bisecting cause commit starting from 203ec2fed17ade9582277570eb234be52085f8c5
building syzkaller on f48c20b8f9b2a6c26629f11cc15e1c9c316572c8
testing commit 203ec2fed17ade9582277570eb234be52085f8c5 with gcc (GCC) 8.1.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
run #0: crashed: INFO: task hung in corrupted
run #1: crashed: INFO: task hung in xlog_grant_head_check
run #2: crashed: INFO: task hung in xlog_grant_head_check
run #3: crashed: INFO: task hung in xlog_grant_head_check
run #4: crashed: INFO: task hung in xlog_grant_head_check
run #5: crashed: INFO: task hung in xlog_grant_head_check
run #6: crashed: INFO: task hung in xlog_grant_head_check
run #7: crashed: INFO: task hung in xlog_grant_head_check
run #8: crashed: INFO: task hung in xlog_grant_head_check
run #9: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.5
testing commit b562e44f507e863c6792946e4e1b1449fbbac85d with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.4
testing commit afd2ff9b7e1b367172f18ba7f693dfb62bdcb2dc with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.3
testing commit 6a13feb9c82803e2b815eca72fa7a9f5561d7861 with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.2
testing commit 64291f7db5bd8150a74ad2036f1037e6a0428df2 with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
testing release v4.1
testing commit b953c0d234bc72e8489d3bf51a276c5c4ec85345 with gcc (GCC) 5.5.0
all runs: crashed: INFO: task hung in xlog_grant_head_check
revisions tested: 17, total time: 2h59m7.66820298s (build: 1h0m56.283364781s, test: 1h53m39.269986873s)
the crash already happened on the oldest tested release
commit msg: Linux 4.1
crash: INFO: task hung in xlog_grant_head_check
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 2(bridge_slave_1) entered forwarding state
bridge0: port 1(bridge_slave_0) entered forwarding state
bridge0: port 1(bridge_slave_0) entered forwarding state
INFO: task syz-executor:5373 blocked for more than 120 seconds.
      Not tainted 4.1.0-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor    D ffff8800b7537a78 12688  5373   3916 0x00000004
 ffff8800b7537a78 00000000b7537a78 ffff88020fd44890 ffff8800b7537ac8
 ffff8800b7538000 ffff880213ff6970 ffff8800b7495a80 ffff88020fd44890
 0000000000000000 ffff8800b7537a98 ffffffff824850f2 ffff8800b7495800
Call Trace:
 [<ffffffff824850f2>] schedule+0x32/0x80 kernel/sched/core.c:2826
 [<ffffffff8161aa4c>] xlog_grant_head_wait+0x5c/0x4e0 fs/xfs/xfs_log.c:274
 [<ffffffff8161af56>] xlog_grant_head_check+0x86/0xf0 fs/xfs/xfs_log.c:330
 [<ffffffff8161eec3>] xfs_log_reserve+0xd3/0x500 fs/xfs/xfs_log.c:467
 [<ffffffff8161f373>] xfs_log_unmount_write+0x83/0x450 fs/xfs/xfs_log.c:811
 [<ffffffff8161f79e>] xfs_log_quiesce+0x5e/0x70 fs/xfs/xfs_log.c:938
 [<ffffffff8161f7c5>] xfs_log_unmount+0x15/0x60 fs/xfs/xfs_log.c:952
 [<ffffffff81611d6d>] xfs_mountfs+0x60d/0x930 fs/xfs/xfs_mount.c:943
 [<ffffffff81614e15>] xfs_fs_fill_super+0x395/0x480 fs/xfs/xfs_super.c:1510
 [<ffffffff812eebec>] mount_bdev+0x1bc/0x1f0 fs/super.c:1005
 [<ffffffff81613040>] xfs_fs_mount+0x10/0x20 fs/xfs/xfs_super.c:1574
 [<ffffffff812ef573>] mount_fs+0x33/0x190 fs/super.c:1108
 [<ffffffff81311cb6>] vfs_kern_mount+0x66/0x160 fs/namespace.c:937
 [<ffffffff81314bd9>] do_new_mount fs/namespace.c:2368 [inline]
 [<ffffffff81314bd9>] do_mount+0x1f9/0xba0 fs/namespace.c:2684
 [<ffffffff813158cb>] SYSC_mount fs/namespace.c:2874 [inline]
 [<ffffffff813158cb>] SyS_mount+0x8b/0xe0 fs/namespace.c:2852
 [<ffffffff8248c1f2>] system_call_fastpath+0x16/0x7a
1 lock held by syz-executor/5373:
 #0:  (&type->s_umount_key#38/1){+.+.+.}, at: [<ffffffff812ee6b9>] alloc_super fs/super.c:217 [inline]
