bisecting fixing commit since 68d7a45eec101bc1550294c0e675a490c047b2e5 building syzkaller on b0e8efcb4b0aac61f4647a76bbe54a5d38a370ba testing commit 68d7a45eec101bc1550294c0e675a490c047b2e5 with gcc (GCC) 8.1.0 kernel signature: 7fd62920008fd0bf48cc3af59b46156e839b5ee8 run #0: crashed: BUG: unable to handle kernel run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel run #5: crashed: BUG: unable to handle kernel run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel run #8: crashed: BUG: unable to handle kernel run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue testing current HEAD a844dc4c544291470aa69edbe2434b040794e269 testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0 kernel signature: 4cbf6e6814d498bd7321e9be48a739ce11f10c41 all runs: OK # git bisect start a844dc4c544291470aa69edbe2434b040794e269 68d7a45eec101bc1550294c0e675a490c047b2e5 Bisecting: 1874 revisions left to test after this (roughly 11 steps) [e2a74958ee0d27f05c016cfcc821b0d3d11b9f45] bonding: Force slave speed check after link state recovery for 802.3ad testing commit e2a74958ee0d27f05c016cfcc821b0d3d11b9f45 with gcc (GCC) 8.1.0 kernel signature: e22a74708a153f64d4ad9da486dc2192de1aff4f run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue # git bisect good e2a74958ee0d27f05c016cfcc821b0d3d11b9f45 Bisecting: 937 revisions left to test after this (roughly 10 steps) [169795c893f424cd889aa106e971628c780b81a3] powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions testing commit 169795c893f424cd889aa106e971628c780b81a3 with gcc (GCC) 8.1.0 kernel signature: cac5ff35048b41e510d3fab9378bc7e0fb113559 all runs: OK # git bisect bad 169795c893f424cd889aa106e971628c780b81a3 Bisecting: 468 revisions left to test after this (roughly 9 steps) [9aa376a13f4340a2483184a3634f74051524094f] Btrfs: fix race setting up and completing qgroup rescan workers testing commit 9aa376a13f4340a2483184a3634f74051524094f with gcc (GCC) 8.1.0 kernel signature: 783084e453b64e4368f76a124c09da77ad6454c4 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: OK # git bisect good 9aa376a13f4340a2483184a3634f74051524094f Bisecting: 234 revisions left to test after this (roughly 8 steps) [1caa4f72dfc4a0401ec7fad210cfb0ed73d06b4d] arm64: v8.4: Support for new floating point multiplication instructions testing commit 1caa4f72dfc4a0401ec7fad210cfb0ed73d06b4d with gcc (GCC) 8.1.0 kernel signature: 202acd77786d9df5aeeaa5832588cca904c1bbae all runs: OK # git bisect bad 1caa4f72dfc4a0401ec7fad210cfb0ed73d06b4d Bisecting: 116 revisions left to test after this (roughly 7 steps) [0b584bf573ae59021069c056c22d65d5721910cb] nbd: fix max number of supported devs testing commit 0b584bf573ae59021069c056c22d65d5721910cb with gcc (GCC) 8.1.0 kernel signature: 4ace3a960888bf44b274c2206216763497f65119 all runs: OK # git bisect bad 0b584bf573ae59021069c056c22d65d5721910cb Bisecting: 58 revisions left to test after this (roughly 6 steps) [af849a18cdc741261fe61d2d8423be0865af3334] qmi_wwan: add support for Cinterion CLS8 devices testing commit af849a18cdc741261fe61d2d8423be0865af3334 with gcc (GCC) 8.1.0 kernel signature: dfe79de1c4d74b1e24398a134ed6ec3844d90a0f run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: OK # git bisect good af849a18cdc741261fe61d2d8423be0865af3334 Bisecting: 29 revisions left to test after this (roughly 5 steps) [a93e0bcdbda6ddcbbb8a103ab743f0f51451bcf4] usercopy: Avoid HIGHMEM pfn warning testing commit a93e0bcdbda6ddcbbb8a103ab743f0f51451bcf4 with gcc (GCC) 8.1.0 kernel signature: f827fa7aa0dc36c8b29f725df5874599eb3dcaf4 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue # git bisect good a93e0bcdbda6ddcbbb8a103ab743f0f51451bcf4 Bisecting: 14 revisions left to test after this (roughly 4 steps) [160f160e89386836427ce49bfe12c82bcdfa4fdf] ceph: reconnect connection if session hang in opening state testing commit 160f160e89386836427ce49bfe12c82bcdfa4fdf