CFI failure at __traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222 (target: tp_stub_func+0x0/0x10; expected type: 0xee1f7a69)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 2 Comm: kthreadd Tainted: G        W          6.1.141-syzkaller-00042-g96160a0e0aa1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222
Code: 80 3c 30 00 74 05 e8 04 57 69 00 49 8b 7d 08 44 89 e6 48 8b 55 c8 48 8b 4d c0 44 8b 45 d4 41 ba 97 85 e0 11 45 03 57 fc 74 02 <0f> 0b 41 ff d7 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0018:ffffc900000272b0 EFLAGS: 00010096
RAX: 1ffff11022254209 RBX: ffff8881112a1040 RCX: ffff8881003a0000
RDX: ffff888100388000 RSI: 0000000000000001 RDI: ffffc90000c91000
RBP: ffffc900000272f0 R08: 0000000000000000 R09: ffffffff87964018
R10: 00000000b720eca3 R11: 1ffffffff0f2c800 R12: 0000000000000001
R13: ffff8881112a1040 R14: dffffc0000000000 R15: ffffffff817113c0
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec6e070f98 CR3: 000000011705b000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 trace_sched_switch include/trace/events/sched.h:222 [inline]
 __schedule+0x1263/0x14e0 kernel/sched/core.c:6747
 preempt_schedule_irq+0x9b/0x110 kernel/sched/core.c:7062
 raw_irqentry_exit_cond_resched+0x29/0x30 kernel/entry/common.c:396
 irqentry_exit+0x37/0x40 kernel/entry/common.c:439
 sysvec_reschedule_ipi+0x78/0x80 arch/x86/kernel/smp.c:244
 asm_sysvec_reschedule_ipi+0x1b/0x20 arch/x86/include/asm/idtentry.h:696
RIP: 0010:stack_trace_consume_entry+0x13f/0x290 kernel/stacktrace.c:95
Code: 8b 75 c0 49 89 37 41 8b 18 41 0f b6 44 15 00 84 c0 0f 85 3d 01 00 00 41 3b 19 0f 92 c0 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f <5d> c3 44 89 c1 80 e1 07 80 c1 03 38 c1 0f 8c e0 fe ff ff 49 89 fe
RSP: 0018:ffffc90000027598 EFLAGS: 00000282
RAX: 0000000000000001 RBX: ffffc90000027660 RCX: 0000000000027500
RDX: dffffc0000000000 RSI: ffffffff823418ce RDI: ffffc90000027660
RBP: ffffc90000027598 R08: ffffc90000027670 R09: ffffc90000027668
R10: 0000000000000004 R11: 1ffff92000004eb5 R12: ffff888100388000
R13: 0000000000000001 R14: ffffffff8160bd20 R15: ffffc900000275a8
 arch_stack_walk+0x118/0x150 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x98/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
 kasan_save_alloc_info+0x25/0x30 mm/kasan/generic.c:505
 ____kasan_kmalloc mm/kasan/common.c:379 [inline]
 __kasan_kmalloc+0x95/0xb0 mm/kasan/common.c:388
 kasan_kmalloc include/linux/kasan.h:212 [inline]
 __do_kmalloc_node mm/slab_common.c:938 [inline]
 __kmalloc+0xb1/0x1e0 mm/slab_common.c:951
 kmalloc include/linux/slab.h:568 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 lsm_cred_alloc security/security.c:540 [inline]
 security_prepare_creds+0x4e/0x150 security/security.c:1738
 prepare_creds+0x456/0x640 kernel/cred.c:294
 copy_creds+0xe4/0x640 kernel/cred.c:368
 copy_process+0x828/0x3420 kernel/fork.c:2315
 kernel_clone+0x23a/0x810 kernel/fork.c:2863
 kernel_thread+0xd1/0x120 kernel/fork.c:2925
 create_kthread kernel/kthread.c:409 [inline]
 kthreadd+0x32b/0x460 kernel/kthread.c:760
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222
Code: 80 3c 30 00 74 05 e8 04 57 69 00 49 8b 7d 08 44 89 e6 48 8b 55 c8 48 8b 4d c0 44 8b 45 d4 41 ba 97 85 e0 11 45 03 57 fc 74 02 <0f> 0b 41 ff d7 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0018:ffffc900000272b0 EFLAGS: 00010096
RAX: 1ffff11022254209 RBX: ffff8881112a1040 RCX: ffff8881003a0000
RDX: ffff888100388000 RSI: 0000000000000001 RDI: ffffc90000c91000
RBP: ffffc900000272f0 R08: 0000000000000000 R09: ffffffff87964018
R10: 00000000b720eca3 R11: 1ffffffff0f2c800 R12: 0000000000000001
R13: ffff8881112a1040 R14: dffffc0000000000 R15: ffffffff817113c0
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec6e070f98 CR3: 000000011705b000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	8b 75 c0             	mov    -0x40(%rbp),%esi
   3:	49 89 37             	mov    %rsi,(%r15)
   6:	41 8b 18             	mov    (%r8),%ebx
   9:	41 0f b6 44 15 00    	movzbl 0x0(%r13,%rdx,1),%eax
   f:	84 c0                	test   %al,%al
  11:	0f 85 3d 01 00 00    	jne    0x154
  17:	41 3b 19             	cmp    (%r9),%ebx
  1a:	0f 92 c0             	setb   %al
  1d:	48 83 c4 20          	add    $0x20,%rsp
  21:	5b                   	pop    %rbx
  22:	41 5c                	pop    %r12
  24:	41 5d                	pop    %r13
  26:	41 5e                	pop    %r14
  28:	41 5f                	pop    %r15
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	c3                   	ret
  2c:	44 89 c1             	mov    %r8d,%ecx
  2f:	80 e1 07             	and    $0x7,%cl
  32:	80 c1 03             	add    $0x3,%cl
  35:	38 c1                	cmp    %al,%cl
  37:	0f 8c e0 fe ff ff    	jl     0xffffff1d
  3d:	49 89 fe             	mov    %rdi,%r14