CFI failure at __traceiter_mmap_lock_acquire_returned+0x9a/0xf0 include/trace/events/mmap_lock.h:52 (target: tp_stub_func+0x0/0x10; expected type: 0xd59bbc2f)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5651 Comm: syz-executor Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__traceiter_mmap_lock_acquire_returned+0x9a/0xf0 include/trace/events/mmap_lock.h:52
Code: 42 80 3c 30 00 74 05 e8 44 29 0c 00 48 8b 7b 08 48 8b 75 c8 48 8b 55 c0 8b 4d d4 45 89 e0 41 ba d1 43 64 2a 45 03 57 fc 74 02 <0f> 0b 41 ff d7 49 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0000:ffffc9000ec97b30 EFLAGS: 00010286
RAX: 1ffff11022207ce3 RBX: ffff88811103e710 RCX: 0000000000000000
RDX: ffffc9000ec97ba0 RSI: ffff888121f52300 RDI: ffffc9000efa1000
RBP: ffffc9000ec97b70 R08: 0000000000000001 R09: fffffbfff0ee4a7e
R10: 00000000cfa4aadd R11: 1ffffffff0ee4a7d R12: 0000000000000001
R13: ffff88811103e710 R14: dffffc0000000000 R15: ffffffff81711ed0
FS:  000055556964d500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556964d7d0 CR3: 000000013595e000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:52 [inline]
 __mmap_lock_do_trace_acquire_returned+0x17d/0x1d0 mm/mmap_lock.c:102
 __mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]
 mmap_read_trylock include/linux/mmap_lock.h:176 [inline]
 get_mmap_lock_carefully mm/memory.c:5481 [inline]
 lock_mm_and_find_vma+0x243/0x320 mm/memory.c:5543
 do_user_addr_fault+0x358/0x1050 arch/x86/mm/fault.c:1346
 handle_page_fault arch/x86/mm/fault.c:1466 [inline]
 exc_page_fault+0x51/0xb0 arch/x86/mm/fault.c:1522
 asm_exc_page_fault+0x27/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0010:__put_user_nocheck_4+0x3/0x11
Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 90 90 90 90 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 48 bb f9 ef ff ff ff 7f
RSP: 0000:ffffc9000ec97f20 EFLAGS: 00050293
RAX: 000000000000040f RBX: 00007fffffffeffd RCX: 000055556964d7d0
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811b63bcc0
RBP: ffffc9000ec97f48 R08: dffffc0000000000 R09: fffffbfff0ee4b77
R10: fffffbfff0ee4b77 R11: 1ffffffff0ee4b76 R12: 1ffff110236c7871
R13: 0000000000000000 R14: ffff88811b63bcc0 R15: dffffc0000000000
 ret_from_fork+0x8/0x30 arch/x86/entry/entry_64.S:280
RIP: 0033:0x7f9422f85453
Code: Unable to access opcode bytes at 0x7f9422f85429.
RSP: 002b:00007fffef6c9b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f9422f85453
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
R10: 000055556964d7d0 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000000927c0 R14: 00000000000420cd R15: 00007fffef6c9ce0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_mmap_lock_acquire_returned+0x9a/0xf0 include/trace/events/mmap_lock.h:52
Code: 42 80 3c 30 00 74 05 e8 44 29 0c 00 48 8b 7b 08 48 8b 75 c8 48 8b 55 c0 8b 4d d4 45 89 e0 41 ba d1 43 64 2a 45 03 57 fc 74 02 <0f> 0b 41 ff d7 49 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0000:ffffc9000ec97b30 EFLAGS: 00010286

RAX: 1ffff11022207ce3 RBX: ffff88811103e710 RCX: 0000000000000000
RDX: ffffc9000ec97ba0 RSI: ffff888121f52300 RDI: ffffc9000efa1000
RBP: ffffc9000ec97b70 R08: 0000000000000001 R09: fffffbfff0ee4a7e
R10: 00000000cfa4aadd R11: 1ffffffff0ee4a7d R12: 0000000000000001
R13: ffff88811103e710 R14: dffffc0000000000 R15: ffffffff81711ed0
FS:  000055556964d500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9422f85429 CR3: 000000013595e000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	48 39 d9             	cmp    %rbx,%rcx
   5:	73 54                	jae    0x5b
   7:	0f 01 cb             	stac
   a:	66 89 01             	mov    %ax,(%rcx)
   d:	31 c9                	xor    %ecx,%ecx
   f:	0f 01 ca             	clac
  12:	c3                   	ret
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	48 bb fd ef ff ff ff 	movabs $0x7fffffffeffd,%rbx
  1f:	7f 00 00
  22:	48 39 d9             	cmp    %rbx,%rcx
  25:	73 34                	jae    0x5b
  27:	0f 01 cb             	stac
* 2a:	89 01                	mov    %eax,(%rcx) <-- trapping instruction
  2c:	31 c9                	xor    %ecx,%ecx
  2e:	0f 01 ca             	clac
  31:	c3                   	ret
  32:	90                   	nop
  33:	90                   	nop
  34:	90                   	nop
  35:	90                   	nop
  36:	90                   	nop
  37:	90                   	nop
  38:	48                   	rex.W
  39:	bb f9 ef ff ff       	mov    $0xffffeff9,%ebx
  3e:	ff                   	(bad)
  3f:	7f                   	.byte 0x7f