------------[ cut here ]------------ kernel BUG at ./include/linux/scatterlist.h:124! invalid opcode: 0000 [#1] PREEMPT SMP KASAN kobject: 'loop5' (ffff8880a4a95260): kobject_uevent_env Modules linked in: CPU: 1 PID: 13676 Comm: syz-executor.4 Not tainted 4.14.144 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'loop5' (ffff8880a4a95260): fill_kobj_path: path = '/devices/virtual/block/loop5' task: ffff88806f810300 task.stack: ffff888069158000 RIP: 0010:sg_page include/linux/scatterlist.h:124 [inline] RIP: 0010:gcmaes_decrypt.constprop.0+0x910/0xd20 arch/x86/crypto/aesni-intel_glue.c:828 RSP: 0018:ffff88806915f9b8 EFLAGS: 00010216 RAX: 0000000000040000 RBX: ffff888081e45a48 RCX: ffffc9000c892000 RDX: 00000000000001e3 RSI: ffffffff812ecd40 RDI: ffff888081e456e4 RBP: ffff88806915fa90 R08: ffff8880812d6060 R09: ffffed100d22bf5a kobject: 'loop1' (ffff8880a495cea0): kobject_uevent_env R10: ffffed100d22bf59 R11: ffff88806915facb R12: ffffea00027e36c2 R13: ffff888081e45a7c R14: 0000000000000010 R15: ffff888086a6a100 FS: 00007f227381b700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000070f158 CR3: 0000000071d6c000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kobject: 'loop1' (ffff8880a495cea0): fill_kobj_path: path = '/devices/virtual/block/loop1' DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kobject: 'loop2' (ffff8880a49d77a0): kobject_uevent_env generic_gcmaes_decrypt+0xf4/0x130 arch/x86/crypto/aesni-intel_glue.c:1126 crypto_aead_decrypt include/crypto/aead.h:362 [inline] gcmaes_wrapper_decrypt+0x162/0x200 arch/x86/crypto/aesni-intel_glue.c:961 crypto_aead_decrypt include/crypto/aead.h:362 [inline] _aead_recvmsg crypto/algif_aead.c:316 [inline] aead_recvmsg+0x821/0x1d70 crypto/algif_aead.c:335 kobject: 'loop2' (ffff8880a49d77a0): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'bonding_slave' (ffff888082cdef58): kobject_cleanup, parent ffff8880725e3370 aead_recvmsg_nokey+0x5d/0x80 crypto/algif_aead.c:453 kobject: 'loop0' (ffff8880a4920e20): kobject_uevent_env sock_recvmsg_nosec net/socket.c:819 [inline] sock_recvmsg net/socket.c:826 [inline] sock_recvmsg+0xc6/0x110 net/socket.c:822 SYSC_recvfrom+0x1d2/0x300 net/socket.c:1815 kobject: 'loop0' (ffff8880a4920e20): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'bonding_slave' (ffff888082cdef58): does not have a release() function, it is broken and must be fixed. SyS_recvfrom+0x40/0x50 net/socket.c:1787 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292 kobject: 'bonding_slave' (ffff888082cdef58): auto cleanup kobject_del entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4598e9 RSP: 002b:00007f227381ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d kobject: 'bonding_slave': free name RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004598e9 RDX: 00000000ffffff7e RSI: 0000000020001240 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f227381b6d4 R13: 00000000004c6d68 R14: 00000000004dc180 R15: 00000000ffffffff Code: kobject: 'loop1' (ffff8880a495cea0): kobject_uevent_env 0f 0b e8 d4 15 2e 00 0f 0b e8 cd 15 2e 00 0f 0b e8 c6 15 2e 00 0f 0b e8 bf 15 2e 00 e8 36 75 d1 ff e9 63 ff ff ff e8 b0 15 2e 00 <0f> 0b e8 a9 kobject: 'loop1' (ffff8880a495cea0): fill_kobj_path: path = '/devices/virtual/block/loop1' 15 2e 00 0f 0b 4c 89 85 58 ff ff ff e8 9b 15 2e 00 RIP: sg_page include/linux/scatterlist.h:124 [inline] RSP: ffff88806915f9b8 RIP: gcmaes_decrypt.constprop.0+0x910/0xd20 arch/x86/crypto/aesni-intel_glue.c:828 RSP: ffff88806915f9b8 bond0: Releasing backup interface bond_slave_1 ---[ end trace 1f1f228352047964 ]---