CFI failure at __traceiter_tlb_flush+0x80/0xd0 include/trace/events/tlb.h:38 (target: tp_stub_func+0x0/0x10; expected type: 0x205553a5) invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 10459 Comm: syz.4.3346 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 RIP: 0010:__traceiter_tlb_flush+0x80/0xd0 include/trace/events/tlb.h:38 Code: 89 f8 48 c1 e8 03 42 80 3c 28 00 74 05 e8 28 62 07 00 49 8b 7c 24 08 44 89 f6 48 8b 55 d0 41 ba 5b ac aa df 44 03 53 fc 74 02 <0f> 0b ff d3 49 83 c7 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 RSP: 0018:ffffc90001497268 EFLAGS: 00010093 RAX: 1ffff110262f0903 RBX: ffffffff81713fc0 RCX: ffff888116bd1440 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffc90000afb000 RBP: ffffc90001497298 R08: dffffc0000000000 R09: fffffbfff0ee4e9e R10: 0000000084eb1367 R11: 1ffffffff0ee4e9d R12: ffff888131784810 R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888131784810 FS: 00007f59da96d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000025016c64 CR3: 000000012aec1000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: trace_tlb_flush include/trace/events/tlb.h:38 [inline] switch_mm_irqs_off+0x61f/0x980 arch/x86/mm/tlb.c:634 context_switch kernel/sched/core.c:5405 [inline] __schedule+0x9eb/0x14e0 kernel/sched/core.c:6750 preempt_schedule_irq+0x9b/0x110 kernel/sched/core.c:7062 raw_irqentry_exit_cond_resched+0x29/0x30 kernel/entry/common.c:396 irqentry_exit+0x37/0x40 kernel/entry/common.c:439 sysvec_reschedule_ipi+0x78/0x80 arch/x86/kernel/smp.c:244 asm_sysvec_reschedule_ipi+0x1b/0x20 arch/x86/include/asm/idtentry.h:696 RIP: 0010:zone_watermark_fast+0x154/0x240 mm/page_alloc.c:4324 Code: b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ef d2 04 00 48 8b 0b 48 03 4d b8 b0 01 49 39 cc 8b 5d c4 44 8b 75 d4 <77> 70 48 8b 7d c8 44 89 ee 48 8b 55 b8 44 89 f1 41 89 d8 4d 89 f9 RSP: 0018:ffffc900014975a8 EFLAGS: 00000212 RAX: 1ffffffff0edc601 RBX: 0000000000000901 RCX: 00000000000033cd RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff876e3b10 RBP: ffffc900014975f0 R08: dffffc0000000000 R09: fffffbfff0edc763 R10: fffffbfff0edc763 R11: 1ffffffff0edc762 R12: 00000000000c1d50 R13: 0000000000000000 R14: 0000000000000001 R15: 00000000000c1d50 get_page_from_freelist+0x3e1/0x2cf0 mm/page_alloc.c:4508 __alloc_pages+0x1c3/0x450 mm/page_alloc.c:5868 __alloc_pages_node include/linux/gfp.h:236 [inline] alloc_pages_node include/linux/gfp.h:259 [inline] pcpu_alloc_pages mm/percpu-vm.c:95 [inline] pcpu_populate_chunk+0x1a0/0xce0 mm/percpu-vm.c:285 pcpu_alloc+0xc5f/0x1690 mm/percpu.c:1862 __alloc_percpu_gfp+0x25/0x30 mm/percpu.c:1937 bpf_map_alloc_percpu+0xc0/0x2b0 kernel/bpf/syscall.c:498 prealloc_init+0x24e/0x8f0 kernel/bpf/hashtab.c:328 htab_map_alloc+0xb24/0xfd0 kernel/bpf/hashtab.c:568 find_and_alloc_map kernel/bpf/syscall.c:133 [inline] map_create+0x49c/0xd80 kernel/bpf/syscall.c:1126 __sys_bpf+0x30b/0x780 kernel/bpf/syscall.c:4984 __do_sys_bpf kernel/bpf/syscall.c:5106 [inline] __se_sys_bpf kernel/bpf/syscall.c:5104 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5104 x64_sys_call+0x488/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f59dcb8f749 Code: Unable to access opcode bytes at 0x7f59dcb8f71f. RSP: 002b:00007f59da96d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f59dcde6450 RCX: 00007f59dcb8f749 RDX: 0000000000000050 RSI: 0000200000000380 RDI: 0000000000000000 RBP: 00007f59dcc13f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f59dcde64e8 R14: 00007f59dcde6450 R15: 00007fffc6463468 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__traceiter_tlb_flush+0x80/0xd0 include/trace/events/tlb.h:38 Code: 89 f8 48 c1 e8 03 42 80 3c 28 00 74 05 e8 28 62 07 00 49 8b 7c 24 08 44 89 f6 48 8b 55 d0 41 ba 5b ac aa df 44 03 53 fc 74 02 <0f> 0b ff d3 49 83 c7 18 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 RSP: 0018:ffffc90001497268 EFLAGS: 00010093 RAX: 1ffff110262f0903 RBX: ffffffff81713fc0 RCX: ffff888116bd1440 RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffc90000afb000 RBP: ffffc90001497298 R08: dffffc0000000000 R09: fffffbfff0ee4e9e R10: 0000000084eb1367 R11: 1ffffffff0ee4e9d R12: ffff888131784810 R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888131784810 FS: 00007f59da96d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000025016c64 CR3: 000000012aec1000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: b9 00 00 00 00 mov $0x0,%ecx 5: 00 fc add %bh,%ah 7: ff (bad) 8: df 80 3c 08 00 74 filds 0x7400083c(%rax) e: 08 48 89 or %cl,-0x77(%rax) 11: df e8 fucomip %st(0),%st 13: ef out %eax,(%dx) 14: d2 04 00 rolb %cl,(%rax,%rax,1) 17: 48 8b 0b mov (%rbx),%rcx 1a: 48 03 4d b8 add -0x48(%rbp),%rcx 1e: b0 01 mov $0x1,%al 20: 49 39 cc cmp %rcx,%r12 23: 8b 5d c4 mov -0x3c(%rbp),%ebx 26: 44 8b 75 d4 mov -0x2c(%rbp),%r14d * 2a: 77 70 ja 0x9c <-- trapping instruction 2c: 48 8b 7d c8 mov -0x38(%rbp),%rdi 30: 44 89 ee mov %r13d,%esi 33: 48 8b 55 b8 mov -0x48(%rbp),%rdx 37: 44 89 f1 mov %r14d,%ecx 3a: 41 89 d8 mov %ebx,%r8d 3d: 4d 89 f9 mov %r15,%r9