------------[ cut here ]------------ WARNING: kernel/bpf/verifier.c:2742 at reg_bounds_sanity_check+0x394/0x460 kernel/bpf/verifier.c:2742, CPU#1: syz.1.2783/16339 verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0x4000000, 0x0] s64=[0x4000000, 0x0] u32=[0x4000000, 0x0] s32=[0x4000000, 0x0] var_off=(0x0, 0x0) Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 1 UID: 0 PID: 16339 Comm: syz.1.2783 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express Call trace: [<80201a74>] (dump_backtrace) from [<80201b70>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:82283bb8 r6:84666c00 r5:00000000 r4:8229596c [<80201b58>] (show_stack) from [<8021ee18>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201b58>] (show_stack) from [<8021ee18>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:120) [<8021edc4>] (dump_stack_lvl) from [<8021ee58>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r5:00000000 r4:82a7bd14 [<8021ee40>] (dump_stack) from [<80202648>] (vpanic+0xe0/0x2e8 kernel/panic.c:489) [<80202568>] (vpanic) from [<80202884>] (trace_suspend_resume+0x0/0xd8 kernel/panic.c:626) r7:803dd5b0 [<80202850>] (panic) from [<802520b0>] (check_panic_on_warn kernel/panic.c:376 [inline]) [<80202850>] (panic) from [<802520b0>] (get_taint+0x0/0x1c kernel/panic.c:371) r3:8280c704 r2:00000001 r1:8227c120 r0:82283bb8 [<80252038>] (check_panic_on_warn) from [<80252228>] (__warn+0x94/0x1a4 kernel/panic.c:901) [<80252194>] (__warn) from [<80252520>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:936) r8:00000009 r7:8229c2d8 r6:dfb198ec r5:84666c00 r4:00000000 [<8025233c>] (warn_slowpath_fmt) from [<803dd5b0>] (reg_bounds_sanity_check+0x394/0x460 kernel/bpf/verifier.c:2742) r10:85af0000 r9:04000000 r8:00000000 r7:04000000 r6:00000000 r5:8229cafc r4:84f99aa0 [<803dd21c>] (reg_bounds_sanity_check) from [<803e9e54>] (reg_set_min_max kernel/bpf/verifier.c:16572 [inline]) [<803dd21c>] (reg_bounds_sanity_check) from [<803e9e54>] (reg_set_min_max+0x1fc/0x280 kernel/bpf/verifier.c:16537) r10:00000000 r9:00000030 r8:85af0000 r7:85af6118 r6:85af60a8 r5:85f532a0 r4:84f99aa0 [<803e9c58>] (reg_set_min_max) from [<803fa080>] (check_cond_jmp_op+0x548/0x1940 kernel/bpf/verifier.c:17016) r10:85af60a8 r9:85f53000 r8:00000030 r7:85e16180 r6:84a87a80 r5:85af0000 r4:dfb1b088 r3:84f99aa0 [<803f9b38>] (check_cond_jmp_op) from [<80401a8c>] (do_check_insn kernel/bpf/verifier.c:20441 [inline]) [<803f9b38>] (check_cond_jmp_op) from [<80401a8c>] (do_check kernel/bpf/verifier.c:20581 [inline]) [<803f9b38>] (check_cond_jmp_op) from [<80401a8c>] (do_check_common+0x2208/0x317c kernel/bpf/verifier.c:23865) r10:00000011 r9:dfb1b000 r8:85af6000 r7:dfb1b088 r6:85af0000 r5:dfb1b040 r4:8507d208 [<803ff884>] (do_check_common) from [<804060e8>] (do_check_main kernel/bpf/verifier.c:23948 [inline]) [<803ff884>] (do_check_common) from [<804060e8>] (bpf_check+0x2998/0x2ebc kernel/bpf/verifier.c:25255) r10:00000000 r9:85af6000 r8:85af0000 r7:00000a7b r6:85af08bc r5:00000001 r4:00000016 [<80403750>] (bpf_check) from [<803d684c>] (bpf_prog_load+0x654/0xdf4 kernel/bpf/syscall.c:3088) r10:dfb19d90 r9:84666c00 r8:00000000 r7:dfb19d50 r6:00000000 r5:00000000 r4:dfb19eb0 [<803d61f8>] (bpf_prog_load) from [<803d8614>] (__sys_bpf+0x9ac/0x2228 kernel/bpf/syscall.c:6164) r10:84666c00 r9:dfb19ea8 r8:00000000 r7:00000005 r6:dfb19e88 r5:00000048 r4:00000000 [<803d7c68>] (__sys_bpf) from [<803da440>] (__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]) [<803d7c68>] (__sys_bpf) from [<803da440>] (sys_bpf+0x2c/0x48 kernel/bpf/syscall.c:6272) r10:00000182 r9:84666c00 r8:8020029c r7:00000182 r6:00316450 r5:00000000 r4:00000000 [<803da414>] (sys_bpf) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xdfb19fa8 to 0xdfb19ff0) 9fa0: 00000000 00000000 00000005 200054c0 00000048 00000000 9fc0: 00000000 00000000 00316450 00000182 00300000 00000000 00006364 76f5f0bc 9fe0: 76f5eec0 76f5eeb0 0001929c 00132320 Rebooting in 86400 seconds..