syzbot

CFI failure at __traceiter_sched_wakeup+0x7d/0xb0 include/trace/events/sched.h:178 (target: tp_stub_func+0x0/0x10; expected type: 0x389e96a6)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:__traceiter_sched_wakeup+0x7d/0xb0 include/trace/events/sched.h:178
Code: 49 8d 7e 08 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 e6 fb 6a 00 49 8b 7f 08 48 89 de 41 ba 5a 69 61 c7 45 03 55 fc 74 02 <0f> 0b 41 ff d5 49 83 c6 18 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74
RSP: 0018:ffffc90000007bd8 EFLAGS: 00010817
RAX: 1ffff110245429b6 RBX: ffff88810ee42880 RCX: ffffffff8701c680
RDX: 0000000000010000 RSI: ffff88810ee42880 RDI: ffffffff87104140
RBP: ffffc90000007c00 R08: ffffffff8792ddef R09: 1ffffffff0f25bbd
R10: 000000006ca1d066 R11: fffffbfff0f25bbe R12: dffffc0000000000
R13: ffffffff817296e0 R14: ffff888122a14da8 R15: ffff888122a14da8
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6298c72140 CR3: 0000000109618000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 trace_sched_wakeup include/trace/events/sched.h:178 [inline]
 ttwu_do_wakeup+0x468/0x490 kernel/sched/core.c:3782
 ttwu_do_activate+0x174/0x280 kernel/sched/core.c:3837
 ttwu_queue kernel/sched/core.c:4063 [inline]
 try_to_wake_up+0x5c0/0x1220 kernel/sched/core.c:4392
 wake_up_process+0x10/0x20 kernel/sched/core.c:4528
 hrtimer_wakeup+0x4e/0x60 kernel/time/hrtimer.c:1939
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x3bb/0x8e0 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x3c7/0x8c0 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
 __sysvec_apic_timer_interrupt+0x11e/0x440 arch/x86/kernel/apic/apic.c:1124
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:default_idle+0xf/0x20 arch/x86/kernel/process.c:742
Code: 27 79 b5 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d f3 a6 64 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
RSP: 0018:ffffffff87007d58 EFLAGS: 00000257
RAX: ffff8881f6e00000 RBX: ffffffff8701c680 RCX: 775e6d09c2bbd400
RDX: 0000000000000001 RSI: ffffffff85ca8b00 RDI: ffffffff85ca8ac0
RBP: ffffffff87007d58 R08: ffff8881f6e348b3 R09: 1ffff1103edc6916
R10: 0000000000000000 R11: ffffffff85018c00 R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff8701c680 R15: dffffc0000000000
 arch_cpu_idle+0x1c/0x20 arch/x86/kernel/process.c:733
 default_idle_call+0x71/0x1d0 kernel/sched/idle.c:109
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x1a7/0x560 kernel/sched/idle.c:303
 cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:401
 rest_init+0x10a/0x130 init/main.c:744
 arch_call_rest_init+0xe/0x10 init/main.c:904
 start_kernel+0x483/0x4f1 init/main.c:1275
 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:555
 x86_64_start_kernel+0x7c/0x81 arch/x86/kernel/head64.c:536
 secondary_startup_64_no_verify+0xce/0xdb
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_sched_wakeup+0x7d/0xb0 include/trace/events/sched.h:178
Code: 49 8d 7e 08 48 89 f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 e6 fb 6a 00 49 8b 7f 08 48 89 de 41 ba 5a 69 61 c7 45 03 55 fc 74 02 <0f> 0b 41 ff d5 49 83 c6 18 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74
RSP: 0018:ffffc90000007bd8 EFLAGS: 00010817
RAX: 1ffff110245429b6 RBX: ffff88810ee42880 RCX: ffffffff8701c680
RDX: 0000000000010000 RSI: ffff88810ee42880 RDI: ffffffff87104140
RBP: ffffc90000007c00 R08: ffffffff8792ddef R09: 1ffffffff0f25bbd
R10: 000000006ca1d066 R11: fffffbfff0f25bbe R12: dffffc0000000000
R13: ffffffff817296e0 R14: ffff888122a14da8 R15: ffff888122a14da8
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6298c72140 CR3: 0000000109618000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	79 b5                	jns    0xffffffb7
   2:	fc                   	cld
   3:	e9 3d ff ff ff       	jmp    0xffffff45
   8:	00 00                	add    %al,(%rax)
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	b8 0c 67 40 a5       	mov    $0xa540670c,%eax
  1a:	55                   	push   %rbp
  1b:	48 89 e5             	mov    %rsp,%rbp
  1e:	66 90                	xchg   %ax,%ax
  20:	0f 00 2d f3 a6 64 00 	verw   0x64a6f3(%rip)        # 0x64a71a
  27:	fb                   	sti
  28:	f4                   	hlt
* 29:	5d                   	pop    %rbp <-- trapping instruction
  2a:	c3                   	ret
  2b:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  32:	00 00 00
  35:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  3a:	90                   	nop
  3b:	90                   	nop
  3c:	90                   	nop
  3d:	90                   	nop
  3e:	90                   	nop