------------[ cut here ]------------ WARNING: CPU: 0 PID: 3140 at mm/kfence/core.c:1147 __kfence_free+0x7c/0xb4 mm/kfence/core.c:1147 Modules linked in: CPU: 0 PID: 3140 Comm: syz-executor.0 Not tainted 6.7.0-syzkaller #0 Hardware name: linux,dummy-virt (DT) pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __kfence_free+0x7c/0xb4 mm/kfence/core.c:1147 lr : kfence_free include/linux/kfence.h:187 [inline] lr : __slab_free+0x48c/0x508 mm/slub.c:3614 sp : ffff800080003d20 x29: ffff800080003d20 x28: f1ff000002c03900 x27: 000000000000000a x26: ffff00007f9befb8 x25: ffff8000825bbf00 x24: ffff00007ffa3000 x23: 0000000000000001 x22: ffff00007ffa3000 x21: ffff00007ffa3000 x20: ffff8000804c00a4 x19: fffffc0001ffe8c0 x18: 0000000000000000 x17: ffff7ffffd52e000 x16: ffff800080000000 x15: 00004c4b40000000 x14: 0000000000000373 x13: 0000000000000373 x12: 0000000000000001 x11: 0000000000000008 x10: 0000000000000002 x9 : ffff8000824b3228 x8 : ffff800080003e00 x7 : 0000000000000000 x6 : 0000000000000000 x5 : ffff8000804c00a4 x4 : ffff00007f868000 x3 : ffff8000824b02b8 x2 : f3ff0000090b4c80 x1 : ffff00007f8a40a0 x0 : ffff00007ffa3000 Call trace: __kfence_free+0x7c/0xb4 mm/kfence/core.c:1147 kfence_free include/linux/kfence.h:187 [inline] __slab_free+0x48c/0x508 mm/slub.c:3614 do_slab_free mm/slub.c:3757 [inline] slab_free mm/slub.c:3810 [inline] __kmem_cache_free+0x220/0x230 mm/slub.c:3822 kfree+0x5c/0x74 mm/slab_common.c:1056 security_cred_free+0x44/0x58 security/security.c:2934 put_cred_rcu+0x24/0x170 kernel/cred.c:78 rcu_do_batch kernel/rcu/tree.c:2158 [inline] rcu_core+0x258/0x654 kernel/rcu/tree.c:2431 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2448 __do_softirq+0x10c/0x26c kernel/softirq.c:553 ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:80 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:886 do_softirq_own_stack+0x1c/0x28 arch/arm64/kernel/irq.c:85 invoke_softirq kernel/softirq.c:434 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xc0/0xdc kernel/softirq.c:644 __el1_irq arch/arm64/kernel/entry-common.c:503 [inline] el1_interrupt+0x38/0x64 arch/arm64/kernel/entry-common.c:517 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:522 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:591 arch_stack_walk+0x8c/0x298 arch/arm64/kernel/stacktrace.c:190 stack_trace_save+0x4c/0x78 kernel/stacktrace.c:122 kasan_save_stack+0x3c/0x64 mm/kasan/common.c:45 save_stack_info+0x38/0x118 mm/kasan/tags.c:104 kasan_save_alloc_info+0x14/0x20 mm/kasan/tags.c:138 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc+0xb8/0xbc mm/kasan/common.c:383 kasan_kmalloc include/linux/kasan.h:198 [inline] kmalloc_node_trace+0x44/0x58 mm/slab_common.c:1115 kmalloc_node include/linux/slab.h:616 [inline] kzalloc_node include/linux/slab.h:732 [inline] __get_vm_area_node+0x90/0x1d4 mm/vmalloc.c:2588 __vmalloc_node_range+0xe4/0x844 mm/vmalloc.c:3280 __vmalloc_node mm/vmalloc.c:3385 [inline] vzalloc+0x5c/0x6c mm/vmalloc.c:3458 alloc_counters.isra.0+0x20/0x13c net/ipv4/netfilter/ip_tables.c:799 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:821 [inline] get_entries net/ipv4/netfilter/ip_tables.c:1022 [inline] do_ipt_get_ctl+0x27c/0x49c net/ipv4/netfilter/ip_tables.c:1660 nf_getsockopt+0x60/0x8c net/netfilter/nf_sockopt.c:116 ip_getsockopt+0xfc/0x170 net/ipv4/ip_sockglue.c:1781 tcp_getsockopt+0x20/0x48 net/ipv4/tcp.c:4362 sock_common_getsockopt+0x1c/0x28 net/core/sock.c:3692 do_sock_getsockopt+0x13c/0x288 net/socket.c:2375 __sys_getsockopt+0x78/0xd0 net/socket.c:2404 __do_sys_getsockopt net/socket.c:2414 [inline] __se_sys_getsockopt net/socket.c:2411 [inline] __arm64_sys_getsockopt+0x24/0x34 net/socket.c:2411 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:51 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:136 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:155 el0_svc+0x34/0xd8 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:595 ---[ end trace 0000000000000000 ]---