 #0:  (&type->s_umount_key#38/1){+.+.+.}, at: [<ffffffff812ee6b9>] sget+0x249/0x460 fs/super.c:465
sending NMI to all CPUs:
NMI backtrace for cpu 0
CPU: 0 PID: 700 Comm: khungtaskd Not tainted 4.1.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88021671e710 ti: ffff88021665c000 task.ti: ffff88021665c000
RIP: 0010:[<ffffffff810c0dc9>]  [<ffffffff810c0dc9>] _flat_send_IPI_mask arch/x86/kernel/apic/apic_flat_64.c:62 [inline]
RIP: 0010:[<ffffffff810c0dc9>]  [<ffffffff810c0dc9>] flat_send_IPI_mask+0x99/0x120 arch/x86/kernel/apic/apic_flat_64.c:69
RSP: 0018:ffff88021665fd68  EFLAGS: 00000046
RAX: 0000000003000000 RBX: 0000000000000c00 RCX: 0000000000000000
RDX: 0000000000000c00 RSI: 0000000000000000 RDI: 0000000000000300
RBP: ffff88021665fd88 R08: 0000000000000001 R09: 0000000000000000
R10: ffff88021671e710 R11: 0000000000000001 R12: 0000000000000282
R13: 0000000000000003 R14: 0000000000000002 R15: 0000000000000078
FS:  0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006a7e0c CR3: 00000000ba8e5000 CR4: 00000000001407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 000000000000d3c0 0000000000000001 ffff8800b9c1eee0 ffff88020fd44890
 ffff88021665fdd8 ffffffff810bda0f ffff88021665fdc8 ffffffff811bca37
 ffff88021665fdd8 0000000000000002 00000000003fff7c ffff8800b9c1eee0
Call Trace:
 [<ffffffff810bda0f>] arch_trigger_all_cpu_backtrace+0x26f/0x280 arch/x86/kernel/apic/hw_nmi.c:89
 [<ffffffff8122d56a>] trigger_all_cpu_backtrace include/linux/nmi.h:43 [inline]
 [<ffffffff8122d56a>] check_hung_task kernel/hung_task.c:125 [inline]
 [<ffffffff8122d56a>] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline]
 [<ffffffff8122d56a>] watchdog+0x47a/0x6b0 kernel/hung_task.c:238
 [<ffffffff811918c9>] kthread+0xf9/0x110 kernel/kthread.c:207
 [<ffffffff8248c662>] ret_from_fork+0x42/0x70 arch/x86/kernel/entry_64.S:639
Code: b3 5f ff 80 e6 10 75 f2 44 89 e8 c1 e0 18 89 04 25 10 b3 5f ff 44 89 f2 09 da 80 cf 04 41 83 fe 02 0f 44 d3 89 14 25 00 b3 5f ff <41> f7 c4 00 02 00 00 74 26 e8 59 de 0f 00 48 83 3d a9 48 d7 01 
NMI backtrace for cpu 1
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.1.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8802169be290 ti: ffff8802169c0000 task.ti: ffff8802169c0000
RIP: 0010:[<ffffffff810c59c6>]  [<ffffffff810c59c6>] native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:50
RSP: 0018:ffff8802169c3e78  EFLAGS: 00000286
RAX: ffff8802169be290 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8802169be290
RBP: ffff8802169c3e78 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: ffffffff82fe92f8 R14: 0000000000000000 R15: ffff8802169c0000
FS:  0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006a7e0c CR3: 00000000b9fbe000 CR4: 00000000001407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8802169c3e98 ffffffff81087f1c 0000000000000000 ffff8802169c0000
 ffff8802169c3ea8 ffffffff81088c8a ffff8802169c3f18 ffffffff811b8855
 ffffffff82e5ff40 0000000000000000 ffff8802169c0000 ffff8802169c4000
Call Trace:
 [<ffffffff81087f1c>] arch_safe_halt arch/x86/include/asm/paravirt.h:111 [inline]
 [<ffffffff81087f1c>] default_idle+0x2c/0x250 arch/x86/kernel/process.c:341
 [<ffffffff81088c8a>] arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:332
 [<ffffffff811b8855>] cpuidle_idle_call kernel/sched/idle.c:195 [inline]
 [<ffffffff811b8855>] cpu_idle_loop kernel/sched/idle.c:249 [inline]
 [<ffffffff811b8855>] cpu_startup_entry+0x2f5/0x610 kernel/sched/idle.c:297
 [<ffffffff810b862c>] start_secondary+0x17c/0x190 arch/x86/kernel/smpboot.c:269
Code: 00 00 00 00 00 55 48 89 e5 fa 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 66 0f 1f 84