CFI failure at __traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222 (target: tp_stub_func+0x0/0x10; expected type: 0xee1f7a69)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6266 Comm: syz.5.1710 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:__traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222
Code: 80 3c 30 00 74 05 e8 b4 86 69 00 49 8b 7d 08 44 89 e6 48 8b 55 c8 48 8b 4d c0 44 8b 45 d4 41 ba 97 85 e0 11 45 03 57 fc 74 02 <0f> 0b 41 ff d7 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0018:ffffc90000be6cf0 EFLAGS: 00010096
RAX: 1ffff1102632d8cc RBX: ffff88813196c658 RCX: ffff888117839440
RDX: ffff8881196d9440 RSI: 0000000000000001 RDI: ffffc900008f9000
RBP: ffffc90000be6d30 R08: 0000000000000000 R09: 0000000000000003
R10: 00000000b720eca3 R11: 1ffff9200017cd40 R12: 0000000000000001
R13: ffff88813196c658 R14: dffffc0000000000 R15: ffffffff81714610
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000074000 CR3: 000000014414a000 CR4: 00000000003506b0
DR0: 0000200000000300 DR1: 00000000000000fd DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 trace_sched_switch include/trace/events/sched.h:222 [inline]
 __schedule+0x1263/0x14e0 kernel/sched/core.c:6747
 preempt_schedule_irq+0x9b/0x110 kernel/sched/core.c:7062
 raw_irqentry_exit_cond_resched+0x29/0x30 kernel/entry/common.c:396
 irqentry_exit+0x37/0x40 kernel/entry/common.c:439
 sysvec_apic_timer_interrupt+0x64/0xc0 arch/x86/kernel/apic/apic.c:1118
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__rcu_read_unlock+0x0/0xa0 kernel/rcu/tree_plugin.h:419
Code: 07 80 c1 03 38 c1 7c ef 48 89 df e8 5a cc 57 00 eb e5 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 <55> 48 89 e5 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48 8b
RSP: 0018:ffffc90000be6fd8 EFLAGS: 00000293
RAX: ffffffff81a9c970 RBX: 0000000000000200 RCX: ffff8881196d9440
RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000
RBP: ffffc90000be71b0 R08: ffff8881196d9440 R09: 0000000000000002
R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000100
R13: dffffc0000000000 R14: 1ffff110232db33d R15: ffff88813f5a2b58
 faultin_page mm/gup.c:1026 [inline]
 __get_user_pages+0x33d/0xd80 mm/gup.c:1250
 __get_user_pages_locked mm/gup.c:1454 [inline]
 get_dump_page+0x185/0x670 mm/gup.c:1952
 dump_user_range+0x127/0x600 fs/coredump.c:911
 elf_core_dump+0x29e7/0x2ef0 fs/binfmt_elf.c:2354
 do_coredump+0x1557/0x21b0 fs/coredump.c:760
 get_signal+0x11db/0x1520 kernel/signal.c:2875
 arch_do_signal_or_restart+0xb0/0x1030 arch/x86/kernel/signal.c:871
 exit_to_user_mode_loop+0x7a/0xb0 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0x87/0xd0 kernel/entry/common.c:210
 irqentry_exit_to_user_mode+0x9/0x10 kernel/entry/common.c:316
 irqentry_exit+0x12/0x40 kernel/entry/common.c:419
 exc_page_fault+0x5e/0xb0 arch/x86/mm/fault.c:1525
 asm_exc_page_fault+0x27/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0033:0x7ff539c4f6b7
Code: 88 15 42 60 ec 00 88 05 3f 60 ec 00 c3 50 48 8d 35 e9 48 1c 00 48 8d 3d ef 48 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8
RSP: 002b:00007ff53acb6120 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007ff539d8f749
RDX: 00007ff53acb6140 RSI: 00007ff53acb6270 RDI: 000000000000000b
RBP: 00007ff539e13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007ff539fe6128 R14: 00007ff539fe6090 R15: 00007ffe4c1a2368
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222
Code: 80 3c 30 00 74 05 e8 b4 86 69 00 49 8b 7d 08 44 89 e6 48 8b 55 c8 48 8b 4d c0 44 8b 45 d4 41 ba 97 85 e0 11 45 03 57 fc 74 02 <0f> 0b 41 ff d7 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0018:ffffc90000be6cf0 EFLAGS: 00010096
RAX: 1ffff1102632d8cc RBX: ffff88813196c658 RCX: ffff888117839440
RDX: ffff8881196d9440 RSI: 0000000000000001 RDI: ffffc900008f9000
RBP: ffffc90000be6d30 R08: 0000000000000000 R09: 0000000000000003
R10: 00000000b720eca3 R11: 1ffff9200017cd40 R12: 0000000000000001
R13: ffff88813196c658 R14: dffffc0000000000 R15: ffffffff81714610
FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000074000 CR3: 000000014414a000 CR4: 00000000003506b0
DR0: 0000200000000300 DR1: 00000000000000fd DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	80 c1 03             	add    $0x3,%cl
   3:	38 c1                	cmp    %al,%cl
   5:	7c ef                	jl     0xfffffff6
   7:	48 89 df             	mov    %rbx,%rdi
   a:	e8 5a cc 57 00       	call   0x57cc69
   f:	eb e5                	jmp    0xfffffff6
  11:	0f 1f 84 00 00 00 00 	nopl   0x0(%rax,%rax,1)
  18:	00
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	b8 0c 67 40 a5       	mov    $0xa540670c,%eax
* 29:	55                   	push   %rbp <-- trapping instruction
  2a:	48 89 e5             	mov    %rsp,%rbp
  2d:	41 57                	push   %r15
  2f:	41 56                	push   %r14
  31:	53                   	push   %rbx
  32:	49 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%r14
  39:	fc ff df
  3c:	65                   	gs
  3d:	48                   	rex.W
  3e:	8b                   	.byte 0x8b