------------[ cut here ]------------
WARNING: CPU: 1 PID: 2909 at mm/kfence/core.c:1070 __kfence_free+0x84/0xc0 mm/kfence/core.c:1070
Modules linked in:
CPU: 1 PID: 2909 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller-00060-g30306f6194ca #0
Hardware name: linux,dummy-virt (DT)
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __kfence_free+0x84/0xc0 mm/kfence/core.c:1070
lr : kfence_free include/linux/kfence.h:186 [inline]
lr : __slab_free+0x2dc/0x4d0 mm/slub.c:3312
sp : ffff80000b173b40
x29: ffff80000b173b40 x28: f4ff000005a01000 x27: f2ff000002c01900
x26: 0000000000000000 x25: ffff00007b792f80 x24: 0000000000000001
x23: 0000000000000001 x22: ffff00007b792f80 x21: f2ff000002c01900
x20: ffff8000084ac118 x19: fffffc0001ede480 x18: 0000000000000002
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000001 x13: 00000000000576cf x12: ffff800009ee8370
x11: ffff80000a2dfef0 x10: 01ffc34000000000 x9 : 0000000000000000
x8 : 0000000000000001 x7 : 0000000000192f80 x6 : ffff80000a2e0000
x5 : ffff8000084ac118 x4 : ffff80000a56f170 x3 : ffff80000a2e0340
x2 : f2ff000025475200 x1 : ffff80000a5a7bb0 x0 : ffff00007b792f80
Call trace:
 __kfence_free+0x84/0xc0 mm/kfence/core.c:1070
 kfence_free include/linux/kfence.h:186 [inline]
 __slab_free+0x2dc/0x4d0 mm/slub.c:3312
 do_slab_free mm/slub.c:3495 [inline]
 slab_free mm/slub.c:3508 [inline]
 kfree+0x234/0x260 mm/slub.c:4555
 exit_sem+0x438/0x800 ipc/sem.c:2446
 do_exit+0x290/0x960 kernel/exit.c:788
 do_group_exit+0x34/0xa0 kernel/exit.c:925
 __do_sys_exit_group kernel/exit.c:936 [inline]
 __se_sys_exit_group kernel/exit.c:934 [inline]
 __arm64_sys_exit_group+0x18/0x20 kernel/exit.c:934
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142
 do_el0_svc+0xa0/0xc0 arch/arm64/kernel/syscall.c:206
 el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:624
 el0t_64_sync_handler+0x1ac/0x1b0 arch/arm64/kernel/entry-common.c:642
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581
---[ end trace 0000000000000000 ]---