------------[ cut here ]------------ page type is 0, passed migratetype is 1 (nr=512) WARNING: CPU: 1 PID: 16949 at mm/page_alloc.c:699 del_page_from_free_list+0x36e/0x490 mm/page_alloc.c:699 Modules linked in: CPU: 1 PID: 16949 Comm: syz-executor.1 Not tainted 6.6.0-rc1-next-20230912-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 RIP: 0010:del_page_from_free_list+0x36e/0x490 mm/page_alloc.c:699 Code: 89 ef be 07 00 00 00 e8 e0 f6 ff ff 44 89 e1 44 89 f2 48 c7 c7 60 b9 99 8a 48 89 c6 b8 01 00 00 00 d3 e0 89 c1 e8 02 1e 7c ff <0f> 0b e9 d2 fc ff ff 48 c7 c6 c0 ba 99 8a 48 89 df e8 6c 44 f4 ff RSP: 0018:ffffc900030f7300 EFLAGS: 00010082 RAX: 0000000000000000 RBX: ffffea0000b70000 RCX: ffffc90005ad1000 RDX: 0000000000040000 RSI: ffffffff814e0216 RDI: 0000000000000001 RBP: 000000000002dc00 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000009 R13: ffff88813fffa700 R14: 0000000000000001 R15: ffffea0000b70000 FS: 00007f8cb8a3c6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30721000 CR3: 0000000025a66000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __free_one_page+0x3eb/0xa50 mm/page_alloc.c:830 free_pcppages_bulk+0x2f3/0x610 mm/page_alloc.c:1233 free_unref_page+0x699/0xd70 mm/page_alloc.c:2483 __unfreeze_partials+0x21d/0x240 mm/slub.c:2655 qlink_free mm/kasan/quarantine.c:166 [inline] qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:185 kasan_quarantine_reduce+0x18b/0x1d0 mm/kasan/quarantine.c:292 __kasan_slab_alloc+0x65/0x90 mm/kasan/common.c:305 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook mm/slab.h:762 [inline] slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x19b/0x350 mm/slub.c:3517 kmalloc_node_trace+0x22/0xd0 mm/slab_common.c:1127 kmalloc_node include/linux/slab.h:615 [inline] kzalloc_node include/linux/slab.h:731 [inline] __get_vm_area_node+0xe1/0x3d0 mm/vmalloc.c:2588 __vmalloc_node_range+0x27a/0x1540 mm/vmalloc.c:3280 kvmalloc_node+0x14b/0x1a0 mm/util.c:632 kvmalloc include/linux/slab.h:737 [inline] kvmalloc_array include/linux/slab.h:755 [inline] kvcalloc include/linux/slab.h:760 [inline] xt_alloc_entry_offsets+0x3a/0x60 net/netfilter/x_tables.c:968 translate_table+0x2b9/0x1c60 net/ipv4/netfilter/arp_tables.c:539 do_replace net/ipv4/netfilter/arp_tables.c:981 [inline] do_arpt_set_ctl+0x5e1/0xf00 net/ipv4/netfilter/arp_tables.c:1421 nf_setsockopt+0x87/0xe0 net/netfilter/nf_sockopt.c:101 ip_setsockopt+0xc7/0xe0 net/ipv4/ip_sockglue.c:1429 udp_setsockopt+0x7d/0xc0 net/ipv4/udp.c:2767 __sys_setsockopt+0x2cd/0x5b0 net/socket.c:2308 __do_sys_setsockopt net/socket.c:2319 [inline] __se_sys_setsockopt net/socket.c:2316 [inline] __x64_sys_setsockopt+0xbd/0x150 net/socket.c:2316 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f8cb7c7cae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8cb8a3c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f8cb7d9bf80 RCX: 00007f8cb7c7cae9 RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f8cb7cc847a R08: 00000000000003b0 R09: 0000000000000000 R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f8cb7d9bf80 R15: 00007ffcb5dd5ac8