CFI failure at __traceiter_kfree+0x34/0x50 include/trace/events/kmem.h:94 (target: tp_stub_func+0x0/0x10; expected type: 0x8682d211) invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 353 Comm: kworker/0:3 Not tainted 6.1.138-syzkaller-1169873-g7af56ffc913d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: mld mld_ifc_work RIP: 0010:__traceiter_kfree+0x34/0x50 include/trace/events/kmem.h:94 Code: 8b 3d f8 42 ca 05 4d 85 ff 74 2e 48 89 d3 49 89 f6 49 8b 07 49 8b 7f 08 4c 89 f6 48 89 da 41 ba ef 2d 7d 79 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7f 18 00 4d 8d 7f 18 75 d8 31 c0 5b 41 5e 41 5f RSP: 0018:ffffc90001296f90 EFLAGS: 00010213 RAX: ffffffff81710d60 RBX: ffff88811475f000 RCX: 0000000000000000 RDX: ffff88811475f000 RSI: ffffffff83df017f RDI: ffffc90000189000 RBP: ffffc90001296fa8 R08: dffffc0000000000 R09: ffffc90001296e60 R10: 000000001ebd94fb R11: 1ffff92000252dcc R12: ffff888114c98ea0 R13: ffff88811475f688 R14: ffffffff83df017f R15: ffff88811ab7f7a8 FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3015ffff CR3: 000000011dffc000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0xc9/0xf0 mm/slab_common.c:977 skb_free_head net/core/skbuff.c:762 [inline] skb_release_data+0x63f/0x890 net/core/skbuff.c:791 skb_release_all net/core/skbuff.c:856 [inline] __kfree_skb net/core/skbuff.c:870 [inline] kfree_skb_reason+0xd4/0x230 net/core/skbuff.c:893 kfree_skb include/linux/skbuff.h:1239 [inline] ip_tunnel_xmit+0x13a1/0x2700 net/ipv4/ip_tunnel.c:850 __gre_xmit net/ipv4/ip_gre.c:474 [inline] erspan_xmit+0xa21/0x1720 net/ipv4/ip_gre.c:723 __netdev_start_xmit include/linux/netdevice.h:4929 [inline] netdev_start_xmit include/linux/netdevice.h:4943 [inline] xmit_one net/core/dev.c:3669 [inline] dev_hard_start_xmit+0x20b/0x750 net/core/dev.c:3685 sch_direct_xmit+0x267/0x8d0 net/sched/sch_generic.c:342 __dev_xmit_skb net/core/dev.c:3906 [inline] __dev_queue_xmit+0x15f9/0x3420 net/core/dev.c:4311 dev_queue_xmit include/linux/netdevice.h:3084 [inline] neigh_hh_output include/net/neighbour.h:536 [inline] neigh_output include/net/neighbour.h:550 [inline] ip6_finish_output2+0x15c0/0x1870 net/ipv6/ip6_output.c:138 __ip6_finish_output net/ipv6/ip6_output.c:205 [inline] ip6_finish_output+0x5f9/0xbb0 net/ipv6/ip6_output.c:216 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0x1d1/0x3b0 net/ipv6/ip6_output.c:237 dst_output include/net/dst.h:453 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] mld_sendpack+0x7ab/0xd40 net/ipv6/mcast.c:1826 mld_send_cr net/ipv6/mcast.c:2127 [inline] mld_ifc_work+0x80c/0xbe0 net/ipv6/mcast.c:2659 process_one_work+0x71f/0xc40 kernel/workqueue.c:2299 worker_thread+0xa29/0x11f0 kernel/workqueue.c:2446 kthread+0x281/0x320 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__traceiter_kfree+0x34/0x50 include/trace/events/kmem.h:94 Code: 8b 3d f8 42 ca 05 4d 85 ff 74 2e 48 89 d3 49 89 f6 49 8b 07 49 8b 7f 08 4c 89 f6 48 89 da 41 ba ef 2d 7d 79 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7f 18 00 4d 8d 7f 18 75 d8 31 c0 5b 41 5e 41 5f RSP: 0018:ffffc90001296f90 EFLAGS: 00010213 RAX: ffffffff81710d60 RBX: ffff88811475f000 RCX: 0000000000000000 RDX: ffff88811475f000 RSI: ffffffff83df017f RDI: ffffc90000189000 RBP: ffffc90001296fa8 R08: dffffc0000000000 R09: ffffc90001296e60 R10: 000000001ebd94fb R11: 1ffff92000252dcc R12: ffff888114c98ea0 R13: ffff88811475f688 R14: ffffffff83df017f R15: ffff88811ab7f7a8 FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3015ffff CR3: 000000011dffc000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400