Debian GNU/Linux 7 syzkaller ttyS0 executing program syzkaller login: [ 14.772374] ------------[ cut here ]------------ [ 14.772808] WARNING: CPU: 1 PID: 2909 at drivers/ata/libata-core.c:5391 ata_qc_issue+0x519/0xea0 [ 14.773380] Kernel panic - not syncing: panic_on_warn set ... [ 14.773380] [ 14.773983] CPU: 1 PID: 2909 Comm: syzkaller668320 Not tainted 4.13.0-rc4-next-20170811 #1 [ 14.774631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 14.775194] Call Trace: [ 14.775449] dump_stack+0x194/0x257 [ 14.776110] ? arch_local_irq_restore+0x53/0x53 [ 14.776447] panic+0x1e4/0x417 [ 14.776668] ? __warn+0x1d9/0x1d9 [ 14.776899] ? show_regs_print_info+0x65/0x65 [ 14.777202] ? ata_qc_issue+0x519/0xea0 [ 14.777455] __warn+0x1c4/0x1d9 [ 14.777677] ? ata_qc_issue+0x519/0xea0 [ 14.777940] report_bug+0x211/0x2d0 [ 14.778187] fixup_bug+0x40/0x90 [ 14.778404] do_trap+0x260/0x390 [ 14.778634] ? check_noncircular+0x20/0x20 [ 14.778918] do_error_trap+0x120/0x390 [ 14.779180] ? do_trap+0x390/0x390 [ 14.779406] ? ata_qc_issue+0x519/0xea0 [ 14.779667] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 14.780024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 14.780344] do_invalid_op+0x1b/0x20 [ 14.780681] invalid_op+0x1e/0x30 [ 14.781020] RIP: 0010:ata_qc_issue+0x519/0xea0 [ 14.781448] RSP: 0018:ffff880069de68f8 EFLAGS: 00010097 [ 14.781801] RAX: ffff88006c840580 RBX: 0000000000000002 RCX: 0000000000000000 [ 14.782252] RDX: 0000000000000000 RSI: ffff88006b8b2500 RDI: ffff88006b8b0290 [ 14.782721] RBP: ffff880069de6a10 R08: 0000000000000000 R09: 0000000000000000 [ 14.783172] R10: 0000000000000004 R11: ffffed000d716046 R12: 0000000000000000 [ 14.783629] R13: ffff88006b8b238c R14: ffff88006b8b01f8 R15: ffff88006b8b0080 [ 14.784096] ? ata_qc_issue+0x519/0xea0 [ 14.784354] ? ata_qc_complete_multiple+0x200/0x200 [ 14.784683] ? lock_release+0xa40/0xa40 [ 14.785021] ? check_noncircular+0x20/0x20 [ 14.785437] ? memset+0x31/0x40 [ 14.785759] ? ata_scsi_var_len_cdb_xlat+0xe0/0xe0 [ 14.786209] ata_scsi_translate+0x34a/0x5e0 [ 14.786612] ? ata_scsi_var_len_cdb_xlat+0xe0/0xe0 [ 14.787081] ata_scsi_queuecmd+0x2ae/0x6b0 [ 14.787492] scsi_dispatch_cmd+0x432/0xb60 [ 14.787897] ? scsi_init_request+0x2f0/0x2f0 [ 14.788343] ? blk_mq_start_request+0x2a6/0x750 [ 14.788802] ? blk_mq_complete_request+0x30/0x30 [ 14.789263] ? scsi_init_command+0x364/0x460 [ 14.789691] ? scsi_io_completion+0x16b0/0x16b0 [ 14.790031] ? memset+0x31/0x40 [ 14.790242] scsi_queue_rq+0x155a/0x1e00 [ 14.790504] ? scsi_prep_fn+0x510/0x510 [ 14.790773] ? unwind_get_return_address+0x61/0xa0 [ 14.791089] ? __save_stack_trace+0x7e/0xd0 [ 14.791421] ? blk_mq_get_tag+0x34a/0xe50 [ 14.791837] ? save_stack_trace+0x16/0x20 [ 14.792296] ? __blk_mq_tag_idle+0x70/0x70 [ 14.792692] ? print_usage_bug+0x480/0x480 [ 14.792965] ? print_shortest_lock_dependencies+0x350/0x350 [ 14.793324] ? print_usage_bug+0x480/0x480 [ 14.793601] ? __lock_acquire+0x6aa/0x3bc0 [ 14.793871] ? lock_downgrade+0x990/0x990 [ 14.794134] ? finish_wait+0x490/0x490 [ 14.794456] ? lock_release+0xa40/0xa40 [ 14.794895] ? blk_mq_get_driver_tag+0x327/0x9c0 [ 14.795387] ? check_noncircular+0x20/0x20 [ 14.795785] ? blk_mq_check_expired+0x220/0x220 [ 14.796118] ? scsi_prep_fn+0x510/0x510 [ 14.796381] blk_mq_dispatch_rq_list+0x8bc/0x1720 [ 14.796716] ? hlock_class+0x140/0x140 [ 14.797037] ? find_held_lock+0x35/0x1d0 [ 14.797561] ? blk_mq_try_issue_directly+0x210/0x210 [ 14.797906] ? dd_dispatch_request+0x3b2/0xc50 [ 14.798200] ? lock_downgrade+0x990/0x990 [ 14.798467] ? do_raw_spin_trylock+0x190/0x190 [ 14.798787] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 14.799131] ? print_usage_bug+0x480/0x480 [ 14.799406] ? _raw_spin_unlock+0x22/0x30 [ 14.799682] ? dd_dispatch_request+0x3b2/0xc50 [ 14.800121] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 14.800610] ? find_next_zero_bit+0x2c/0x40 [ 14.801065] ? dd_merged_requests+0x5d0/0x5d0 [ 14.801532] ? check_noncircular+0x20/0x20 [ 14.801871] ? check_noncircular+0x20/0x20 [ 14.802176] ? sbitmap_get+0x1d0/0x290 [ 14.802504] ? __sbitmap_queue_get+0x199/0x360 [ 14.802880] ? dd_insert_requests+0x721/0xad0 [ 14.803241] ? lock_downgrade+0x990/0x990 [ 14.803580] ? rcu_read_lock_sched_held+0x108/0x120 [ 14.804070] ? blk_mq_sched_try_insert_merge+0x100/0x100 [ 14.804597] ? check_noncircular+0x20/0x20 [ 14.804896] blk_mq_sched_dispatch_requests+0x752/0xb40 [ 14.805317] ? blk_mq_sched_assign_ioc+0x1a0/0x1a0 [ 14.805669] ? lock_acquire+0x1d5/0x580 [ 14.806008] ? lock_acquire+0x1d5/0x580 [ 14.806308] ? __blk_mq_run_hw_queue+0x154/0x280 [ 14.806790] ? lock_release+0xa40/0xa40 [ 14.807284] ? blk_queue_exit+0x145/0x270 [ 14.807646] __blk_mq_run_hw_queue+0x1aa/0x280 [ 14.807946] __blk_mq_delay_run_hw_queue+0x175/0x1b0 [ 14.808308] blk_mq_run_hw_queue+0x1e/0x30 [ 14.808599] blk_mq_sched_insert_request+0x275/0x890 [ 14.808934] ? blk_mq_sched_restart+0x8d0/0x8d0 [ 14.809254] ? blk_queue_exit+0x162/0x270 [ 14.809665] ? submit_bio+0x520/0x520 [ 14.810085] ? find_held_lock+0x35/0x1d0 [ 14.810402] ? blk_mq_alloc_request+0x122/0x280 [ 14.810717] ? blk_mq_get_request+0x1620/0x1620 [ 14.811022] ? refcount_add+0x60/0x60 [ 14.811268] ? memset+0x31/0x40 [ 14.811485] blk_execute_rq_nowait+0x16d/0x310 [ 14.811793] ? sg_release+0x1f0/0x1f0 [ 14.812072] sg_common_write.isra.17+0xf80/0x1c10 [ 14.812548] ? lock_release+0xa40/0xa40 [ 14.812903] ? sg_open+0x1180/0x1180 [ 14.813146] ? __might_fault+0x110/0x1d0 [ 14.813408] ? check_stack_object+0x68/0x140 [ 14.813715] ? __check_object_size+0x268/0x500 [ 14.814007] ? lock_release+0xa40/0xa40 [ 14.814261] ? check_stack_object+0x140/0x140 [ 14.814657] ? __might_sleep+0x95/0x190 [ 14.815049] sg_write+0x7a0/0xc90 [ 14.815402] ? sg_ioctl+0x2ec0/0x2ec0 [ 14.815677] ? __kernel_text_address+0xae/0xe0 [ 14.815967] ? unwind_get_return_address+0x61/0xa0 [ 14.816302] ? __save_stack_trace+0x7e/0xd0 [ 14.816663] ? depot_save_stack+0x12c/0x490 [ 14.816947] ? putname+0xee/0x130 [ 14.817172] ? save_stack+0xa3/0xd0 [ 14.817408] ? save_stack_trace+0x16/0x20 [ 14.817695] ? save_stack+0x43/0xd0 [ 14.817929] ? kasan_slab_free+0x6e/0xc0 [ 14.818194] ? kmem_cache_free+0x71/0x240 [ 14.818473] ? putname+0xee/0x130 [ 14.819137] ? do_sys_open+0x31b/0x6d0 [ 14.819430] ? SyS_open+0x2d/0x40 [ 14.819682] ? entry_SYSCALL_64_fastpath+0x1f/0xbe [ 14.820083] ? sg_ioctl+0x2ec0/0x2ec0 [ 14.820342] __vfs_write+0xef/0x970 [ 14.820581] ? rcu_note_context_switch+0x710/0x710 [ 14.820905] ? default_llseek+0x290/0x290 [ 14.821175] ? __might_sleep+0x95/0x190 [ 14.821435] ? _cond_resched+0x14/0x30 [ 14.821689] ? __inode_security_revalidate+0xd9/0x130 [ 14.822027] ? avc_policy_seqno+0x9/0x20 [ 14.822290] ? selinux_file_permission+0x82/0x460 [ 14.822609] ? security_file_permission+0x89/0x1e0 [ 14.822925] ? rw_verify_area+0xe5/0x2b0 [ 14.823182] ? __fdget_raw+0x20/0x20 [ 14.823420] vfs_write+0x189/0x510 [ 14.823649] SyS_write+0xef/0x220 [ 14.823870] ? SyS_read+0x220/0x220 [ 14.824114] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 14.824436] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 14.824743] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 14.825047] RIP: 0033:0x439059 [ 14.825263] RSP: 002b:00007ffe8db065b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000001 [ 14.825750] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000439059 [ 14.826205] RDX: 000000000000002a RSI: 0000000020010000 RDI: 0000000000000003 [ 14.826673] RBP: 0000000000000086 R08: 00000000000000fe R09: 0000000000000000 [ 14.827129] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 14.827587] R13: 0000000000401cb0 R14: 0000000000401d40 R15: 0000000000000000 [ 14.828227] Dumping ftrace buffer: [ 14.828511] (ftrace buffer empty) [ 14.828746] Kernel Offset: disabled [ 14.828980] Rebooting in 86400 seconds..