sd 1:0:0:1: [sdc] Media removed, stopped polling general protection fault, probably for non-canonical address 0xe01ffbf1102227d8: 0000 [#1] PREEMPT SMP KASAN KASAN: maybe wild-memory-access in range [0x00ffff8881113ec0-0x00ffff8881113ec7] CPU: 0 PID: 988 Comm: kworker/u4:4 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound async_run_entry_fn RIP: 0010:strlen+0x1a/0x90 lib/string.c:487 Code: e8 db 93 5d ff 48 8b 74 24 08 48 8b 3c 24 eb c0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 48 89 fd 48 c1 ea 03 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 48 80 7d 00 00 RSP: 0018:ffffc90002077858 EFLAGS: 00010292 RAX: dffffc0000000000 RBX: ffff88811c075041 RCX: 0000000000000000 RDX: 001ffff1102227d8 RSI: ffffffff8213581e RDI: 00ffff8881113ec3 RBP: 00ffff8881113ec3 R08: 000000004c7b87f2 R09: 0000000049c1e9c8 R10: fffff5200040eeb5 R11: 0000000000050046 R12: dffffc0000000000 R13: ffff888135cdb9c8 R14: 0000000000000013 R15: 0000000000000cc0 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f29095a2d38 CR3: 000000013669b000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: strlen include/linux/fortify-string.h:102 [inline] get_kobj_path_length lib/kobject.c:141 [inline] kobject_get_path+0x36/0x230 lib/kobject.c:176 kobject_uevent_env+0x265/0x1650 lib/kobject_uevent.c:529 disk_uevent+0x124/0x460 block/genhd.c:367 device_add_disk+0xc71/0xed0 block/genhd.c:519 sd_probe+0xa69/0xfd0 drivers/scsi/sd.c:3582 call_driver_probe drivers/base/dd.c:517 [inline] really_probe+0x245/0xcc0 drivers/base/dd.c:596 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:898 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427 __device_attach_async_helper+0x1c9/0x280 drivers/base/dd.c:927 async_run_entry_fn+0x9d/0x550 kernel/async.c:127 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445 kthread+0x40b/0x500 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Modules linked in: ---[ end trace 7527fc1d28529b3e ]--- RIP: 0010:strlen+0x1a/0x90 lib/string.c:487 Code: e8 db 93 5d ff 48 8b 74 24 08 48 8b 3c 24 eb c0 48 b8 00 00 00 00 00 fc ff df 48 89 fa 55 48 89 fd 48 c1 ea 03 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 48 80 7d 00 00 RSP: 0018:ffffc90002077858 EFLAGS: 00010292 RAX: dffffc0000000000 RBX: ffff88811c075041 RCX: 0000000000000000 RDX: 001ffff1102227d8 RSI: ffffffff8213581e RDI: 00ffff8881113ec3 RBP: 00ffff8881113ec3 R08: 000000004c7b87f2 R09: 0000000049c1e9c8 R10: fffff5200040eeb5 R11: 0000000000050046 R12: dffffc0000000000 R13: ffff888135cdb9c8 R14: 0000000000000013 R15: 0000000000000cc0 FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f29095a2d38 CR3: 000000013669b000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: e8 db 93 5d ff callq 0xff5d93e0 5: 48 8b 74 24 08 mov 0x8(%rsp),%rsi a: 48 8b 3c 24 mov (%rsp),%rdi e: eb c0 jmp 0xffffffd0 10: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 17: fc ff df 1a: 48 89 fa mov %rdi,%rdx 1d: 55 push %rbp 1e: 48 89 fd mov %rdi,%rbp 21: 48 c1 ea 03 shr $0x3,%rdx 25: 53 push %rbx 26: 48 83 ec 08 sub $0x8,%rsp * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 48 89 fa mov %rdi,%rdx 31: 83 e2 07 and $0x7,%edx 34: 38 d0 cmp %dl,%al 36: 7f 04 jg 0x3c 38: 84 c0 test %al,%al 3a: 75 48 jne 0x84 3c: 80 7d 00 00 cmpb $0x0,0x0(%rbp)