verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000)
WARNING: kernel/bpf/verifier.c:2748 at reg_bounds_sanity_check+0x7e8/0xa6c kernel/bpf/verifier.c:2742, CPU#0: syz.2.205/7286
Modules linked in:
CPU: 0 UID: 0 PID: 7286 Comm: syz.2.205 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : reg_bounds_sanity_check+0x7e8/0xa6c kernel/bpf/verifier.c:2742
lr : reg_bounds_sanity_check+0x7e8/0xa6c kernel/bpf/verifier.c:2742
sp : ffff8000a3526cc0
x29: ffff8000a3526da0 x28: 00000000ffffdfcc x27: 00000000ffffdfcd
x26: 00000000ffffdfcc x25: ffff0000d9570250 x24: 00000000ffffdfcd
x23: ffff0000d9570230 x22: ffff0000d9570268 x21: 00000000ffffdfcc
x20: ffff0000d9570270 x19: 1fffe0001b2ae04e x18: 1fffe0001b2ae06c
x17: 00000000ffffdfcd x16: ffff800082e5e68c x15: 0000000000000001
x14: 1ffff000146a4d0c x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000080000 x10: 000000000000ddf8 x9 : e63520f52c4e1600
x8 : e63520f52c4e1600 x7 : ffff8000805761f8 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000807f1260
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
 reg_bounds_sanity_check+0x7e8/0xa6c kernel/bpf/verifier.c:2742 (P)
 reg_set_min_max+0x154/0x264 kernel/bpf/verifier.c:16570
 check_cond_jmp_op+0x13cc/0x24f8 kernel/bpf/verifier.c:-1
 do_check_insn kernel/bpf/verifier.c:20441 [inline]
 do_check+0x4ddc/0xbdbc kernel/bpf/verifier.c:20581
 do_check_common+0x1364/0x1dc0 kernel/bpf/verifier.c:23865
 do_check_main kernel/bpf/verifier.c:23948 [inline]
 bpf_check+0x11030/0x159f0 kernel/bpf/verifier.c:25255
 bpf_prog_load+0xf44/0x14b8 kernel/bpf/syscall.c:3088
 __sys_bpf+0x45c/0x638 kernel/bpf/syscall.c:6164
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:6272
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 348
hardirqs last  enabled at (347): [<ffff80008af995cc>] irqentry_exit+0x1b4/0x308 kernel/entry/common.c:219
hardirqs last disabled at (348): [<ffff80008af93820>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412
softirqs last  enabled at (112): [<ffff8000801fa738>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (110): [<ffff8000801fa704>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---