When the kmalloc() call is invoked to allocate 'optlen' amount of memory, 1 is incremented to 'optlen' to ensure enough memory is allocated for the option value (optval). However, since sanitization of function arguments are failed to be performed, 'optlen' could be the maximum value that an unsigned integer can hold correctly, thus causing the value to wrap around when the calculation 'optlen + 1' is performed. Enjoy!