sd 1:0:0:1: [sdc] Media removed, stopped polling
general protection fault, probably for non-canonical address 0xe01ffbf1102227d8: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0x00ffff8881113ec0-0x00ffff8881113ec7]
CPU: 0 PID: 988 Comm: kworker/u4:4 Not tainted 5.16.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound async_run_entry_fn
RIP: 0010:strlen+0x1a/0x90 lib/string.c:487
Code: e8 db 93 5d ff 48 8b 74 24 08 48 8b 3c 24 eb c0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 48 89 fd 48 c1 ea 03 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 48 80 7d 00 00
RSP: 0018:ffffc90002077858 EFLAGS: 00010292
RAX: dffffc0000000000 RBX: ffff88811c075041 RCX: 0000000000000000
RDX: 001ffff1102227d8 RSI: ffffffff8213581e RDI: 00ffff8881113ec3
RBP: 00ffff8881113ec3 R08: 000000004c7b87f2 R09: 0000000049c1e9c8
R10: fffff5200040eeb5 R11: 0000000000050046 R12: dffffc0000000000
R13: ffff888135cdb9c8 R14: 0000000000000013 R15: 0000000000000cc0
FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f29095a2d38 CR3: 000000013669b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
strlen include/linux/fortify-string.h:102 [inline]
get_kobj_path_length lib/kobject.c:141 [inline]
kobject_get_path+0x36/0x230 lib/kobject.c:176
kobject_uevent_env+0x265/0x1650 lib/kobject_uevent.c:529
disk_uevent+0x124/0x460 block/genhd.c:367
device_add_disk+0xc71/0xed0 block/genhd.c:519
sd_probe+0xa69/0xfd0 drivers/scsi/sd.c:3582
call_driver_probe drivers/base/dd.c:517 [inline]
really_probe+0x245/0xcc0 drivers/base/dd.c:596
__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781
__device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:898
bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427
__device_attach_async_helper+0x1c9/0x280 drivers/base/dd.c:927
async_run_entry_fn+0x9d/0x550 kernel/async.c:127
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x40b/0x500 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
Modules linked in:
---[ end trace 7527fc1d28529b3e ]---
RIP: 0010:strlen+0x1a/0x90 lib/string.c:487
Code: e8 db 93 5d ff 48 8b 74 24 08 48 8b 3c 24 eb c0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 48 89 fd 48 c1 ea 03 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 48 80 7d 00 00
RSP: 0018:ffffc90002077858 EFLAGS: 00010292
RAX: dffffc0000000000 RBX: ffff88811c075041 RCX: 0000000000000000
RDX: 001ffff1102227d8 RSI: ffffffff8213581e RDI: 00ffff8881113ec3
RBP: 00ffff8881113ec3 R08: 000000004c7b87f2 R09: 0000000049c1e9c8
R10: fffff5200040eeb5 R11: 0000000000050046 R12: dffffc0000000000
R13: ffff888135cdb9c8 R14: 0000000000000013 R15: 0000000000000cc0
FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f29095a2d38 CR3: 000000013669b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: e8 db 93 5d ff callq 0xff5d93e0
5: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
a: 48 8b 3c 24 mov (%rsp),%rdi
e: eb c0 jmp 0xffffffd0
10: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
17: fc ff df
1a: 48 89 fa mov %rdi,%rdx
1d: 55 push %rbp
1e: 48 89 fd mov %rdi,%rbp
21: 48 c1 ea 03 shr $0x3,%rdx
25: 53 push %rbx
26: 48 83 ec 08 sub $0x8,%rsp
* 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction
2e: 48 89 fa mov %rdi,%rdx
31: 83 e2 07 and $0x7,%edx
34: 38 d0 cmp %dl,%al
36: 7f 04 jg 0x3c
38: 84 c0 test %al,%al
3a: 75 48 jne 0x84
3c: 80 7d 00 00 cmpb $0x0,0x0(%rbp)