------------[ cut here ]------------ WARNING: CPU: 0 PID: 18584 at kernel/bpf/verifier.c:2722 reg_bounds_sanity_check+0x390/0x45c kernel/bpf/verifier.c:2722 verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000)(1) Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 0 UID: 0 PID: 18584 Comm: syz.8.4604 Not tainted syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express Call trace: [<80201a24>] (dump_backtrace) from [<80201b20>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:00000000 r6:8281f77c r5:00000000 r4:8226023c [<80201b08>] (show_stack) from [<8021fb74>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201b08>] (show_stack) from [<8021fb74>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:120) [<8021fb20>] (dump_stack_lvl) from [<8021fbb4>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r5:00000000 r4:82a77d18 [<8021fb9c>] (dump_stack) from [<80202624>] (vpanic+0x10c/0x30c kernel/panic.c:430) [<80202518>] (vpanic) from [<80202858>] (trace_suspend_resume+0x0/0xd8 kernel/panic.c:566) r7:803d442c [<80202824>] (panic) from [<80254960>] (check_panic_on_warn kernel/panic.c:323 [inline]) [<80202824>] (panic) from [<80254960>] (get_taint+0x0/0x1c kernel/panic.c:318) r3:8280c684 r2:00000001 r1:82246c58 r0:8224e6d4 [<802548e8>] (check_panic_on_warn) from [<80254ac4>] (__warn+0x80/0x188 kernel/panic.c:837) [<80254a44>] (__warn) from [<80254db4>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:872) r8:00000009 r7:82266b3c r6:dfcc1984 r5:83ae3000 r4:00000000 [<80254bd0>] (warn_slowpath_fmt) from [<803d442c>] (reg_bounds_sanity_check+0x390/0x45c kernel/bpf/verifier.c:2722) r10:84a08000 r9:ffffdfcd r8:80000000 r7:ffffdfcd r6:ffffdfcc r5:82267498 r4:8a6e2a58 [<803d409c>] (reg_bounds_sanity_check) from [<803e28f8>] (reg_set_min_max kernel/bpf/verifier.c:16334 [inline]) [<803d409c>] (reg_bounds_sanity_check) from [<803e28f8>] (reg_set_min_max+0x1b0/0x26c kernel/bpf/verifier.c:16308) r10:00000001 r9:8a6e1348 r8:00000010 r7:84a08000 r6:8a6e2b48 r5:8a6e2a58 r4:8a6e1258 [<803e2748>] (reg_set_min_max) from [<803ecd00>] (check_cond_jmp_op+0x848/0x1718 kernel/bpf/verifier.c:16768) r10:8a6e1348 r9:8a6e2800 r8:00000000 r7:838f7e80 r6:838f7380 r5:84a08000 r4:dfa030a8 r3:8a6e1258 [<803ec4b8>] (check_cond_jmp_op) from [<803f6e90>] (do_check_insn kernel/bpf/verifier.c:19956 [inline]) [<803ec4b8>] (check_cond_jmp_op) from [<803f6e90>] (do_check kernel/bpf/verifier.c:20093 [inline]) [<803ec4b8>] (check_cond_jmp_op) from [<803f6e90>] (do_check_common+0x2008/0x311c kernel/bpf/verifier.c:23260) r10:00000015 r9:84a0d000 r8:dfa03078 r7:0000000f r6:dfa03000 r5:838f7200 r4:84a08000 [<803f4e88>] (do_check_common) from [<803fb760>] (do_check_main kernel/bpf/verifier.c:23343 [inline]) [<803f4e88>] (do_check_common) from [<803fb760>] (bpf_check+0x28c8/0x3038 kernel/bpf/verifier.c:24703) r10:00000000 r9:84a087b8 r8:84a08000 r7:00000001 r6:84a0d000 r5:00000016 r4:00000a7b [<803f8e98>] (bpf_check) from [<803cdc08>] (bpf_prog_load+0x68c/0xc20 kernel/bpf/syscall.c:2979) r10:83ae3000 r9:8a334330 r8:00000048 r7:dfcc1d90 r6:00000000 r5:00000000 r4:dfcc1ec0 [<803cd57c>] (bpf_prog_load) from [<803cf244>] (__sys_bpf+0x42c/0x20f0 kernel/bpf/syscall.c:6029) r10:b5403587 r9:200054c0 r8:00000000 r7:00000000 r6:00000005 r5:dfcc1e90 r4:00000048 [<803cee18>] (__sys_bpf) from [<803d14a8>] (__do_sys_bpf kernel/bpf/syscall.c:6139 [inline]) [<803cee18>] (__sys_bpf) from [<803d14a8>] (sys_bpf+0x2c/0x48 kernel/bpf/syscall.c:6137) r10:00000182 r9:83ae3000 r8:8020029c r7:00000182 r6:002f6448 r5:00000000 r4:00000000 [<803d147c>] (sys_bpf) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xdfcc1fa8 to 0xdfcc1ff0) 1fa0: 00000000 00000000 00000005 200054c0 00000048 00000000 1fc0: 00000000 00000000 002f6448 00000182 002e0000 00000000 00006364 76edf0bc 1fe0: 76edeec0 76edeeb0 0001948c 001322c0 Rebooting in 86400 seconds..