diff --git a/src/arch/x86_64/interrupt/syscall.rs b/src/arch/x86_64/interrupt/syscall.rs
index 0b0c514..016cde1 100644
--- a/src/arch/x86_64/interrupt/syscall.rs
+++ b/src/arch/x86_64/interrupt/syscall.rs
@@ -108,11 +108,11 @@ function!(syscall_instruction => {
 
         // If ZF was set, i.e. the address was invalid higher-half, so jump to the slower iretq and
         // handle the error without being able to execute attacker-controlled code!
-        jmp 1f
+        jnz 1f
 
         // Otherwise, continue with the fast sysretq.
 
-        sub rsp, 8              // Pop fake userspace CS
+        add rsp, 8              // Pop fake userspace CS
         pop r11                 // Pop rflags
         pop QWORD PTR gs:[0x70] // Pop userspace stack pointer
         mov rsp, gs:[0x70]      // Restore userspace stack pointer