with gcc (GCC) 8.1.0 kernel signature: f1dbb055ce026443b6d4380f076cc6d011dde810 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: OK # git bisect good 160f160e89386836427ce49bfe12c82bcdfa4fdf Bisecting: 7 revisions left to test after this (roughly 3 steps) [1c8c25209dd17a7c31e6efe4d8f603f1adccc310] fuse: fix memleak in cuse_channel_open testing commit 1c8c25209dd17a7c31e6efe4d8f603f1adccc310 with gcc (GCC) 8.1.0 kernel signature: 7aaa5976ea23bfedb06577568f5878552786da0b run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: OK run #9: OK # git bisect good 1c8c25209dd17a7c31e6efe4d8f603f1adccc310 Bisecting: 3 revisions left to test after this (roughly 2 steps) [2046beea7627daf02d4ef3128f2f7188ef18f6c2] perf unwind: Fix libunwind build failure on i386 systems testing commit 2046beea7627daf02d4ef3128f2f7188ef18f6c2 with gcc (GCC) 8.1.0 kernel signature: bf257f24835be44a6941f79fa07013c5712c395d run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue # git bisect good 2046beea7627daf02d4ef3128f2f7188ef18f6c2 Bisecting: 1 revision left to test after this (roughly 1 step) [498ade7db232c10d3cbb2d63296d8ca3acec83cc] nbd: fix crash when the blksize is zero testing commit 498ade7db232c10d3cbb2d63296d8ca3acec83cc with gcc (GCC) 8.1.0 kernel signature: 5e6b3332db004ea69baeecf60694e432aed63443 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel run #5: crashed: BUG: unable to handle kernel run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: crashed: BUG: unable to handle kernel run #9: crashed: BUG: unable to handle kernel # git bisect good 498ade7db232c10d3cbb2d63296d8ca3acec83cc Bisecting: 0 revisions left to test after this (roughly 0 steps) [dd36e726ede475418c77ccaaffdd097caab4b4d1] block/ndb: add WQ_UNBOUND to the knbd-recv workqueue testing commit dd36e726ede475418c77ccaaffdd097caab4b4d1 with gcc (GCC) 8.1.0 kernel signature: 75d5b153d03bf12d626b597d5a48ff2f8cc65c38 run #0: crashed: BUG: unable to handle kernel run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: OK # git bisect good dd36e726ede475418c77ccaaffdd097caab4b4d1 0b584bf573ae59021069c056c22d65d5721910cb is the first bad commit commit 0b584bf573ae59021069c056c22d65d5721910cb Author: Mike Christie Date: Sun Aug 4 14:10:06 2019 -0500 nbd: fix max number of supported devs [ Upstream commit e9e006f5fcf2bab59149cb38a48a4817c1b538b4 ] This fixes a bug added in 4.10 with commit: commit 9561a7ade0c205bc2ee035a2ac880478dcc1a024 Author: Josef Bacik Date: Tue Nov 22 14:04:40 2016 -0500 nbd: add multi-connection support that limited the number of devices to 256. Before the patch we could create 1000s of devices, but the patch switched us from using our own thread to using a work queue which has a default limit of 256 active works. The problem is that our recv_work function sits in a loop until disconnection but only handles IO for one connection. The work is started when the connection is started/restarted, but if we end up creating 257 or more connections, the queue_work call just queues connection257+'s recv_work and that waits for connection 1 - 256's recv_work to be disconnected and that work instance completing. Instead of reverting back to kthreads, this has us allocate a workqueue_struct per device, so we can block in the work. Cc: stable@vger.kernel.org Reviewed-by: Josef Bacik Signed-off-by: Mike Christie Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin drivers/block/nbd.c | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) culprit signature: 4ace3a960888bf44b274c2206216763497f65119 parent signature: 75d5b153d03bf12d626b597d5a48ff2f8cc65c38 revisions tested: 14, total time: 3h48m12.227289745s (build: 1h55m8.985528461s, test: 1h51m39.896630152s) first good commit: 0b584bf573ae59021069c056c22d65d5721910cb nbd: fix max number of supported devs cc: ["axboe@kernel.dk" "josef@toxicpanda.com" "mchristi@redhat.com" "sashal@kernel.org"]