include/linux/cpumask.h:283 [inline]
RIP: 0010:blk_mq_map_swqueue+0x23a/0xa90 block/blk-mq.c:2171
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
RSP: 0018:ffff8881dd4c79e0 EFLAGS: 00010293
RAX: ffff8881ed2f79c8 RBX: 0000000000000007 RCX: ffffe8ffffd30d40
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881dd4c7a58 R08: 0000000000000001 R09: 0000000000000001
R10: ffff8881ed2f79c0 R11: ffff8881ed2f7a80 R12: ffff8881ed2f4300
R13: fffffbfff11654e6 R14: ffff8881ed3c0440 R15: dffffc0000000000
FS:  00007f6aff4f5700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000120 CR3: 00000001db87f004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 blk_mq_queue_reinit block/blk-mq.c:2512 [inline]
 __blk_mq_update_nr_hw_queues block/blk-mq.c:2750 [inline]
 blk_mq_update_nr_hw_queues+0x219/0x390 block/blk-mq.c:2760
 nbd_start_device+0x1b6/0xc50 drivers/block/nbd.c:1201
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 nbd_start_device_ioctl drivers/block/nbd.c:1252 [inline]
 __nbd_ioctl drivers/block/nbd.c:1334 [inline]
 nbd_ioctl+0x1ae/0xad0 drivers/block/nbd.c:1374
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
 __blkdev_driver_ioctl block/ioctl.c:297 [inline]
 blkdev_ioctl+0x7d2/0x1770 block/ioctl.c:594
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
 block_ioctl+0xd7/0x130 fs/block_dev.c:1893
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x74/0x80 fs/ioctl.c:692
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x462c89
batman_adv: batadv0: Interface activated: batadv_slave_1
RSP: 002b:00007f6aff4f5198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000003fd RCX: 0000000000462c89
RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005
RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000052bfa8
R13: 00007f6aff4f56bc R14: 0000000000000008 R15: 0000000000000001
Code: 0f 
device veth0_vlan entered promiscuous mode
85 dd 05 00 00 8b 
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
00 49 8d 04 c2 48 89 c6 48 c1 ee 03 42 80 3c 3e 00 0f 85 98 05 00 00 41 83 f8 3f 48 8b 30 0f 87 f3 03 00 00 <f0> 4c 0f ab 8e 20 01 00 
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
00 48 8d be 78 01 00 00 
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
48 89 f8 48 c1 
RIP: set_bit arch/x86/include/asm/bitops.h:81 [inline] RSP: ffff8881dd4c79e0
RIP: cpumask_set_cpu include/linux/cpumask.h:283 [inline] RSP: ffff8881dd4c79e0
RIP: blk_mq_map_swqueue+0x23a/0xa90 block/blk-mq.c:2171 RSP: ffff8881dd4c79e0
CR2: 0000000000000120
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
---[ end trace 9fe9c6a3ffd3922d ]---
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready