------------[ cut here ]------------ WARNING: kernel/bpf/verifier.c:2763 at reg_bounds_sanity_check+0x3c0/0x428 kernel/bpf/verifier.c:2763, CPU#0: syz.4.6042/26013 verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0x4000000, 0x0] s64=[0x4000000, 0x0] u32=[0x4000000, 0x0] s32=[0x4000000, 0x0] var_off=(0x0, 0x0) Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 0 UID: 0 PID: 26013 Comm: syz.4.6042 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: ARM-Versatile Express Call trace: [<80201a14>] (dump_backtrace) from [<80201b08>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:8281f900 r6:00000000 r5:822a4ebc r4:00000001 [<80201af0>] (show_stack) from [<8021e454>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201af0>] (show_stack) from [<8021e454>] (dump_stack_lvl+0x5c/0x70 lib/dump_stack.c:120) [<8021e3f8>] (dump_stack_lvl) from [<8021e480>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r7:8281f900 r6:00000000 r5:83f80000 r4:82a7fd14 [<8021e468>] (dump_stack) from [<802025f4>] (vpanic+0x114/0x320 kernel/panic.c:650) [<802024e0>] (vpanic) from [<80202834>] (trace_suspend_resume+0x0/0x104 kernel/panic.c:787) r7:803e024c [<80202800>] (panic) from [<80250a68>] (check_panic_on_warn kernel/panic.c:524 [inline]) [<80202800>] (panic) from [<80250a68>] (get_taint+0x0/0x1c kernel/panic.c:519) r3:8280c544 r2:00000001 r1:8228bc60 r0:82293518 [<802509f0>] (check_panic_on_warn) from [<80250be4>] (__warn+0x98/0x1ac kernel/panic.c:1062) [<80250b4c>] (__warn) from [<80250ee0>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:1097) r8:00000009 r7:822ab7f4 r6:e02b58c4 r5:83f80000 r4:00000000 [<80250cfc>] (warn_slowpath_fmt) from [<803e024c>] (reg_bounds_sanity_check+0x3c0/0x428 kernel/bpf/verifier.c:2763) r10:85ed8000 r9:04000000 r8:00000000 r7:04000000 r6:00000000 r5:822abf58 r4:86a892a0 [<803dfe8c>] (reg_bounds_sanity_check) from [<803ecfe0>] (reg_set_min_max kernel/bpf/verifier.c:17106 [inline]) [<803dfe8c>] (reg_bounds_sanity_check) from [<803ecfe0>] (reg_set_min_max+0x230/0x288 kernel/bpf/verifier.c:17071) r10:00000000 r9:00000030 r8:85ed8000 r7:85ede120 r6:85ede0b0 r5:8659a2a0 r4:86a892a0 [<803ecdb0>] (reg_set_min_max) from [<803fd370>] (check_cond_jmp_op+0x434/0x1980 kernel/bpf/verifier.c:17559) r10:8659a000 r9:00000030 r8:86484b80 r7:00000070 r6:85ed8000 r5:8387b240 r4:e02b7088 r3:86a892a0 [<803fcf3c>] (check_cond_jmp_op) from [<80404228>] (do_check_insn kernel/bpf/verifier.c:21103 [inline]) [<803fcf3c>] (check_cond_jmp_op) from [<80404228>] (do_check kernel/bpf/verifier.c:21243 [inline]) [<803fcf3c>] (check_cond_jmp_op) from [<80404228>] (do_check_common+0x259c/0x3228 kernel/bpf/verifier.c:24581) r10:86484b80 r9:85ed8000 r8:e02b7088 r7:85ede000 r6:00000011 r5:e02b7040 r4:e02b7000 [<80401c8c>] (do_check_common) from [<80407e7c>] (do_check_main kernel/bpf/verifier.c:24664 [inline]) [<80401c8c>] (do_check_common) from [<80407e7c>] (bpf_check+0x22e4/0x2d30 kernel/bpf/verifier.c:25989) r10:85ede000 r9:00000001 r8:85ed8000 r7:00000a7b r6:85ed88bc r5:00000000 r4:00000016 [<80405b98>] (bpf_check) from [<803d959c>] (bpf_prog_load+0x5b8/0xdec kernel/bpf/syscall.c:3089) r10:e02b7000 r9:83f80000 r8:850a9b30 r7:e02b5d18 r6:00000000 r5:00000000 r4:e02b5eb0 [<803d8fe4>] (bpf_prog_load) from [<803dadc4>] (__sys_bpf+0x2d8/0x2008 kernel/bpf/syscall.c:6229) r10:00000005 r9:00000000 r8:e02b5e50 r7:00000048 r6:83f80000 r5:200054c0 r4:00000000 [<803daaec>] (__sys_bpf) from [<803dd08c>] (__do_sys_bpf kernel/bpf/syscall.c:6342 [inline]) [<803daaec>] (__sys_bpf) from [<803dd08c>] (sys_bpf+0x2c/0x48 kernel/bpf/syscall.c:6340) r10:00000182 r9:83f80000 r8:8020029c r7:00000182 r6:00346450 r5:00000000 r4:00000000 [<803dd060>] (sys_bpf) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xe02b5fa8 to 0xe02b5ff0) 5fa0: 00000000 00000000 00000005 200054c0 00000048 00000000 5fc0: 00000000 00000000 00346450 00000182 00346418 00000000 00000001 76f0b0dc 5fe0: 76f0ae88 76f0ae78 00018734 0012fc20 Rebooting in 86400 seconds..