CFI failure at __traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222 (target: tp_stub_func+0x0/0x10; expected type: 0xee1f7a69)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 10284 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:__traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222
Code: 80 3c 30 00 74 05 e8 c4 90 69 00 49 8b 7d 08 44 89 e6 48 8b 55 c8 48 8b 4d c0 44 8b 45 d4 41 ba 97 85 e0 11 45 03 57 fc 74 02 <0f> 0b 41 ff d7 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0018:ffffc900012165d0 EFLAGS: 00010096
RAX: 1ffff11022ee6e09 RBX: ffff888117737040 RCX: ffff88810f9d1440
RDX: ffff8881121b0000 RSI: 0000000000000001 RDI: ffffc90001729000
RBP: ffffc90001216610 R08: 0000000000000000 R09: 0000000000000003
R10: 00000000b720eca3 R11: 1ffff92000242c74 R12: 0000000000000001
R13: ffff888117737040 R14: dffffc0000000000 R15: ffffffff817147b0
FS:  0000555578146500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff782372f98 CR3: 000000012ba2d000 CR4: 00000000003526a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 trace_sched_switch include/trace/events/sched.h:222 [inline]
 __schedule+0x1263/0x14e0 kernel/sched/core.c:6747
 preempt_schedule_irq+0x9b/0x110 kernel/sched/core.c:7062
 raw_irqentry_exit_cond_resched+0x29/0x30 kernel/entry/common.c:396
 irqentry_exit+0x37/0x40 kernel/entry/common.c:439
 sysvec_reschedule_ipi+0x78/0x80 arch/x86/kernel/smp.c:244
 asm_sysvec_reschedule_ipi+0x1b/0x20 arch/x86/include/asm/idtentry.h:696
RIP: 0010:security_kernfs_init_security+0x79/0xb0 security/security.c:1527
Code: c1 e8 03 42 80 3c 28 00 74 08 4c 89 e7 e8 4f 24 80 ff 4c 89 f7 48 89 de 4d 8b 1c 24 41 ba 08 1e 81 db 45 03 53 fc 74 02 0f 0b <41> ff d3 85 c0 75 10 e8 3b a1 3b ff eb a2 e8 34 a1 3b ff 31 c0 eb
RSP: 0018:ffffc900012168c8 EFLAGS: 00000257
RAX: 1ffffffff0c93121 RBX: ffff888132c223e8 RCX: ffff8881121b0000
RDX: 0000000000000000 RSI: ffff888132c223e8 RDI: ffff88811b85d960
RBP: ffffc900012168f0 R08: dffffc0000000000 R09: ffffed102658447e
R10: 0000000000000000 R11: ffffffff82368dd0 R12: ffffffff86498908
R13: dffffc0000000000 R14: ffff88811b85d960 R15: ffffffff864988f0
 __kernfs_new_node+0x3e1/0x680 fs/kernfs/dir.c:653
 kernfs_new_node+0x150/0x260 fs/kernfs/dir.c:690
 __kernfs_create_file+0x4e/0x270 fs/kernfs/file.c:1068
 sysfs_add_file_mode_ns+0x1ce/0x270 fs/sysfs/file.c:294
 create_files fs/sysfs/group.c:64 [inline]
 internal_create_group+0x495/0xd00 fs/sysfs/group.c:148
 internal_create_groups fs/sysfs/group.c:188 [inline]
 sysfs_create_groups+0x58/0x120 fs/sysfs/group.c:214
 device_add_groups drivers/base/core.c:2753 [inline]
 device_add_attrs+0xdb/0x810 drivers/base/core.c:2901
 device_add+0x5f1/0xef0 drivers/base/core.c:3649
 netdev_register_kobject+0x179/0x320 net/core/net-sysfs.c:2009
 register_netdevice+0xe3d/0x14a0 net/core/dev.c:10168
 veth_newlink+0x7a0/0xbe0 drivers/net/veth.c:1776
 rtnl_newlink_create net/core/rtnetlink.c:3422 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3642 [inline]
 rtnl_newlink+0x14b9/0x2030 net/core/rtnetlink.c:3655
 rtnetlink_rcv_msg+0x9f4/0xcf0 net/core/rtnetlink.c:6150
 netlink_rcv_skb+0x1f2/0x440 net/netlink/af_netlink.c:2521
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6168
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x8ab/0xa30 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x8aa/0xbc0 net/netlink/af_netlink.c:1873
 sock_sendmsg_nosec net/socket.c:716 [inline]
 __sock_sendmsg net/socket.c:728 [inline]
 __sys_sendto+0x464/0x5e0 net/socket.c:2143
 __do_sys_sendto net/socket.c:2155 [inline]
 __se_sys_sendto net/socket.c:2151 [inline]
 __x64_sys_sendto+0xe5/0x100 net/socket.c:2151
 x64_sys_call+0x83/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:45
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fbc5f391583
Code: 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d e1 9f 22 00 00 41 89 ca 74 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 55 48 83 ec 30 44 89 4c 24
RSP: 002b:00007ffcaee10348 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fbc60114620 RCX: 00007fbc5f391583
RDX: 000000000000006c RSI: 00007fbc60114670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffcaee10364 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fbc60114670 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_sched_switch+0x9b/0xd0 include/trace/events/sched.h:222
Code: 80 3c 30 00 74 05 e8 c4 90 69 00 49 8b 7d 08 44 89 e6 48 8b 55 c8 48 8b 4d c0 44 8b 45 d4 41 ba 97 85 e0 11 45 03 57 fc 74 02 <0f> 0b 41 ff d7 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74
RSP: 0018:ffffc900012165d0 EFLAGS: 00010096

RAX: 1ffff11022ee6e09 RBX: ffff888117737040 RCX: ffff88810f9d1440
RDX: ffff8881121b0000 RSI: 0000000000000001 RDI: ffffc90001729000
RBP: ffffc90001216610 R08: 0000000000000000 R09: 0000000000000003
R10: 00000000b720eca3 R11: 1ffff92000242c74 R12: 0000000000000001
R13: ffff888117737040 R14: dffffc0000000000 R15: ffffffff817147b0
FS:  0000555578146500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff782372f98 CR3: 000000012ba2d000 CR4: 00000000003526a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	c1 e8 03             	shr    $0x3,%eax
   3:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
   8:	74 08                	je     0x12
   a:	4c 89 e7             	mov    %r12,%rdi
   d:	e8 4f 24 80 ff       	call   0xff802461
  12:	4c 89 f7             	mov    %r14,%rdi
  15:	48 89 de             	mov    %rbx,%rsi
  18:	4d 8b 1c 24          	mov    (%r12),%r11
  1c:	41 ba 08 1e 81 db    	mov    $0xdb811e08,%r10d
  22:	45 03 53 fc          	add    -0x4(%r11),%r10d
  26:	74 02                	je     0x2a
  28:	0f 0b                	ud2
* 2a:	41 ff d3             	call   *%r11 <-- trapping instruction
  2d:	85 c0                	test   %eax,%eax
  2f:	75 10                	jne    0x41
  31:	e8 3b a1 3b ff       	call   0xff3ba171
  36:	eb a2                	jmp    0xffffffda
  38:	e8 34 a1 3b ff       	call   0xff3ba171
  3d:	31 c0                	xor    %eax,%eax
  3f:	eb                   	.byte 0xeb