------------[ cut here ]------------ WARNING: kernel/bpf/verifier.c:2742 at reg_bounds_sanity_check+0x394/0x460 kernel/bpf/verifier.c:2742, CPU#1: syz.0.233/4453 verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000) Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 1 UID: 0 PID: 4453 Comm: syz.0.233 Not tainted syzkaller #0 PREEMPT Hardware name: ARM-Versatile Express Call trace: [<80201a74>] (dump_backtrace) from [<80201b70>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:257) r7:82283b48 r6:85986c00 r5:00000000 r4:822958fc [<80201b58>] (show_stack) from [<8021ee18>] (__dump_stack lib/dump_stack.c:94 [inline]) [<80201b58>] (show_stack) from [<8021ee18>] (dump_stack_lvl+0x54/0x7c lib/dump_stack.c:120) [<8021edc4>] (dump_stack_lvl) from [<8021ee58>] (dump_stack+0x18/0x1c lib/dump_stack.c:129) r5:00000000 r4:82a7bd14 [<8021ee40>] (dump_stack) from [<80202648>] (vpanic+0xe0/0x2e8 kernel/panic.c:489) [<80202568>] (vpanic) from [<80202884>] (trace_suspend_resume+0x0/0xd8 kernel/panic.c:626) r7:803dd668 [<80202850>] (panic) from [<802520b0>] (check_panic_on_warn kernel/panic.c:376 [inline]) [<80202850>] (panic) from [<802520b0>] (get_taint+0x0/0x1c kernel/panic.c:371) r3:8280c704 r2:00000001 r1:8227c0b0 r0:82283b48 [<80252038>] (check_panic_on_warn) from [<80252228>] (__warn+0x94/0x1a4 kernel/panic.c:901) [<80252194>] (__warn) from [<80252520>] (warn_slowpath_fmt+0x1e8/0x1f4 kernel/panic.c:936) r8:00000009 r7:8229c268 r6:e01e58ec r5:85986c00 r4:00000000 [<8025233c>] (warn_slowpath_fmt) from [<803dd668>] (reg_bounds_sanity_check+0x394/0x460 kernel/bpf/verifier.c:2742) r10:85b70000 r9:ffffdfcd r8:80000000 r7:ffffdfcd r6:ffffdfcc r5:8229ca8c r4:84dfb230 [<803dd2d4>] (reg_bounds_sanity_check) from [<803e9ed4>] (reg_set_min_max kernel/bpf/verifier.c:16570 [inline]) [<803dd2d4>] (reg_bounds_sanity_check) from [<803e9ed4>] (reg_set_min_max+0x1c4/0x280 kernel/bpf/verifier.c:16537) r10:00000001 r9:00000010 r8:85b70000 r7:84dfe310 r6:84dfb310 r5:84dfb230 r4:84dfe230 [<803e9d10>] (reg_set_min_max) from [<803fa5a0>] (check_cond_jmp_op+0x9b0/0x1940 kernel/bpf/verifier.c:17005) r10:84dfe310 r9:84dfb000 r8:ffffdfcd r7:85e61d80 r6:85e6fa80 r5:85b70000 r4:e01d50c0 r3:84dfe230 [<803f9bf0>] (check_cond_jmp_op) from [<80401b44>] (do_check_insn kernel/bpf/verifier.c:20441 [inline]) [<803f9bf0>] (check_cond_jmp_op) from [<80401b44>] (do_check kernel/bpf/verifier.c:20581 [inline]) [<803f9bf0>] (check_cond_jmp_op) from [<80401b44>] (do_check_common+0x2208/0x317c kernel/bpf/verifier.c:23865) r10:00000018 r9:e01d5000 r8:85b76000 r7:e01d50c0 r6:85b70000 r5:e01d5078 r4:85e6f590 [<803ff93c>] (do_check_common) from [<804061a0>] (do_check_main kernel/bpf/verifier.c:23948 [inline]) [<803ff93c>] (do_check_common) from [<804061a0>] (bpf_check+0x2998/0x2ebc kernel/bpf/verifier.c:25255) r10:00000000 r9:85b76000 r8:85b70000 r7:00000a7b r6:85b708bc r5:00000001 r4:00000016 [<80403808>] (bpf_check) from [<803d6904>] (bpf_prog_load+0x654/0xdf4 kernel/bpf/syscall.c:3088) r10:e01e5d90 r9:85986c00 r8:00000000 r7:e01e5d50 r6:00000000 r5:00000000 r4:e01e5eb0 [<803d62b0>] (bpf_prog_load) from [<803d86cc>] (__sys_bpf+0x9ac/0x2228 kernel/bpf/syscall.c:6164) r10:85986c00 r9:e01e5ea8 r8:00000000 r7:00000005 r6:e01e5e88 r5:00000049 r4:00000000 [<803d7d20>] (__sys_bpf) from [<803da4f8>] (__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]) [<803d7d20>] (__sys_bpf) from [<803da4f8>] (sys_bpf+0x2c/0x48 kernel/bpf/syscall.c:6272) r10:00000182 r9:85986c00 r8:8020029c r7:00000182 r6:00316310 r5:00000000 r4:00000000 [<803da4cc>] (sys_bpf) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:67) Exception stack(0xe01e5fa8 to 0xe01e5ff0) 5fa0: 00000000 00000000 00000005 20000140 00000049 00000000 5fc0: 00000000 00000000 00316310 00000182 00300000 00000000 00006364 76f750bc 5fe0: 76f74ec0 76f74eb0 0001929c 00132320 Rebooting in 86400 seconds..