bisecting cause commit starting from 998d75510e373aab5644d777d3b058312d550159 building syzkaller on 8c88c9c1c99c8cd8dabc951164c820b9c9f25114 testing commit 998d75510e373aab5644d777d3b058312d550159 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in fuse_lookup run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in fuse_lookup run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in fuse_lookup run #5: crashed: INFO: task hung in fuse_lookup run #6: crashed: INFO: task hung in fuse_lookup run #7: OK run #8: OK run #9: OK testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in fuse_lookup run #5: crashed: INFO: task hung in fuse_lookup run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in fuse_lookup run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in fuse_lookup run #5: crashed: INFO: task hung in fuse_lookup run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in fuse_lookup run #5: crashed: INFO: task hung in fuse_lookup run #6: crashed: INFO: task hung in fuse_lookup run #7: OK run #8: OK run #9: OK testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: crashed: no output from test machine testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 run #0: OK run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 run #0: OK run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: no output from test machine run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 run #0: crashed: INFO: task hung in fuse_lookup run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 run #0: OK run #1: crashed: INFO: task hung in fuse_lookup run #2: crashed: INFO: task hung in fuse_lookup run #3: crashed: INFO: task hung in fuse_lookup run #4: crashed: INFO: task hung in corrupted run #5: crashed: INFO: task hung in fuse_lookup run #6: crashed: INFO: task hung in fuse_lookup run #7: crashed: INFO: task hung in fuse_lookup run #8: OK run #9: OK testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 run #0: crashed: INFO: task hung in lookup_slow run #1: crashed: INFO: task hung in lookup_slow run #2: crashed: INFO: task hung in lookup_slow run #3: crashed: INFO: task hung in lookup_slow run #4: crashed: INFO: task hung in lookup_slow run #5: crashed: INFO: task hung in lookup_slow run #6: crashed: INFO: task hung in lookup_slow run #7: crashed: INFO: task hung in lookup_slow run #8: OK run #9: OK testing release v4.5 testing commit b562e44f507e863c6792946e4e1b1449fbbac85d with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in walk_component testing release v4.4 testing commit afd2ff9b7e1b367172f18ba7f693dfb62bdcb2dc with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in walk_component testing release v4.3 testing commit 6a13feb9c82803e2b815eca72fa7a9f5561d7861 with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in walk_component testing release v4.2 testing commit 64291f7db5bd8150a74ad2036f1037e6a0428df2 with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in walk_component testing release v4.1 testing commit b953c0d234bc72e8489d3bf51a276c5c4ec85345 with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in lookup_slow revisions tested: 25, total time: 6h3m45.114691441s (build: 1h52m46.977522712s, test: 4h3m11.658311314s) the crash already happened on the oldest tested release commit msg: Linux 4.1 crash: INFO: task hung in lookup_slow INFO: task syz-executor.4:5479 blocked for more than 140 seconds. Not tainted 4.1.0 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. syz-executor.4 D ffff8800b85afbb8 12096 5479 1 0x00000004 ffff8800b85afbb8 00000000b85afbb8 ffff8800b853e5d0 ffff880000000000 ffff8800b85b0000 ffff88012a6d9ae0 ffff8800b85afd38 ffff8800b853e5d0 0000000000000286 ffff8800b85afbd8 ffffffff82645872 ffff88012a6d9ad8 Call Trace: [] schedule+0x32/0x80 kernel/sched/core.c:2826 [] schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:2858 [] __mutex_lock_common kernel/locking/mutex.c:578 [inline] [] mutex_lock_nested+0x195/0x610 kernel/locking/mutex.c:617 [] lookup_slow+0x31/0xc0 fs/namei.c:1508 [] walk_component fs/namei.c:1589 [inline] [] link_path_walk+0x688/0x15c0 fs/namei.c:1844 [] follow_link fs/namei.c:901 [inline] [] path_mountpoint+0x2f5/0x490 fs/namei.c:2368 [] filename_mountpoint+0x32/0xe0 fs/namei.c:2386 [] user_path_mountpoint_at+0x31/0x40 fs/namei.c:2415 [] SYSC_umount fs/namespace.c:1576 [inline] [] SyS_umount+0x67/0x120 fs/namespace.c:1560 [] system_call_fastpath+0x16/0x7a 1 lock held by syz-executor.4/5479: #0: (&type->i_mutex_dir_key#4){+.