==================================================================
BUG: KASAN: invalid-access in af_alg_pull_tsgl+0xc4/0x25c crypto/af_alg.c:712
Read at addr f7f000001d279d60 by task syz.1.42256/30748
Pointer tag: [f7], memory tag: [fa]

CPU: 1 UID: 0 PID: 30748 Comm: syz.1.42256 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace arch/arm64/kernel/stacktrace.c:498 [inline] (C)
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x60/0x80 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x1c4/0x4b0 mm/kasan/report.c:482
 kasan_report+0x84/0xac mm/kasan/report.c:595
 report_tag_fault arch/arm64/mm/fault.c:330 [inline]
 do_tag_recovery arch/arm64/mm/fault.c:342 [inline]
 __do_kernel_fault+0x174/0x1c8 arch/arm64/mm/fault.c:384
 do_bad_area+0x68/0x78 arch/arm64/mm/fault.c:484
 do_tag_check_fault+0x34/0x44 arch/arm64/mm/fault.c:857
 do_mem_abort+0x40/0x90 arch/arm64/mm/fault.c:933
 el1_abort+0x44/0x70 arch/arm64/kernel/entry-common.c:303
 el1h_64_sync_handler+0x50/0xac arch/arm64/kernel/entry-common.c:437
 el1h_64_sync+0x6c/0x70 arch/arm64/kernel/entry.S:591
 af_alg_pull_tsgl+0xc4/0x25c crypto/af_alg.c:712 (P)
 _skcipher_recvmsg crypto/algif_skcipher.c:152 [inline]
 skcipher_recvmsg+0x188/0x474 crypto/algif_skcipher.c:221
 sock_recvmsg_nosec net/socket.c:1078 [inline]
 sock_recvmsg net/socket.c:1100 [inline]
 sock_recvmsg net/socket.c:1096 [inline]
 __sys_recvfrom+0x158/0x1a8 net/socket.c:2256
 __do_sys_recvfrom net/socket.c:2271 [inline]
 __se_sys_recvfrom net/socket.c:2267 [inline]
 __arm64_sys_recvfrom+0x24/0x38 net/socket.c:2267
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x48/0x104 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151
 el0_svc+0x34/0x124 arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0xa0/0xf0 arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:596

The buggy address belongs to the object at fff000001d279d60
 which belongs to the cache kmalloc-32 of size 32
The buggy address is located 0 bytes inside of
 32-byte region [fff000001d279d60, fff000001d279d80)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xf4f000001d279380 pfn:0x5d279
flags: 0x1ffc00000000200(workingset|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0)
page_type: f5(slab)
raw: 01ffc00000000200 f1f0000003401500 ffffc1ffc184a0d0 ffffc1ffc0171810
raw: f4f000001d279380 0000000800800078 00000000f5000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 fff000001d279b00: f0 f0 f2 f2 f5 f5 fa fa fd fd fe fe fa fa fb fb
 fff000001d279c00: f1 f1 f8 f8 fc fc f3 f3 fc fc f3 f3 fb fb fe fe
>fff000001d279d00: f5 f5 f0 f0 f7 f7 fa fa f8 f8 f3 f3 fb fb f0 f0
                                     ^
 fff000001d279e00: f5 f5 f5 f5 f6 f6 fc fc f4 f4 fd fd f8 f8 f3 f3
 fff000001d279f00: f8 f8 f5 f5 fc fc fa fa f8 f8 fe fe f1 f1 f0 f0
==================================================================