UBSAN: negation-overflow in seq_release soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. ------------[ cut here ]------------ UBSAN: negation-overflow in mm/memcontrol.c:3105:5 negation of 304 cannot be represented in type 'size_t' (aka 'unsigned long'): CPU: 1 UID: 0 PID: 6502 Comm: syz-executor.0 Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 ubsan_epilogue+0x14/0x48 lib/ubsan.c:231 __ubsan_handle_negate_overflow+0xd0/0xfc lib/ubsan.c:302 __memcg_slab_free_hook+0x8c/0x238 mm/memcontrol.c:3105 memcg_slab_free_hook mm/slub.c:2214 [inline] slab_free mm/slub.c:4643 [inline] kmem_cache_free+0x270/0x550 mm/slub.c:4748 seq_release+0x68/0x7c fs/seq_file.c:356 kernfs_fop_release+0x134/0x190 fs/kernfs/file.c:766 __fput+0x340/0x75c fs/file_table.c:465 fput_close_sync+0x160/0x1d4 fs/file_table.c:570 __do_sys_close fs/open.c:1581 [inline] __se_sys_close fs/open.c:1566 [inline] __arm64_sys_close+0x7c/0x118 fs/open.c:1566 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 ---[ end trace ]--- Warning: Permanently added '10.128.0.38' (ED25519) to the list of known hosts. 1970/01/01 00:00:38 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:38 ignoring optional flag "type"="gce" 1970/01/01 00:00:39 parsed 1 programs [ 39.666602][ T6472] cgroup: Unknown subsys name 'net' [ 39.800192][ T6489] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 39.955696][ T6472] cgroup: Unknown subsys name 'cpuset' [ 39.959849][ T6472] cgroup: Unknown subsys name 'rlimit' [ 40.282030][ T242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.282122][ T242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.297773][ T242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.297839][ T242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.349939][ T6502] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 40.350070][ T6502] ------------[ cut here ]------------ [ 40.350091][ T6502] UBSAN: negation-overflow in mm/memcontrol.c:3105:5 [ 40.350122][ T6502] negation of 304 cannot be represented in type 'size_t' (aka 'unsigned long'): [ 40.350145][ T6502] CPU: 1 UID: 0 PID: 6502 Comm: syz-executor.0 Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT [ 40.350160][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 40.350168][ T6502] Call trace: [ 40.350172][ T6502] show_stack+0x2c/0x3c (C) [ 40.350192][ T6502] __dump_stack+0x30/0x40 [ 40.350206][ T6502] dump_stack_lvl+0xd8/0x12c [ 40.350220][ T6502] dump_stack+0x1c/0x28 [ 40.350233][ T6502] ubsan_epilogue+0x14/0x48 [ 40.350245][ T6502] __ubsan_handle_negate_overflow+0xd0/0xfc [ 40.350261][ T6502] __memcg_slab_free_hook+0x8c/0x238 [ 40.350278][ T6502] kmem_cache_free+0x270/0x550 [ 40.350291][ T6502] seq_release+0x68/0x7c [ 40.350303][ T6502] kernfs_fop_release+0x134/0x190 [ 40.350316][ T6502] __fput+0x340/0x75c [ 40.350331][ T6502] fput_close_sync+0x160/0x1d4 [ 40.350345][ T6502] __arm64_sys_close+0x7c/0x118 [ 40.350358][ T6502] invoke_syscall+0x98/0x2b8 [ 40.350371][ T6502] el0_svc_common+0x130/0x23c [ 40.350385][ T6502] do_el0_svc+0x48/0x58 [ 40.350398][ T6502] el0_svc+0x58/0x150 [ 40.350411][ T6502] el0t_64_sync_handler+0x78/0x108 [ 40.350423][ T6502] el0t_64_sync+0x198/0x19c [ 40.350437][ T6502] ---[ end trace ]--- [ 40.401711][ T6471] ------------[ cut here ]------------ [ 40.401825][ T6471] UBSAN: negation-overflow in mm/percpu.c:1665:4 [ 40.401843][ T6471] negation of 64 cannot be represented in type 'size_t' (aka 'unsigned long'): [ 40.401860][ T6471] CPU: 0 UID: 0 PID: 6471 Comm: syz-execprog Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT [ 40.401874][ T6471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 40.401881][ T6471] Call trace: [ 40.401885][ T6471] show_stack+0x2c/0x3c (C) [ 40.401904][ T6471] __dump_stack+0x30/0x40 [ 40.401918][ T6471] dump_stack_lvl+0xd8/0x12c [ 40.401930][ T6471] dump_stack+0x1c/0x28 [ 40.401942][ T6471] ubsan_epilogue+0x14/0x48 [ 40.401953][ T6471] __ubsan_handle_negate_overflow+0xd0/0xfc [ 40.401968][ T6471] free_percpu+0xe00/0xfe8 [ 40.401981][ T6471] percpu_counter_destroy_many+0x1fc/0x320 [ 40.401995][ T6471] __mmdrop+0x2b8/0x424 [ 40.402007][ T6471] finish_task_switch+0x4a0/0x5a4 [ 40.402018][ T6471] __schedule+0x13b4/0x28d4 [ 40.402033][ T6471] schedule+0xb4/0x230 [ 40.402054][ T6471] schedule_hrtimeout_range_clock+0x124/0x2b4 [ 40.402067][ T6471] schedule_hrtimeout_range+0x38/0x4c [ 40.402078][ T6471] ep_poll+0xa04/0xcd8 [ 40.402092][ T6471] do_epoll_wait+0x194/0x204 [ 40.402104][ T6471] do_epoll_pwait+0x70/0x18c [ 40.402116][ T6471] __arm64_sys_epoll_pwait+0x1e0/0x234 [ 40.402129][ T6471] invoke_syscall+0x98/0x2b8 [ 40.402141][ T6471] el0_svc_common+0x130/0x23c [ 40.402153][ T6471] do_el0_svc+0x48/0x58 [ 40.402165][ T6471] el0_svc+0x58/0x150 [ 40.402176][ T6471] el0t_64_sync_handler+0x78/0x108 [ 40.402187][ T6471] el0t_64_sync+0x198/0x19c [ 40.402199][ T6471] ---[ end trace ]--- [ 40.459591][ T6510] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.460412][ T6510] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.460777][ T6510] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.461444][ T6510] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.461988][ T6510] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 42.217909][ T6552] chnl_net:caif_netlink_parms(): no params data found [ 42.263622][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.263757][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.263864][ T6552] bridge_slave_0: entered allmulticast mode [ 42.264753][ T6552] bridge_slave_0: entered promiscuous mode [ 42.266999][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.267096][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.267192][ T6552] bridge_slave_1: entered allmulticast mode [ 42.268034][ T6552] bridge_slave_1: entered promiscuous mode [ 42.294508][ T6552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.296015][ T6552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.310641][ T6552] team0: Port device team_slave_0 added [ 42.312282][ T6552] team0: Port device team_slave_1 added [ 42.329858][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.329912][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.329940][ T6552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.331271][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.331308][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.331335][ T6552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.455643][ T6552] hsr_slave_0: entered promiscuous mode [ 42.457165][ T6552] hsr_slave_1: entered promiscuous mode [ 42.544248][ T6552] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 42.549240][ T6552] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 42.554294][ T6552] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 42.558131][ T6552] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 42.598616][ T6552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.608958][ T6552] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.612084][ T571] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.612260][ T571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.621019][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.621108][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.714028][ T6552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.737391][ T6552] veth0_vlan: entered promiscuous mode [ 42.740425][ T6552] veth1_vlan: entered promiscuous mode [ 42.753639][ T6552] veth0_macvtap: entered promiscuous mode [ 42.755477][ T6552] veth1_macvtap: entered promiscuous mode [ 42.764260][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.766121][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.767627][ T6552] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.767750][ T6552] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.767782][ T6552] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.767812][ T6552] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.802875][ T6280] ------------[ cut here ]------------ [ 42.803018][ T6280] UBSAN: unsigned-integer-overflow in lib/crypto/chacha20poly1305.c:257:57 [ 42.803078][ T6280] 48 - 64 cannot be represented in type 'size_t' (aka 'unsigned long') [ 42.803106][ T6280] CPU: 1 UID: 0 PID: 6280 Comm: kworker/1:3 Not tainted 6.15.0-rc2-syzkaller-00014-gc72692105976 #0 PREEMPT [ 42.803122][ T6280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 42.803130][ T6280] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 42.803148][ T6280] Call trace: [ 42.803151][ T6280] show_stack+0x2c/0x3c (C) [ 42.803176][ T6280] __dump_stack+0x30/0x40 [ 42.803189][ T6280] dump_stack_lvl+0xd8/0x12c [ 42.803201][ T6280] dump_stack+0x1c/0x28 [ 42.803213][ T6280] ubsan_epilogue+0x14/0x48 [ 42.803225][ T6280] handle_overflow+0x134/0x16c [ 42.803238][ T6280] __ubsan_handle_sub_overflow+0x38/0x4c [ 42.803251][ T6280] chacha20poly1305_crypt_sg_inplace+0x64c/0xc4c [ 42.803264][ T6280] chacha20poly1305_encrypt_sg_inplace+0x54/0x70 [ 42.803276][ T6280] wg_packet_encrypt_worker+0x718/0x11e0 [ 42.803287][ T6280] process_one_work+0x7bc/0x156c [ 42.803300][ T6280] worker_thread+0x958/0xed8 [ 42.803312][ T6280] kthread+0x5fc/0x75c [ 42.803323][ T6280] ret_from_fork+0x10/0x20 [ 42.803436][ T6280] ---[ end trace ]--- [ 43.215117][ T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.295205][ T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.365274][ T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.445731][ T45] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:00:43 executed programs: 0 [ 43.588906][ T6040] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 43.594966][ T6040] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 43.597547][ T6040] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 43.600546][ T6040] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 43.605026][ T6040] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 43.708963][ T6581] chnl_net:caif_netlink_parms(): no params data found [ 43.749406][ T6581] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.749512][ T6581] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.749609][ T6581] bridge_slave_0: entered allmulticast mode [ 43.750449][ T6581] bridge_slave_0: entered promiscuous mode [ 43.751750][ T6581] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.751796][ T6581] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.751885][ T6581] bridge_slave_1: entered allmulticast mode [ 43.752798][ T6581] bridge_slave_1: entered promiscuous mode [ 43.774857][ T6581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.776517][ T6581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.793144][ T6581] team0: Port device team_slave_0 added [ 43.794728][ T6581] team0: Port device team_slave_1 added [ 43.808995][ T6581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.809060][ T6581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.809095][ T6581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.810110][ T6581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.810135][ T6581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.810162][ T6581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.844233][ T6581] hsr_slave_0: entered promiscuous mode [ 43.844704][ T6581] hsr_slave_1: entered promiscuous mode [ 43.844997][ T6581] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.845222][ T6581] Cannot create hsr debugfs directory [ 45.623126][ T6040] Bluetooth: hci0: command tx timeout [ 46.405242][ T45] bridge_slave_1: left allmulticast mode [ 46.407607][ T45] bridge_slave_1: left promiscuous mode [ 46.408039][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.418690][ T45] bridge_slave_0: left allmulticast mode [ 46.418747][ T45] bridge_slave_0: left promiscuous mode [ 46.418877][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.703684][ T6040] Bluetooth: hci0: command tx timeout [ 47.935477][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 47.975007][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 48.054282][ T45] bond0 (unregistering): Released all slaves [ 48.161007][ T45] hsr_slave_0: left promiscuous mode [ 48.165121][ T45] hsr_slave_1: left promiscuous mode [ 48.165621][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.165664][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.170427][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.170506][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.179325][ T45] veth1_macvtap: left promiscuous mode [ 48.181188][ T45] veth0_macvtap: left promiscuous mode [ 48.181294][ T45] veth1_vlan: left promiscuous mode [ 48.181386][ T45] veth0_vlan: left promiscuous mode [ 49.782785][ T6040] Bluetooth: hci0: command tx timeout [ 50.084682][ T45] team0 (unregistering): Port device team_slave_1 removed [ 50.244269][ T45] team0 (unregistering): Port device team_slave_0 removed syzkaller build log: go env (err=) GO111MODULE='auto' GOARCH='amd64' GOBIN='' GOCACHE='/syzkaller/.cache/go-build' GOENV='/syzkaller/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/syzkaller/jobs-2/linux/gopath' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.22.7' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1058323359=/tmp/go-build -gno-record-gcc-switches' git status (err=) HEAD detached at edc5149ad2 nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env bin/syz-sysgen go fmt ./sys/... >/dev/null touch .descriptions GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=edc5149ad2ab7a38db6b3bcb1b594e0264a92163 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240621-090414'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=edc5149ad2ab7a38db6b3bcb1b594e0264a92163 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240621-090414'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog mkdir -p ./bin/linux_arm64 aarch64-linux-gnu-g++ -o ./bin/linux_arm64/syz-executor executor/executor.cc \ -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_arm64=1 \ -DHOSTGOOS_linux=1 -DGIT_REVISION=\"edc5149ad2ab7a38db6b3bcb1b594e0264a92163\"