CFI failure at __traceiter_percpu_free_percpu+0x87/0xe0 include/trace/events/percpu.h:54 (target: tp_stub_func+0x0/0x10; expected type: 0xc88d2a22)
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 349 Comm: kworker/1:2 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: mld mld_ifc_work
RIP: 0010:__traceiter_percpu_free_percpu+0x87/0xe0 include/trace/events/percpu.h:54
Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 53 08 10 00 49 8b 7d 08 4c 89 fe 8b 55 d4 48 8b 4d c8 41 ba de d5 72 37 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08
RSP: 0018:ffffc900001b09f8 EFLAGS: 00010092
RAX: 1ffff11022136309 RBX: dffffc0000000000 RCX: 0000607e08c7ce18
RDX: 000000000007ce18 RSI: ffffe8ffffc00000 RDI: ffffc9000092b000
RBP: ffffc900001b0a30 R08: dffffc0000000000 R09: fffffbfff0ee4bb6
R10: 00000000dcb33cea R11: 1ffffffff0ee4bb5 R12: ffff8881109b1840
R13: ffff8881109b1840 R14: ffffffff817125b0 R15: ffffe8ffffc00000
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000012ed1a000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 trace_percpu_free_percpu include/trace/events/percpu.h:54 [inline]
 free_percpu+0xd09/0x1020 mm/percpu.c:2304
 rt_fibinfo_free_cpus+0x183/0x1a0 net/ipv4/fib_semantics.c:210
 fib_nh_common_release+0xb4/0x260 net/ipv4/fib_semantics.c:217
 fib6_nh_release+0x208/0x220 net/ipv6/route.c:3704
 fib6_info_destroy_rcu+0xc2/0x1c0 net/ipv6/ip6_fib.c:176
 rcu_do_batch+0x515/0xb90 kernel/rcu/tree.c:2297
 rcu_core+0x5a5/0xe70 kernel/rcu/tree.c:2557
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2574
 handle_softirqs+0x1d7/0x600 kernel/softirq.c:642
 __do_softirq+0xb/0xd kernel/softirq.c:680
 do_softirq+0xc6/0x120 kernel/softirq.c:524
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x75/0x80 kernel/softirq.c:448
 __raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline]
 _raw_read_unlock_bh+0x29/0x30 kernel/locking/spinlock.c:284
 ipv6_get_lladdr+0x1b9/0x200 net/ipv6/addrconf.c:1898
 mld_newpack+0x2fe/0xa10 net/ipv6/mcast.c:1760
 add_grhead+0x67/0x300 net/ipv6/mcast.c:1857
 add_grec+0xf19/0x11d0 net/ipv6/mcast.c:1995
 mld_send_cr net/ipv6/mcast.c:2082 [inline]
 mld_ifc_work+0x1e1/0xbe0 net/ipv6/mcast.c:2659
 process_one_work+0x71f/0xc40 kernel/workqueue.c:2302
 worker_thread+0xa29/0x11f0 kernel/workqueue.c:2449
 kthread+0x281/0x320 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_percpu_free_percpu+0x87/0xe0 include/trace/events/percpu.h:54
Code: f8 48 c1 e8 03 80 3c 18 00 74 05 e8 53 08 10 00 49 8b 7d 08 4c 89 fe 8b 55 d4 48 8b 4d c8 41 ba de d5 72 37 45 03 56 fc 74 02 <0f> 0b 41 ff d6 49 83 c4 18 4c 89 e0 48 c1 e8 03 80 3c 18 00 74 08
RSP: 0018:ffffc900001b09f8 EFLAGS: 00010092
RAX: 1ffff11022136309 RBX: dffffc0000000000 RCX: 0000607e08c7ce18
RDX: 000000000007ce18 RSI: ffffe8ffffc00000 RDI: ffffc9000092b000
RBP: ffffc900001b0a30 R08: dffffc0000000000 R09: fffffbfff0ee4bb6
R10: 00000000dcb33cea R11: 1ffffffff0ee4bb5 R12: ffff8881109b1840
R13: ffff8881109b1840 R14: ffffffff817125b0 R15: ffffe8ffffc00000
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000012ed1a000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400