FYI, we noticed the following commit (built with gcc-7):

commit: 1d0e59f90bff75f1b2620ac298f12dda2a84b5e8 ("[PATCH 10/12] blkcg: cleanup and make blk_get_rl use blkg_lookup_create")
url: https://github.com/0day-ci/linux/commits/Dennis-Zhou/block-always-associate-blkg-and-refcount-cleanup/20180907-111624
base: https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-next

in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -m 256M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+----------------+------------+------------+
|                | 7fbc5786e4 | 1d0e59f90b |
+----------------+------------+------------+
| boot_successes | 10         | 0          |
+----------------+------------+------------+



[    4.614577] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[    4.617799] PGD 0 P4D 0 
[    4.617799] Oops: 0000 [#1] SMP PTI
[    4.617799] CPU: 0 PID: 16 Comm: kworker/u2:1 Not tainted 4.19.0-rc2-00205-g1d0e59f #1
[    4.617799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[    4.617799] Workqueue: events_unbound async_run_entry_fn
[    4.617799] RIP: 0010:get_request+0xfe/0x737
[    4.617799] Code: 48 8d 58 40 e9 aa 00 00 00 e8 08 34 c3 ff 48 85 c0 49 89 c7 75 14 65 48 8b 04 25 80 4d 01 00 48 8b 80 b8 07 00 00 4c 8b 78 10 <48> 81 3c 25 28 00 00 00 00 5a c2 82 74 70 48 8b 85 a8 01 00 00 a8
[    4.617799] RSP: 0000:ffffc900000ebc28 EFLAGS: 00010046
[    4.617799] RAX: ffffffff82476e40 RBX: 0000000000600000 RCX: 0000000000000008
[    4.617799] RDX: ffff88000de2cc00 RSI: 0000000000000020 RDI: ffff88000f90dff0
[    4.617799] RBP: ffff88000f90dff0 R08: 0000000000600000 R09: 0000000000000000
[    4.617799] R10: ffff88000f6c9800 R11: ffff88000d4caf7e R12: 0000000000000000
[    4.617799] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff82c25a00
[    4.617799] FS:  0000000000000000(0000) GS:ffff88000e000000(0000) knlGS:0000000000000000
[    4.617799] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    4.617799] CR2: 0000000000000028 CR3: 000000000240a000 CR4: 00000000000006f0
[    4.617799] Call Trace:
[    4.617799]  ? wait_woken+0x8b/0x8b
[    4.617799]  blk_get_request+0xd7/0x14f
[    4.617799]  __scsi_execute+0x43/0x17b
[    4.617799]  scsi_probe_and_add_lun+0x23b/0xac2
[    4.617799]  __scsi_add_device+0xd4/0x128
[    4.617799]  ata_scsi_scan_host+0x86/0x173
[    4.617799]  async_run_entry_fn+0x6f/0x12f
[    4.617799]  process_one_work+0x1d5/0x316
[    4.617799]  ? worker_thread+0x24e/0x2d6
[    4.617799]  worker_thread+0x1f2/0x2d6
[    4.617799]  ? rescuer_thread+0x2cf/0x2cf
[    4.617799]  kthread+0x121/0x129
[    4.617799]  ? kthread_park+0x76/0x76
[    4.617799]  ret_from_fork+0x3a/0x50
[    4.617799] Modules linked in:
[    4.617799] CR2: 0000000000000028
[    4.617799] ---[ end trace ad69c92e3fbca4bc ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp