UBSAN: negation-overflow in seq_release soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. ------------[ cut here ]------------ UBSAN: negation-overflow in mm/memcontrol.c:3105:5 negation of 304 cannot be represented in type 'size_t' (aka 'unsigned long'): CPU: 1 UID: 0 PID: 6482 Comm: syz-executor Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 ubsan_epilogue+0x14/0x48 lib/ubsan.c:231 __ubsan_handle_negate_overflow+0xd0/0xfc lib/ubsan.c:302 __memcg_slab_free_hook+0x8c/0x238 mm/memcontrol.c:3105 memcg_slab_free_hook mm/slub.c:2214 [inline] slab_free mm/slub.c:4643 [inline] kmem_cache_free+0x270/0x550 mm/slub.c:4748 seq_release+0x68/0x7c fs/seq_file.c:356 kernfs_fop_release+0x134/0x190 fs/kernfs/file.c:766 __fput+0x340/0x75c fs/file_table.c:465 fput_close_sync+0x160/0x1d4 fs/file_table.c:570 __do_sys_close fs/open.c:1581 [inline] __se_sys_close fs/open.c:1566 [inline] __arm64_sys_close+0x7c/0x118 fs/open.c:1566 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 ---[ end trace ]--- Warning: Permanently added '10.128.10.57' (ED25519) to the list of known hosts. 1970/01/01 00:00:35 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:35 parsed 1 programs [ 39.497338][ T6472] cgroup: Unknown subsys name 'net' [ 39.756668][ T6472] cgroup: Unknown subsys name 'cpuset' [ 39.760451][ T6472] cgroup: Unknown subsys name 'rlimit' [ 40.105707][ T6472] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 53.280044][ T6482] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 53.280158][ T6482] ------------[ cut here ]------------ [ 53.280178][ T6482] UBSAN: negation-overflow in mm/memcontrol.c:3105:5 [ 53.280200][ T6482] negation of 304 cannot be represented in type 'size_t' (aka 'unsigned long'): [ 53.280222][ T6482] CPU: 1 UID: 0 PID: 6482 Comm: syz-executor Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT [ 53.280235][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 53.280253][ T6482] Call trace: [ 53.280257][ T6482] show_stack+0x2c/0x3c (C) [ 53.280276][ T6482] __dump_stack+0x30/0x40 [ 53.280290][ T6482] dump_stack_lvl+0xd8/0x12c [ 53.280336][ T6482] dump_stack+0x1c/0x28 [ 53.280348][ T6482] ubsan_epilogue+0x14/0x48 [ 53.280360][ T6482] __ubsan_handle_negate_overflow+0xd0/0xfc [ 53.280374][ T6482] __memcg_slab_free_hook+0x8c/0x238 [ 53.280389][ T6482] kmem_cache_free+0x270/0x550 [ 53.280402][ T6482] seq_release+0x68/0x7c [ 53.280413][ T6482] kernfs_fop_release+0x134/0x190 [ 53.280425][ T6482] __fput+0x340/0x75c [ 53.280438][ T6482] fput_close_sync+0x160/0x1d4 [ 53.280451][ T6482] __arm64_sys_close+0x7c/0x118 [ 53.280463][ T6482] invoke_syscall+0x98/0x2b8 [ 53.280476][ T6482] el0_svc_common+0x130/0x23c [ 53.280488][ T6482] do_el0_svc+0x48/0x58 [ 53.280500][ T6482] el0_svc+0x58/0x150 [ 53.280512][ T6482] el0t_64_sync_handler+0x78/0x108 [ 53.280523][ T6482] el0t_64_sync+0x198/0x19c [ 53.280537][ T6482] ---[ end trace ]--- [ 53.337175][ T6472] ------------[ cut here ]------------ [ 53.337249][ T6472] UBSAN: negation-overflow in mm/percpu.c:1665:4 [ 53.337267][ T6472] negation of 64 cannot be represented in type 'size_t' (aka 'unsigned long'): [ 53.337283][ T6472] CPU: 0 UID: 0 PID: 6472 Comm: syz-executor Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT [ 53.337324][ T6472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 53.337331][ T6472] Call trace: [ 53.337335][ T6472] show_stack+0x2c/0x3c (C) [ 53.337353][ T6472] __dump_stack+0x30/0x40 [ 53.337367][ T6472] dump_stack_lvl+0xd8/0x12c [ 53.337379][ T6472] dump_stack+0x1c/0x28 [ 53.337391][ T6472] ubsan_epilogue+0x14/0x48 [ 53.337403][ T6472] __ubsan_handle_negate_overflow+0xd0/0xfc [ 53.337418][ T6472] free_percpu+0xe00/0xfe8 [ 53.337432][ T6472] percpu_counter_destroy_many+0x1fc/0x320 [ 53.337446][ T6472] __mmdrop+0x2b8/0x424 [ 53.337458][ T6472] finish_task_switch+0x4a0/0x5a4 [ 53.337470][ T6472] __schedule+0x13b4/0x28d4 [ 53.337484][ T6472] schedule+0xb4/0x230 [ 53.337497][ T6472] schedule_hrtimeout_range_clock+0x124/0x2b4 [ 53.337509][ T6472] schedule_hrtimeout_range+0x38/0x4c [ 53.337520][ T6472] poll_schedule_timeout+0x134/0x1e0 [ 53.337533][ T6472] do_select+0x1200/0x131c [ 53.337544][ T6472] core_sys_select+0x618/0x8a4 [ 53.337555][ T6472] __arm64_sys_pselect6+0x330/0x3d4 [ 53.337567][ T6472] invoke_syscall+0x98/0x2b8 [ 53.337580][ T6472] el0_svc_common+0x130/0x23c [ 53.337592][ T6472] do_el0_svc+0x48/0x58 [ 53.337603][ T6472] el0_svc+0x58/0x150 [ 53.337614][ T6472] el0t_64_sync_handler+0x78/0x108 [ 53.337625][ T6472] el0t_64_sync+0x198/0x19c [ 53.337637][ T6472] ---[ end trace ]--- [ 55.068403][ T6533] chnl_net:caif_netlink_parms(): no params data found [ 55.135821][ T6533] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.138429][ T6533] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.138675][ T6533] bridge_slave_0: entered allmulticast mode [ 55.139611][ T6533] bridge_slave_0: entered promiscuous mode [ 55.142112][ T6533] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.142162][ T6533] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.142271][ T6533] bridge_slave_1: entered allmulticast mode [ 55.143077][ T6533] bridge_slave_1: entered promiscuous mode [ 55.165823][ T6533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.167390][ T6533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.187181][ T6533] team0: Port device team_slave_0 added [ 55.188956][ T6533] team0: Port device team_slave_1 added [ 55.202474][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.202529][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.202557][ T6533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.203869][ T6533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.203895][ T6533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.203922][ T6533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.240412][ T6533] hsr_slave_0: entered promiscuous mode [ 55.240980][ T6533] hsr_slave_1: entered promiscuous mode [ 55.406833][ T6533] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.411904][ T6533] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.415749][ T6533] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.421514][ T6533] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.441091][ T6533] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.441209][ T6533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.441581][ T6533] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.441659][ T6533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.481383][ T6533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.488755][ T6533] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.494318][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.505055][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.505145][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.598575][ T6533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.620322][ T6533] veth0_vlan: entered promiscuous mode [ 55.623921][ T6533] veth1_vlan: entered promiscuous mode [ 55.639853][ T6533] veth0_macvtap: entered promiscuous mode [ 55.641873][ T6533] veth1_macvtap: entered promiscuous mode [ 55.648854][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.651209][ T6533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.657846][ T6533] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.657957][ T6533] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.657989][ T6533] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.658019][ T6533] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.685174][ T26] ------------[ cut here ]------------ [ 55.685291][ T26] UBSAN: unsigned-integer-overflow in lib/crypto/chacha20poly1305.c:257:57 [ 55.685336][ T26] 48 - 64 cannot be represented in type 'size_t' (aka 'unsigned long') [ 55.685365][ T26] CPU: 1 UID: 0 PID: 26 Comm: kworker/1:1 Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT [ 55.685381][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 55.685389][ T26] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 55.685408][ T26] Call trace: [ 55.685412][ T26] show_stack+0x2c/0x3c (C) [ 55.685429][ T26] __dump_stack+0x30/0x40 [ 55.685442][ T26] dump_stack_lvl+0xd8/0x12c [ 55.685454][ T26] dump_stack+0x1c/0x28 [ 55.685466][ T26] ubsan_epilogue+0x14/0x48 [ 55.685477][ T26] handle_overflow+0x134/0x16c [ 55.685491][ T26] __ubsan_handle_sub_overflow+0x38/0x4c [ 55.685504][ T26] chacha20poly1305_crypt_sg_inplace+0x64c/0xc4c [ 55.685517][ T26] chacha20poly1305_encrypt_sg_inplace+0x54/0x70 [ 55.685529][ T26] wg_packet_encrypt_worker+0x718/0x11e0 [ 55.685540][ T26] process_one_work+0x7bc/0x156c [ 55.685553][ T26] worker_thread+0x958/0xed8 [ 55.685565][ T26] kthread+0x5fc/0x75c [ 55.685576][ T26] ret_from_fork+0x10/0x20 [ 55.685697][ T26] ---[ end trace ]--- [ 56.066313][ T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.156853][ T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.162330][ T767] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.162459][ T767] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.181814][ T767] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.181881][ T767] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.227391][ T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.318734][ T45] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.619299][ T6042] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.620256][ T6042] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.620683][ T6042] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.621354][ T6042] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.621797][ T6042] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 1970/01/01 00:00:56 executed programs: 0 [ 56.773206][ T6042] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 56.776676][ T6042] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 56.778037][ T6042] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 56.778724][ T6042] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 56.779132][ T6042] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 56.884500][ T6579] chnl_net:caif_netlink_parms(): no params data found [ 56.930746][ T6579] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.930863][ T6579] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.930973][ T6579] bridge_slave_0: entered allmulticast mode [ 56.931803][ T6579] bridge_slave_0: entered promiscuous mode [ 56.933315][ T6579] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.933394][ T6579] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.933503][ T6579] bridge_slave_1: entered allmulticast mode [ 56.934771][ T6579] bridge_slave_1: entered promiscuous mode [ 56.956763][ T6579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.959070][ T6579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.975090][ T6579] team0: Port device team_slave_0 added [ 56.978165][ T6579] team0: Port device team_slave_1 added [ 56.991945][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.992027][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.992055][ T6579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.993253][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.993283][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.993314][ T6579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.025213][ T6579] hsr_slave_0: entered promiscuous mode [ 57.025869][ T6579] hsr_slave_1: entered promiscuous mode [ 57.026336][ T6579] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.026477][ T6579] Cannot create hsr debugfs directory [ 58.864795][ T55] Bluetooth: hci1: command tx timeout [ 59.272515][ T45] bridge_slave_1: left allmulticast mode [ 59.272637][ T45] bridge_slave_1: left promiscuous mode [ 59.273034][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.279921][ T45] bridge_slave_0: left allmulticast mode [ 59.279978][ T45] bridge_slave_0: left promiscuous mode [ 59.280551][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.916524][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 60.944523][ T55] Bluetooth: hci1: command tx timeout [ 60.966581][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 61.005652][ T45] bond0 (unregistering): Released all slaves [ 61.082973][ T45] hsr_slave_0: left promiscuous mode [ 61.085743][ T45] hsr_slave_1: left promiscuous mode [ 61.087726][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 61.090019][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 61.096653][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 61.096716][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 61.107025][ T45] veth1_macvtap: left promiscuous mode [ 61.107171][ T45] veth0_macvtap: left promiscuous mode [ 61.107481][ T45] veth1_vlan: left promiscuous mode [ 61.107594][ T45] veth0_vlan: left promiscuous mode [ 63.016198][ T45] team0 (unregistering): Port device team_slave_1 removed [ 63.024211][ T55] Bluetooth: hci1: command tx timeout [ 63.205489][ T45] team0 (unregistering): Port device team_slave_0 removed syzkaller build log: go env (err=) GO111MODULE='auto' GOARCH='amd64' GOBIN='' GOCACHE='/syzkaller/.cache/go-build' GOENV='/syzkaller/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/syzkaller/jobs/linux/gopath' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.22.7' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2368132385=/tmp/go-build -gno-record-gcc-switches' git status (err=) HEAD detached at cfc402b4e6 nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env bin/syz-sysgen go fmt ./sys/... >/dev/null touch .descriptions GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cfc402b4e65a6aab3a2555765bda8dc12c99a348 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241209-234506'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog mkdir -p ./bin/linux_arm64 aarch64-linux-gnu-g++ -o ./bin/linux_arm64/syz-executor executor/executor.cc \ -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_arm64=1 \ -DHOSTGOOS_linux=1 -DGIT_REVISION=\"cfc402b4e65a6aab3a2555765bda8dc12c99a348\" /usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: /tmp/ccnJzJNr.o: in function `Connection::Connect(char const*, char const*)': executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0xd8): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking