binder: 5327:5338 ioctl 541a 200ce000 returned -22
==================================================================
BUG: KASAN: use-after-free in rcu_read_unlock_sched /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/rcupdate.h:1010 [inline] at addr ffff880194596b40
BUG: KASAN: use-after-free in percpu_ref_tryget_live /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/percpu-refcount.h:252 [inline] at addr ffff880194596b40
BUG: KASAN: use-after-free in css_tryget_online /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:342 [inline] at addr ffff880194596b40
BUG: KASAN: use-after-free in task_get_css /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:475 [inline] at addr ffff880194596b40
BUG: KASAN: use-after-free in bio_copy_user_iov+0xe61/0xea0 /syzkaller/managers/android-49-kasan-gce/kernel/block/bio.c:1998 at addr ffff880194596b40
Read of size 8 by task syz-executor2/5368
CPU: 0 PID: 5368 Comm: syz-executor2 Not tainted 4.9.41-gdb02484 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801947e74c0 ffffffff81d92609 ffff8801da0013c0 ffff880194596b40
ffff880194596c40 ffffed00328b2d68 ffff880194596b40 ffff8801947e74e8
ffffffff8153c1bc ffffed00328b2d68 ffff8801da0013c0 0000000000000000
Call Trace:
[<ffffffff81d92609>] dump_stack+0xc1/0x128 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-integrity.c:49
[<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:4539
[<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:2320
[<ffffffff8153c819>] __get_order /syzkaller/managers/android-49-kasan-gce/kernel/./include/asm-generic/getorder.h:18 [inline]
[<ffffffff8153c819>] slab_order /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3213 [inline]
[<ffffffff8153c819>] calculate_order /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3251 [inline]
[<ffffffff8153c819>] __asan_report_load8_noabort+0x29/0x30 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3506
[<ffffffff81cdfbb1>] rcu_read_unlock_sched /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/rcupdate.h:1010 [inline]
[<ffffffff81cdfbb1>] percpu_ref_tryget_live /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/percpu-refcount.h:252 [inline]
[<ffffffff81cdfbb1>] css_tryget_online /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:342 [inline]
[<ffffffff81cdfbb1>] task_get_css /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:475 [inline]
[<ffffffff81cdfbb1>] bio_copy_user_iov+0xe61/0xea0 /syzkaller/managers/android-49-kasan-gce/kernel/block/bio.c:1998
[<ffffffff81d13b07>] queue_limit_discard_alignment /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/blkdev.h:1324 [inline]
[<ffffffff81d13b07>] blk_rq_map_user_iov+0x237/0x790 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:611
[<ffffffff81d14171>] get_start_sect /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/genhd.h:445 [inline]
[<ffffffff81d14171>] bdev_stack_limits /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:653 [inline]
[<ffffffff81d14171>] blk_rq_map_user+0x111/0x1a0 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:674
[<ffffffff8266885a>] sg_common_write.isra.24+0xc1a/0x17c0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1498
[<ffffffff8266cc78>] sg_write+0x688/0xad0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1110
[<ffffffff8156a133>] SYSC_faccessat /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:385 [inline]
[<ffffffff8156a133>] __vfs_write+0x103/0x680 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:363
[<ffffffff8156e260>] vfs_write+0x170/0x4e0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:1765
[<ffffffff81571c59>] SyS_write+0xd9/0x1b0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:898
[<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff880194596b40, in cache kmalloc-256 size: 256
Allocated:
PID = 5368
save_stack_trace+0x16/0x20 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/kernel/stacktrace.c:57
compound_head /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:146 [inline]
virt_to_head_page /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/mm.h:557 [inline]
build_detached_freelist /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3055 [inline]
save_stack+0x43/0xd0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3085
kasan_kmalloc+0xad/0xe0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3868
compound_head /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:146 [inline]
__SetPageSlab /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:265 [inline]
allocate_slab /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:1583 [inline]
__kmalloc+0x11d/0x310 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:1635
sg_build_indirect.isra.23+0x8b/0x550 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:439
sg_read_oxfer /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1939 [inline]
sg_build_reserve+0x8d/0xb0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:520
__read_once_size /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/compiler.h:243 [inline]
atomic_read /syzkaller/managers/android-49-kasan-gce/kernel/./arch/x86/include/asm/atomic.h:26 [inline]
sg_open+0x946/0x15a0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:2553
hlist_add_head /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/list.h:649 [inline]
chrdev_open+0x22b/0x4c0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/super.c:519
__mcopy_atomic /syzkaller/managers/android-49-kasan-gce/kernel/mm/userfaultfd.c:158 [inline]
do_dentry_open+0x607/0xc60 /syzkaller/managers/android-49-kasan-gce/kernel/mm/userfaultfd.c:306
inode_lock /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/fs.h:746 [inline]
vfs_open+0x105/0x220 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:61
path_connected /syzkaller/managers/android-49-kasan-gce/kernel/fs/namei.c:598 [inline]
path_openat+0x64c/0x2a60 /syzkaller/managers/android-49-kasan-gce/kernel/fs/namei.c:1346
do_filp_open+0x197/0x290 /syzkaller/managers/android-49-kasan-gce/kernel/fs/namei.c:217
do_sys_open+0x352/0x4c0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:193
SyS_open+0x2d/0x40 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:196
entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 5372
save_stack_trace+0x16/0x20 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/kernel/stacktrace.c:57
compound_head /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/page-flags.h:146 [inline]
virt_to_head_page /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/mm.h:557 [inline]
build_detached_freelist /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3055 [inline]
save_stack+0x43/0xd0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3085
create_unique_id /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:5553 [inline]
kasan_slab_free+0x73/0xc0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:5590
trace /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:972 [inline]
kfree+0xf0/0x2f0 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:1085
sg_remove_scat.isra.20+0x212/0x2d0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sr_vendor.c:159
sg_start_req /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1670 [inline]
sg_ioctl+0x12d0/0x29f0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:775
rcu_read_unlock /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/rcupdate.h:927 [inline]
sigio_perm /syzkaller/managers/android-49-kasan-gce/kernel/fs/fcntl.c:445 [inline]
do_vfs_ioctl+0x1aa/0x10c0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/fcntl.c:459
__read_once_size /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/compiler.h:243 [inline]
SyS_ioctl+0x8f/0xc0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/fcntl.c:511
entry_SYSCALL_64_fastpath+0x23/0xc6
Memory state around the buggy address:
ffff880194596a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff880194596a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff880194596b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff880194596b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff880194596c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe70865a0a0b000
Write of size 38 by task syz-executor2/5368
CPU: 0 PID: 5368 Comm: syz-executor2 Tainted: G B 4.9.41-gdb02484 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801947e7448 ffffffff81d92609 ffff8801947e7618 0000000000000026
0000000000000001 ffff8801947e7840 ffe70865a0a0b000 ffff8801947e74d0
ffffffff8153c66f 0000000000000000 0000000000000001 ffffffff81ddbec4
Call Trace:
[<ffffffff81d92609>] dump_stack+0xc1/0x128 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-integrity.c:49
[<ffffffff8153c66f>] kasan_report.part.1+0x40f/0x500 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3502
[<ffffffff8153ca40>] kasan_report+0x20/0x30 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3509
[<ffffffff8153b387>] check_memory_region+0x137/0x190 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3079
[<ffffffff8153b414>] set_freepointer /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:262 [inline]
[<ffffffff8153b414>] build_detached_freelist /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3043 [inline]
[<ffffffff8153b414>] kasan_check_write+0x14/0x20 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3085
[<ffffffff81ddbec4>] copy_page_from_iter+0x1a4/0x5d0 /syzkaller/managers/android-49-kasan-gce/kernel/lib/iov_iter.c:1080
[<ffffffff81cdf855>] css_tryget_online /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:341 [inline]
[<ffffffff81cdf855>] task_get_css /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:475 [inline]
[<ffffffff81cdf855>] bio_copy_user_iov+0xb05/0xea0 /syzkaller/managers/android-49-kasan-gce/kernel/block/bio.c:1998
[<ffffffff81d13b07>] queue_limit_discard_alignment /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/blkdev.h:1324 [inline]
[<ffffffff81d13b07>] blk_rq_map_user_iov+0x237/0x790 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:611
[<ffffffff81d14171>] get_start_sect /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/genhd.h:445 [inline]
[<ffffffff81d14171>] bdev_stack_limits /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:653 [inline]
[<ffffffff81d14171>] blk_rq_map_user+0x111/0x1a0 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:674
[<ffffffff8266885a>] sg_common_write.isra.24+0xc1a/0x17c0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1498
[<ffffffff8266cc78>] sg_write+0x688/0xad0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1110
[<ffffffff8156a133>] SYSC_faccessat /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:385 [inline]
[<ffffffff8156a133>] __vfs_write+0x103/0x680 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:363
[<ffffffff8156e260>] vfs_write+0x170/0x4e0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:1765
[<ffffffff81571c59>] SyS_write+0xd9/0x1b0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:898
[<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
==================================================================
BUG: KASAN: wild-memory-access on address ffe70865a0a0b000
Write of size 38 by task syz-executor2/5368
CPU: 0 PID: 5368 Comm: syz-executor2 Tainted: G B 4.9.41-gdb02484 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801947e73f8 ffffffff81d92609 ffe70865a0a0b000 0000000000000026
0000000000000001 0000000020006fdb ffe70865a0a0b000 ffff8801947e7480
ffffffff8153c66f ffffc90001137000 0000000000010000 ffffffff81dc5d14
Call Trace:
[<ffffffff81d92609>] dump_stack+0xc1/0x128 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-integrity.c:49
[<ffffffff8153c66f>] kasan_report.part.1+0x40f/0x500 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3502
[<ffffffff8153ca40>] kasan_report+0x20/0x30 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3509
[<ffffffff8153b387>] check_memory_region+0x137/0x190 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3079
[<ffffffff8153b7f3>] do_slab_free /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:2930 [inline]
[<ffffffff8153b7f3>] slab_free /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:2965 [inline]
[<ffffffff8153b7f3>] memset+0x23/0x40 /syzkaller/managers/android-49-kasan-gce/kernel/mm/slub.c:3878
[<ffffffff81dc5d14>] copy_user_handle_tail+0xb4/0xd0 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/lib/insn.c:400
[<ffffffff81ddbee0>] copy_page_from_iter+0x1c0/0x5d0 /syzkaller/managers/android-49-kasan-gce/kernel/lib/iov_iter.c:1080
[<ffffffff81cdf855>] css_tryget_online /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:341 [inline]
[<ffffffff81cdf855>] task_get_css /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:475 [inline]
[<ffffffff81cdf855>] bio_copy_user_iov+0xb05/0xea0 /syzkaller/managers/android-49-kasan-gce/kernel/block/bio.c:1998
[<ffffffff81d13b07>] queue_limit_discard_alignment /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/blkdev.h:1324 [inline]
[<ffffffff81d13b07>] blk_rq_map_user_iov+0x237/0x790 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:611
[<ffffffff81d14171>] get_start_sect /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/genhd.h:445 [inline]
[<ffffffff81d14171>] bdev_stack_limits /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:653 [inline]
[<ffffffff81d14171>] blk_rq_map_user+0x111/0x1a0 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:674
[<ffffffff8266885a>] sg_common_write.isra.24+0xc1a/0x17c0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1498
