syzbot


kernel BUG in collapse_file (3)

Status: upstream: reported C repro on 2023/07/17 12:34
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+fe7b1487405295d29268@syzkaller.appspotmail.com
Fix commit: mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock(): fix
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb]
First crash: 315d, last: 305d
Cause bisection: introduced by (bisect log) :
commit 49a44d59344d1a6a4cc841d6e4a8727f99ed97bf
Author: Hugh Dickins <hughd@google.com>
Date: Wed Jul 12 04:42:19 2023 +0000

  mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock()

Crash: BUG: unable to handle kernel NULL pointer dereference in task_work_run (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH v3 10/13 fix] mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock(): fix 1 (1) 2023/07/23 22:32
[syzbot] [mm?] kernel BUG in collapse_file (3) 1 (2) 2023/07/23 05:13
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in collapse_file mm 1 1008d 1003d 0/26 auto-closed as invalid on 2021/12/17 12:02
upstream kernel BUG in collapse_file (2) mm C error 27 394d 517d 0/26 closed as dup on 2023/04/14 15:43

Sample crash report:
------------[ cut here ]------------
kernel BUG at mm/khugepaged.c:1785!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5882 Comm: syz-executor247 Not tainted 6.5.0-rc2-next-20230721-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
RIP: 0010:collapse_file+0x1169/0x5530 mm/khugepaged.c:1785
Code: 89 c6 e8 1a b1 a5 ff 84 db 0f 85 66 f1 ff ff e8 dd b5 a5 ff 0f 0b e9 5a f1 ff ff c6 44 24 48 00 e9 65 f0 ff ff e8 c7 b5 a5 ff <0f> 0b e8 c0 b5 a5 ff 4d 85 ed 74 1c e8 b6 b5 a5 ff 44 89 eb 31 ff
RSP: 0018:ffffc900056a7820 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00000000000001eb RCX: 0000000000000000
RDX: ffff8880782d5940 RSI: ffffffff81e13729 RDI: 0000000000000007
RBP: 0000000777fa95eb R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000001eb R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880299a0280 R15: 0000000777fa93eb
FS:  00007f87449f56c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000100 CR3: 00000000235da000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hpage_collapse_scan_file+0xc8e/0x1650 mm/khugepaged.c:2285
 madvise_collapse+0x52c/0xb50 mm/khugepaged.c:2729
 madvise_vma_behavior+0x200/0x1e60 mm/madvise.c:1094
 madvise_walk_vmas+0x1cf/0x2c0 mm/madvise.c:1268
 do_madvise+0x333/0x660 mm/madvise.c:1448
 __do_sys_madvise mm/madvise.c:1461 [inline]
 __se_sys_madvise mm/madvise.c:1459 [inline]
 __x64_sys_madvise+0xaa/0x110 mm/madvise.c:1459
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8744a553d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f87449f5228 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007f87449f56c0 RCX: 00007f8744a553d9
RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000000020000000
RBP: 00007f8744adf318 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8744adf310
R13: 6d766b2f7665642f R14: 00007ffc69639110 R15: 00007ffc696391f8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:collapse_file+0x1169/0x5530 mm/khugepaged.c:1785
Code: 89 c6 e8 1a b1 a5 ff 84 db 0f 85 66 f1 ff ff e8 dd b5 a5 ff 0f 0b e9 5a f1 ff ff c6 44 24 48 00 e9 65 f0 ff ff e8 c7 b5 a5 ff <0f> 0b e8 c0 b5 a5 ff 4d 85 ed 74 1c e8 b6 b5 a5 ff 44 89 eb 31 ff
RSP: 0018:ffffc900056a7820 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00000000000001eb RCX: 0000000000000000
RDX: ffff8880782d5940 RSI: ffffffff81e13729 RDI: 0000000000000007
RBP: 0000000777fa95eb R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000001eb R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880299a0280 R15: 0000000777fa93eb
FS:  00007f87449f56c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8744aaba38 CR3: 00000000235da000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/07/22 18:26 linux-next ae867bc97b71 27cbe77f .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/22 14:03 linux-next ae867bc97b71 27cbe77f .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/19 00:22 linux-next aeba456828b4 022df2bb .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/19 00:01 linux-next aeba456828b4 022df2bb .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/13 12:58 linux-next e32622656258 86081196 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/24 02:05 linux-next ae867bc97b71 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/23 09:18 linux-next ae867bc97b71 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/22 00:33 linux-next ae867bc97b71 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/21 01:12 linux-next c58c49dd8932 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/19 20:54 linux-next 352ce39a8bba 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/17 19:41 linux-next 2205be537aeb e5f10889 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/15 15:50 linux-next 7c2878be5732 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/13 15:50 linux-next e32622656258 86081196 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/13 12:31 linux-next e32622656258 86081196 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
* Struck through repros no longer work on HEAD.