------------[ cut here ]------------
kernel BUG at ./include/linux/scatterlist.h:124!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
kobject: 'loop5' (ffff8880a4a95260): kobject_uevent_env
Modules linked in:
CPU: 1 PID: 13676 Comm: syz-executor.4 Not tainted 4.14.144 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
kobject: 'loop5' (ffff8880a4a95260): fill_kobj_path: path = '/devices/virtual/block/loop5'
task: ffff88806f810300 task.stack: ffff888069158000
RIP: 0010:sg_page include/linux/scatterlist.h:124 [inline]
RIP: 0010:gcmaes_decrypt.constprop.0+0x910/0xd20 arch/x86/crypto/aesni-intel_glue.c:828
RSP: 0018:ffff88806915f9b8 EFLAGS: 00010216
RAX: 0000000000040000 RBX: ffff888081e45a48 RCX: ffffc9000c892000
RDX: 00000000000001e3 RSI: ffffffff812ecd40 RDI: ffff888081e456e4
RBP: ffff88806915fa90 R08: ffff8880812d6060 R09: ffffed100d22bf5a
kobject: 'loop1' (ffff8880a495cea0): kobject_uevent_env
R10: ffffed100d22bf59 R11: ffff88806915facb R12: ffffea00027e36c2
R13: ffff888081e45a7c R14: 0000000000000010 R15: ffff888086a6a100
FS:  00007f227381b700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000070f158 CR3: 0000000071d6c000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kobject: 'loop1' (ffff8880a495cea0): fill_kobj_path: path = '/devices/virtual/block/loop1'
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
kobject: 'loop2' (ffff8880a49d77a0): kobject_uevent_env
 generic_gcmaes_decrypt+0xf4/0x130 arch/x86/crypto/aesni-intel_glue.c:1126
 crypto_aead_decrypt include/crypto/aead.h:362 [inline]
 gcmaes_wrapper_decrypt+0x162/0x200 arch/x86/crypto/aesni-intel_glue.c:961
 crypto_aead_decrypt include/crypto/aead.h:362 [inline]
 _aead_recvmsg crypto/algif_aead.c:316 [inline]
 aead_recvmsg+0x821/0x1d70 crypto/algif_aead.c:335
kobject: 'loop2' (ffff8880a49d77a0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'bonding_slave' (ffff888082cdef58): kobject_cleanup, parent ffff8880725e3370
 aead_recvmsg_nokey+0x5d/0x80 crypto/algif_aead.c:453
kobject: 'loop0' (ffff8880a4920e20): kobject_uevent_env
 sock_recvmsg_nosec net/socket.c:819 [inline]
 sock_recvmsg net/socket.c:826 [inline]
 sock_recvmsg+0xc6/0x110 net/socket.c:822
 SYSC_recvfrom+0x1d2/0x300 net/socket.c:1815
kobject: 'loop0' (ffff8880a4920e20): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'bonding_slave' (ffff888082cdef58): does not have a release() function, it is broken and must be fixed.
 SyS_recvfrom+0x40/0x50 net/socket.c:1787
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
kobject: 'bonding_slave' (ffff888082cdef58): auto cleanup kobject_del
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4598e9
RSP: 002b:00007f227381ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
kobject: 'bonding_slave': free name
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598e9
RDX: 00000000ffffff7e RSI: 0000000020001240 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f227381b6d4
R13: 00000000004c6d68 R14: 00000000004dc180 R15: 00000000ffffffff
Code: 
kobject: 'loop1' (ffff8880a495cea0): kobject_uevent_env
0f 0b e8 d4 15 2e 00 0f 0b e8 cd 15 2e 00 0f 0b e8 c6 15 2e 00 0f 0b e8 bf 15 2e 00 e8 36 75 d1 ff e9 63 ff ff ff e8 b0 15 2e 00 <0f> 0b e8 a9 
kobject: 'loop1' (ffff8880a495cea0): fill_kobj_path: path = '/devices/virtual/block/loop1'
15 2e 00 0f 0b 4c 89 85 58 ff ff ff e8 9b 15 2e 00 
RIP: sg_page include/linux/scatterlist.h:124 [inline] RSP: ffff88806915f9b8
RIP: gcmaes_decrypt.constprop.0+0x910/0xd20 arch/x86/crypto/aesni-intel_glue.c:828 RSP: ffff88806915f9b8
bond0: Releasing backup interface bond_slave_1
---[ end trace 1f1f228352047964 ]---