[<ffffffff8266cc78>] sg_write+0x688/0xad0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1110
[<ffffffff8156a133>] SYSC_faccessat /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:385 [inline]
[<ffffffff8156a133>] __vfs_write+0x103/0x680 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:363
[<ffffffff8156e260>] vfs_write+0x170/0x4e0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:1765
[<ffffffff81571c59>] SyS_write+0xd9/0x1b0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:898
[<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
==================================================================
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 5368 Comm: syz-executor2 Tainted: G B 4.9.41-gdb02484 #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff880195308000 task.stack: ffff8801947e0000
RIP: 0010:[<ffffffff81dc5599>] [<ffffffff81dc5599>] insn_is_avx /syzkaller/managers/android-49-kasan-gce/kernel/./arch/x86/include/asm/insn.h:134 [inline]
RIP: 0010:[<ffffffff81dc5599>] [<ffffffff81dc5599>] insn_last_prefix_id /syzkaller/managers/android-49-kasan-gce/kernel/./arch/x86/include/asm/insn.h:172 [inline]
RIP: 0010:[<ffffffff81dc5599>] [<ffffffff81dc5599>] memset_erms+0x9/0x10 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/lib/insn.c:280
RSP: 0018:ffff8801947e74b8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffe70865a0a0b000 RCX: 0000000000000026
RDX: 0000000000000026 RSI: 0000000000000000 RDI: ffe70865a0a0b000
RBP: ffff8801947e74d8 R08: 0000000000000001 R09: ffe70865a0a0b000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000026
R13: 0000000000000000 R14: 0000000020006fdb R15: 0000000020006f00
FS: 00007fe407fdd700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000f6acd8 CR3: 00000001953c7000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff8153b801 ffff880195308000 0000000000000026 ffe70865a0a0b000
ffff8801947e7510 ffffffff81dc5d14 ffff8801947e7618 0000000000000026
0000000000000026 ffff8801947e7840 ffe70865a0a0b000 ffff8801947e7580
Call Trace:
[<ffffffff81dc5d14>] copy_user_handle_tail+0xb4/0xd0 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/lib/insn.c:400
[<ffffffff81ddbee0>] copy_page_from_iter+0x1c0/0x5d0 /syzkaller/managers/android-49-kasan-gce/kernel/lib/iov_iter.c:1080
[<ffffffff81cdf855>] css_tryget_online /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:341 [inline]
[<ffffffff81cdf855>] task_get_css /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/cgroup.h:475 [inline]
[<ffffffff81cdf855>] bio_copy_user_iov+0xb05/0xea0 /syzkaller/managers/android-49-kasan-gce/kernel/block/bio.c:1998
[<ffffffff81d13b07>] queue_limit_discard_alignment /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/blkdev.h:1324 [inline]
[<ffffffff81d13b07>] blk_rq_map_user_iov+0x237/0x790 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:611
[<ffffffff81d14171>] get_start_sect /syzkaller/managers/android-49-kasan-gce/kernel/./include/linux/genhd.h:445 [inline]
[<ffffffff81d14171>] bdev_stack_limits /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:653 [inline]
[<ffffffff81d14171>] blk_rq_map_user+0x111/0x1a0 /syzkaller/managers/android-49-kasan-gce/kernel/block/blk-settings.c:674
[<ffffffff8266885a>] sg_common_write.isra.24+0xc1a/0x17c0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1498
[<ffffffff8266cc78>] sg_write+0x688/0xad0 /syzkaller/managers/android-49-kasan-gce/kernel/drivers/scsi/sg.c:1110
[<ffffffff8156a133>] SYSC_faccessat /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:385 [inline]
[<ffffffff8156a133>] __vfs_write+0x103/0x680 /syzkaller/managers/android-49-kasan-gce/kernel/fs/open.c:363
[<ffffffff8156e260>] vfs_write+0x170/0x4e0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:1765
[<ffffffff81571c59>] SyS_write+0xd9/0x1b0 /syzkaller/managers/android-49-kasan-gce/kernel/fs/read_write.c:898
[<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
Code: 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 <f3> aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01
RIP [<ffffffff81dc5599>] insn_is_avx /syzkaller/managers/android-49-kasan-gce/kernel/./arch/x86/include/asm/insn.h:134 [inline]
RIP [<ffffffff81dc5599>] insn_last_prefix_id /syzkaller/managers/android-49-kasan-gce/kernel/./arch/x86/include/asm/insn.h:172 [inline]
RIP [<ffffffff81dc5599>] memset_erms+0x9/0x10 /syzkaller/managers/android-49-kasan-gce/kernel/arch/x86/lib/insn.c:280
RSP <ffff8801947e74b8>
---[ end trace 8ef88055ce0d7f36 ]---