+.+.}, at: [] lookup_slow+0x31/0xc0 fs/namei.c:1508 sending NMI to all CPUs: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.1.0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffffffff83214520 ti: ffffffff83200000 task.ti: ffffffff83200000 RIP: 0010:[] [] native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:50 RSP: 0018:ffffffff83203e88 EFLAGS: 00000282 RAX: ffffffff83214520 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff83214520 RBP: ffffffff83203e88 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff83200000 R13: ffffffff8341b638 R14: 0000000000000000 R15: ffffffff83200000 FS: 0000000000000000(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f75071c5016 CR3: 00000000ba97b000 CR4: 00000000001407f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff83203ea8 ffffffff810896e9 0000000000000000 ffffffff83200000 ffffffff83203eb8 ffffffff8108a62a ffffffff83203f28 ffffffff811bd669 ffffffff83203ed8 ffffffff83204000 ffff88021fffd200 ffffffff83530940 Call Trace: [] arch_safe_halt arch/x86/include/asm/paravirt.h:111 [inline] [] default_idle+0x29/0x270 arch/x86/kernel/process.c:341 [] arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:332 [] cpuidle_idle_call kernel/sched/idle.c:195 [inline] [] cpu_idle_loop kernel/sched/idle.c:249 [inline] [] cpu_startup_entry+0x2e9/0x660 kernel/sched/idle.c:297 [] rest_init+0x134/0x140 init/main.c:409 [] start_kernel+0x438/0x445 init/main.c:677 [] x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:197 [] x86_64_start_kernel+0x145/0x154 arch/x86/kernel/head64.c:186 Code: 00 00 00 00 00 55 48 89 e5 fa 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 66 0f 1f 84 NMI backtrace for cpu 1 CPU: 1 PID: 873 Comm: khungtaskd Not tainted 4.1.0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88012a716c90 ti: ffff88012a164000 task.ti: ffff88012a164000 RIP: 0010:[] [] native_write_msr_safe+0xa/0x10 arch/x86/include/asm/msr.h:95 RSP: 0018:ffff88012a167d08 EFLAGS: 00000082 RAX: 0000000000000400 RBX: 0000000000000001 RCX: 0000000000000830 RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000830 RBP: ffff88012a167d08 R08: 0000000000000000 R09: 0000000000000003 R10: ffff88012a716c90 R11: 0000000000000001 R12: ffffffff8341b108 R13: 0000000000080000 R14: 0000000000000001 R15: 000000000000a120 FS: 0000000000000000(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7507252000 CR3: 00000000b2a0b000 CR4: 00000000001407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff88012a167d68 ffffffff810c502f ffff88012a167d78 0000000000000296 0000000200000002 0000000000000002 ffff88012a167d88 0000000000000040 000000000000d3c0 0000000000000001 ffff8800b853e5d0 000000000000008c Call Trace: [] paravirt_write_msr arch/x86/include/asm/paravirt.h:133 [inline] [] native_x2apic_icr_write arch/x86/include/asm/apic.h:168 [inline] [] __x2apic_send_IPI_dest arch/x86/include/asm/x2apic.h:26 [inline] [] __x2apic_send_IPI_mask+0x10f/0x1a0 arch/x86/kernel/apic/x2apic_phys.c:52 [] x2apic_send_IPI_mask+0xe/0x10 arch/x86/kernel/apic/x2apic_cluster.c:79 [] arch_trigger_all_cpu_backtrace+0x33d/0x350 arch/x86/kernel/apic/hw_nmi.c:89 [] trigger_all_cpu_backtrace include/linux/nmi.h:43 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x47e/0x6c0 kernel/hung_task.c:238 [] kthread+0xea/0x100 drivers/block/aoe/aoecmd.c:1312 [] ret_from_fork+0x42/0x70 arch/x86/kernel/entry_64.S:639 Code: 00 55 89 f9 48 89 e5 0f 32 45 31 c0 48 89 d7 44 89 06 89 c6 5d 48 c1 e7 20 48 89 f8 48 09 f0 c3 90 55 89 f0 89 f9 48 89 e5 0f 30 <31> c0 5d c3 66 90 55 89 f9 48 89 e5 0f 33 48 89 d7 89 c1 5d 48