Me and my colleague Jan-Gerd Tenberge encountered this issue in production on the 5.15, 6.1 and 6.2 kernel versions. We make a small reproducible case that might help find the root cause: simple_repo.c: #include <linux/bpf.h> #include <bpf/bpf_helpers.h> SEC("socket") int socket__http_filter(struct __sk_buff* skb) { volatile __u32 r = bpf_get_prandom_u32(); if (r == 0) { goto done; } #pragma clang loop unroll(full) for (int i = 0; i < 12000; i++) { r += 1; } #pragma clang loop unroll(full) for (int i = 0; i < 12000; i++) { r += 1; } done: return r; } Looking at kernel/bpf/core.c it seems that during constant blinding every instruction which has an constant operand gets 2 additional instructions. This increases the amount of instructions between the JMP and target of the JMP cause rewrite of the JMP to fail because the offset becomes bigger than S16_MAX. Hope this helps, Bram Schuur and Jan-Gerd Tenberge