bisecting fixing commit since c98875d930e915d01e8c40c7d3c16f00b3c8abe1 building syzkaller on b617407b25b37a7a8efa47127005d1f20dd0abe1 testing commit c98875d930e915d01e8c40c7d3c16f00b3c8abe1 with gcc (GCC) 8.1.0 kernel signature: ca7b063046b4174496735d93a4924f18810930f9 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue testing current HEAD 312017a460d5ea31d646e7148e400e13db799ddc testing commit 312017a460d5ea31d646e7148e400e13db799ddc with gcc (GCC) 8.1.0 kernel signature: b363f71c9fbafd4dd79d958a22f6b2b097de29e1 all runs: OK # git bisect start 312017a460d5ea31d646e7148e400e13db799ddc c98875d930e915d01e8c40c7d3c16f00b3c8abe1 Bisecting: 2934 revisions left to test after this (roughly 12 steps) [4fcb9b3f263efde74d97190e43c690b4ed732bbf] net: kalmia: fix memory leaks testing commit 4fcb9b3f263efde74d97190e43c690b4ed732bbf with gcc (GCC) 8.1.0 kernel signature: 3b2cb3fb589c396878a8fda105385880a413e12f run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: OK run #9: OK # git bisect good 4fcb9b3f263efde74d97190e43c690b4ed732bbf Bisecting: 1467 revisions left to test after this (roughly 11 steps) [c2dca83e9e835f10d9af76afcc55e2a328a2ee6c] rtc: rv8803: fix the rv8803 id in the OF table testing commit c2dca83e9e835f10d9af76afcc55e2a328a2ee6c with gcc (GCC) 8.1.0 kernel signature: fa87c5e030ab20a9fb6922ae2d1f6bb7263c2fb1 all runs: OK # git bisect bad c2dca83e9e835f10d9af76afcc55e2a328a2ee6c Bisecting: 733 revisions left to test after this (roughly 10 steps) [577a5119d7af31f77f5c427be9867431df070d0d] KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts testing commit 577a5119d7af31f77f5c427be9867431df070d0d with gcc (GCC) 8.1.0 kernel signature: 8e19510524bfe6912fc23bbf1078f8086ca8a7d1 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue # git bisect good 577a5119d7af31f77f5c427be9867431df070d0d Bisecting: 366 revisions left to test after this (roughly 9 steps) [0169198631e71c60e96096e17bc9f6c881fcb963] MIPS: include: Mark __cmpxchg as __always_inline testing commit 0169198631e71c60e96096e17bc9f6c881fcb963 with gcc (GCC) 8.1.0 kernel signature: db3ae06ccacf9b21429c0e1cf0c9b10e93d3afe7 all runs: OK # git bisect bad 0169198631e71c60e96096e17bc9f6c881fcb963 Bisecting: 183 revisions left to test after this (roughly 8 steps) [6271cbff9309b71a3c7a6411dd9bb96e1ccdc530] tracing/hwlat: Report total time spent in all NMIs during the sample testing commit 6271cbff9309b71a3c7a6411dd9bb96e1ccdc530 with gcc (GCC) 8.1.0 kernel signature: e936e5d4ab497b871be5e1e52495051802c170e8 all runs: OK # git bisect bad 6271cbff9309b71a3c7a6411dd9bb96e1ccdc530 Bisecting: 91 revisions left to test after this (roughly 7 steps) [59a6dc262c8500c6e5fb9f234c6078fd72ddc20f] arm64: Provide a command line to disable spectre_v2 mitigation testing commit 59a6dc262c8500c6e5fb9f234c6078fd72ddc20f with gcc (GCC) 8.1.0 kernel signature: 09501b58552b6361636e6bc77f0439576994f3b8 all runs: OK # git bisect bad 59a6dc262c8500c6e5fb9f234c6078fd72ddc20f Bisecting: 45 revisions left to test after this (roughly 6 steps) [4753e7a824cbfd91c0a795f0c794e5af3cf80f98] ima: fix freeing ongoing ahash_request testing commit 4753e7a824cbfd91c0a795f0c794e5af3cf80f98 with gcc (GCC) 8.1.0 kernel signature: f08b10cac17c5e415901b2a0a538822ae1fff171 all runs: OK # git bisect bad 4753e7a824cbfd91c0a795f0c794e5af3cf80f98 Bisecting: 22 revisions left to test after this (roughly 5 steps) [fb93ccde081e39631fd16c03d1c9eb0b4bef7edd] MIPS: Treat Loongson Extensions as ASEs testing commit fb93ccde081e39631fd16c03d1c9eb0b4bef7edd with