------------[ cut here ]------------ WARNING: kernel/bpf/verifier.c:2763 at reg_bounds_sanity_check+0x3c0/0x428 kernel/bpf/verifier.c:2763, CPU#0: syz.0.16/3781 verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000) Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 0 UID: 0 PID: 3781 Comm: syz.0.16 Not tainted syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express Call trace: [<80201a14>] (dump_backtrace) from [<80201b08>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:8281f940 r6:00000000 r5:822a7980 r4:00000001 [<80201af0>] (show_stack) from [<8021e44c>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201af0>] (show_stack) from [<8021e44c>] (dump_stack_lvl+0x5c/0x70 lib/dump_stack.c:120) [<8021e3f0>] (dump_stack_lvl) from [<8021e478>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r7:8281f940 r6:00000000 r5:831cec00 r4:82a80d14 [<8021e460>] (dump_stack) from [<802025f4>] (vpanic+0x114/0x320 kernel/panic.c:650) [<802024e0>] (vpanic) from [<80202834>] (trace_suspend_resume+0x0/0x104 kernel/panic.c:787) r7:803e058c [<80202800>] (panic) from [<80250a74>] (check_panic_on_warn kernel/panic.c:524 [inline]) [<80202800>] (panic) from [<80250a74>] (get_taint+0x0/0x1c kernel/panic.c:519) r3:8280c544 r2:00000001 r1:8228e724 r0:82295fdc [<802509fc>] (check_panic_on_warn) from [<80250bf0>] (__warn+0x98/0x1ac kernel/panic.c:1062) [<80250b58>] (__warn) from [<80250eec>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:1097) r8:00000009 r7:822ae2b8 r6:e02358c4 r5:831cec00 r4:00000000 [<80250d08>] (warn_slowpath_fmt) from [<803e058c>] (reg_bounds_sanity_check+0x3c0/0x428 kernel/bpf/verifier.c:2763) r10:85a28000 r9:ffffdfcd r8:80000000 r7:ffffdfcd r6:ffffdfcc r5:822aea60 r4:85293a30 [<803e01cc>] (reg_bounds_sanity_check) from [<803ed1b4>] (reg_set_min_max kernel/bpf/verifier.c:17104 [inline]) [<803e01cc>] (reg_bounds_sanity_check) from [<803ed1b4>] (reg_set_min_max+0x1c4/0x288 kernel/bpf/verifier.c:17071) r10:00000001 r9:00000010 r8:85a28000 r7:85d40310 r6:85293b10 r5:85293a30 r4:85d40230 [<803ecff0>] (reg_set_min_max) from [<803fddd8>] (check_cond_jmp_op+0xc7c/0x1980 kernel/bpf/verifier.c:17548) r10:85293800 r9:00000010 r8:85e71200 r7:ffffffff r6:80000000 r5:85e63780 r4:e84230c0 r3:85d40230 [<803fd15c>] (check_cond_jmp_op) from [<80404448>] (do_check_insn kernel/bpf/verifier.c:21107 [inline]) [<803fd15c>] (check_cond_jmp_op) from [<80404448>] (do_check kernel/bpf/verifier.c:21247 [inline]) [<803fd15c>] (check_cond_jmp_op) from [<80404448>] (do_check_common+0x259c/0x3228 kernel/bpf/verifier.c:24589) r10:85a2c000 r9:85a28000 r8:e84230c0 r7:85a2e000 r6:00000018 r5:e8423078 r4:e8423000 [<80401eac>] (do_check_common) from [<80408048>] (do_check_main kernel/bpf/verifier.c:24672 [inline]) [<80401eac>] (do_check_common) from [<80408048>] (bpf_check+0x2290/0x2d30 kernel/bpf/verifier.c:25996) r10:85a2e000 r9:00000001 r8:85a28000 r7:00000a7b r6:85a288bc r5:00000000 r4:00000016 [<80405db8>] (bpf_check) from [<803d981c>] (bpf_prog_load+0x5b8/0xdec kernel/bpf/syscall.c:3089) r10:e8423000 r9:831cec00 r8:85be4330 r7:e0235d18 r6:00000000 r5:00000000 r4:e0235eb0 [<803d9264>] (bpf_prog_load) from [<803db044>] (__sys_bpf+0x2d8/0x2034 kernel/bpf/syscall.c:6228) r10:00000005 r9:00000000 r8:e0235e50 r7:00000048 r6:831cec00 r5:200054c0 r4:00000000 [<803dad6c>] (__sys_bpf) from [<803dd338>] (__do_sys_bpf kernel/bpf/syscall.c:6341 [inline]) [<803dad6c>] (__sys_bpf) from [<803dd338>] (sys_bpf+0x2c/0x48 kernel/bpf/syscall.c:6339) r10:00000182 r9:831cec00 r8:8020029c r7:00000182 r6:00346310 r5:00000000 r4:00000000 [<803dd30c>] (sys_bpf) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xe0235fa8 to 0xe0235ff0) 5fa0: 00000000 00000000 00000005 200054c0 00000048 00000000 5fc0: 00000000 00000000 00346310 00000182 003462d8 00000000 003d0f00 76f9f0dc 5fe0: 76f9ee88 76f9ee78 00018ba0 001302e0 Rebooting in 86400 seconds..