gcc (GCC) 8.1.0 kernel signature: 04ad951a870e6d81c70597d1e634445d1530dd4a all runs: OK # git bisect bad fb93ccde081e39631fd16c03d1c9eb0b4bef7edd Bisecting: 10 revisions left to test after this (roughly 4 steps) [032ce7d766a9846167916cb0713ab91b2de9cbdf] powerpc/powernv: Restrict OPAL symbol map to only be readable by root testing commit 032ce7d766a9846167916cb0713ab91b2de9cbdf with gcc (GCC) 8.1.0 kernel signature: 30674d9ddfd8444749b76a8eaa894fac909c5063 all runs: OK # git bisect bad 032ce7d766a9846167916cb0713ab91b2de9cbdf Bisecting: 5 revisions left to test after this (roughly 3 steps) [9f0f39c92e4f50189155dfb13bb5524372e40eba] nbd: fix max number of supported devs testing commit 9f0f39c92e4f50189155dfb13bb5524372e40eba with gcc (GCC) 8.1.0 kernel signature: 43dff9cead5fd6f7ec678bad96179257d0a672a9 all runs: OK # git bisect bad 9f0f39c92e4f50189155dfb13bb5524372e40eba Bisecting: 2 revisions left to test after this (roughly 1 step) [30fbe0d380aa038b0a629bc9c7f1961d340cd83b] KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9 testing commit 30fbe0d380aa038b0a629bc9c7f1961d340cd83b with gcc (GCC) 8.1.0 kernel signature: cfc0536c6d9134a147dbbfdb13bd2ee4b9969dfc run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue run #9: OK # git bisect good 30fbe0d380aa038b0a629bc9c7f1961d340cd83b Bisecting: 0 revisions left to test after this (roughly 1 step) [eff3a54aae6815583d139dd22417e3d706ef6490] KVM: nVMX: handle page fault in vmread fix testing commit eff3a54aae6815583d139dd22417e3d706ef6490 with gcc (GCC) 8.1.0 kernel signature: cecb3c0c6988a8aef467bb7bf8c73dc11f0129d8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue # git bisect good eff3a54aae6815583d139dd22417e3d706ef6490 9f0f39c92e4f50189155dfb13bb5524372e40eba is the first bad commit commit 9f0f39c92e4f50189155dfb13bb5524372e40eba Author: Mike Christie Date: Sun Aug 4 14:10:06 2019 -0500 nbd: fix max number of supported devs commit e9e006f5fcf2bab59149cb38a48a4817c1b538b4 upstream. This fixes a bug added in 4.10 with commit: commit 9561a7ade0c205bc2ee035a2ac880478dcc1a024 Author: Josef Bacik Date: Tue Nov 22 14:04:40 2016 -0500 nbd: add multi-connection support that limited the number of devices to 256. Before the patch we could create 1000s of devices, but the patch switched us from using our own thread to using a work queue which has a default limit of 256 active works. The problem is that our recv_work function sits in a loop until disconnection but only handles IO for one connection. The work is started when the connection is started/restarted, but if we end up creating 257 or more connections, the queue_work call just queues connection257+'s recv_work and that waits for connection 1 - 256's recv_work to be disconnected and that work instance completing. Instead of reverting back to kthreads, this has us allocate a workqueue_struct per device, so we can block in the work. Cc: stable@vger.kernel.org Reviewed-by: Josef Bacik Signed-off-by: Mike Christie Signed-off-by: Jens Axboe Signed-off-by: Greg Kroah-Hartman drivers/block/nbd.c | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) culprit signature: 43dff9cead5fd6f7ec678bad96179257d0a672a9 parent signature: cecb3c0c6988a8aef467bb7bf8c73dc11f0129d8 revisions tested: 14, total time: 4h22m45.31146649s (build: 1h59m16.968782259s, test: 2h21m46.77154972s) first good commit: 9f0f39c92e4f50189155dfb13bb5524372e40eba nbd: fix max number of supported devs cc: ["axboe@kernel.dk" "gregkh@linuxfoundation.org" "josef@toxicpanda.com" "mchristi@redhat.com"]