syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1321]
Subsystems
🐞 Fixed [7152]
🐞 Invalid [18908]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

kernel BUG in collapse_file (3)

Status: upstream: reported C repro on 2023/07/17 12:34
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+fe7b1487405295d29268@syzkaller.appspotmail.com
Fix commit: mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock(): fix
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 1064d, last: 1054d
Cause bisection: introduced by (bisect log) :
commit 49a44d59344d1a6a4cc841d6e4a8727f99ed97bf
Author: Hugh Dickins <hughd@google.com>
Date: Wed Jul 12 04:42:19 2023 +0000

  mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock()

Crash: BUG: unable to handle kernel NULL pointer dereference in task_work_run (log)
Repro: C syz .config
  
✨ AI Jobs (4)
ID Workflow Result Correct Ext Bug ID Bug Created Started Finished Revision Error
493c0e11-51d2-4897-a06b-26b17e419076 assessment-security 💥 kernel BUG in collapse_file (3) 2026/06/10 05:36 2026/06/10 05:36 2026/06/10 05:53 34dab4be5c118c76aea929f2aa0c188548615110 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/3d5252f3447edc39d33fb2b0e2cfcb5462a6d6c6" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/swap.h:9: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/mm.h:2139: /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + |
1e6d08a0-bd83-4006-9e14-153ef8c84242 assessment-security 💥 kernel BUG in collapse_file (3) 2026/06/04 08:52 2026/06/04 08:52 2026/06/04 09:03 62fe15281f5011cd203d8845b8767b10e7443aa5 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/3d5252f3447edc39d33fb2b0e2cfcb5462a6d6c6" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/swap.h:9: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/mm.h:2139: /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + |
174a3b59-4335-4693-87d5-d5718826dd7d assessment-security 💥 kernel BUG in collapse_file (3) 2026/06/02 08:01 2026/06/02 08:01 2026/06/02 08:24 1095583bae1d2729a3b4be301cb6ddc85ced9e38 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/3d5252f3447edc39d33fb2b0e2cfcb5462a6d6c6" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/swap.h:9: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/mm.h:2139: /app/workdir/cache/src/dc5da93236149a9beb7b9c8eb2689a24beb8f4d9/include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + |
2bb1e6db-3e5e-4d70-8b38-8b4860ec8b33 assessment-security 💥 kernel BUG in collapse_file (3) 2026/05/23 05:56 2026/05/23 05:56 2026/05/23 06:07 c69befb30ac10e158cc9d1557b508ee3f0eca1de failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/3d5252f3447edc39d33fb2b0e2cfcb5462a6d6c6" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/ed808b7d0e91e2ec6a9b3064ccf77afa613dd19a/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/ed808b7d0e91e2ec6a9b3064ccf77afa613dd19a/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/ed808b7d0e91e2ec6a9b3064ccf77afa613dd19a/include/linux/swap.h:9: In file included from /app/workdir/cache/src/ed808b7d0e91e2ec6a9b3064ccf77afa613dd19a/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/ed808b7d0e91e2ec6a9b3064ccf77afa613dd19a/include/linux/mm.h:2139: /app/workdir/cache/src/ed808b7d0e91e2ec6a9b3064ccf77afa613dd19a/include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + |
Discussions (2)
Title Replies (including bot) Last reply
[PATCH v3 10/13 fix] mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock(): fix 1 (1) 2023/07/23 22:32
[syzbot] [mm?] kernel BUG in collapse_file (3) 1 (2) 2023/07/23 05:13
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in collapse_file mm -1 1 1757d 1752d 0/29 auto-closed as invalid on 2021/12/17 12:02
upstream kernel BUG in collapse_file (2) mm -1 C error 27 1143d 1266d 0/29 closed as dup on 2023/04/14 15:43

Sample crash report:
------------[ cut here ]------------
kernel BUG at mm/khugepaged.c:1785!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5882 Comm: syz-executor247 Not tainted 6.5.0-rc2-next-20230721-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
RIP: 0010:collapse_file+0x1169/0x5530 mm/khugepaged.c:1785
Code: 89 c6 e8 1a b1 a5 ff 84 db 0f 85 66 f1 ff ff e8 dd b5 a5 ff 0f 0b e9 5a f1 ff ff c6 44 24 48 00 e9 65 f0 ff ff e8 c7 b5 a5 ff <0f> 0b e8 c0 b5 a5 ff 4d 85 ed 74 1c e8 b6 b5 a5 ff 44 89 eb 31 ff
RSP: 0018:ffffc900056a7820 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00000000000001eb RCX: 0000000000000000
RDX: ffff8880782d5940 RSI: ffffffff81e13729 RDI: 0000000000000007
RBP: 0000000777fa95eb R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000001eb R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880299a0280 R15: 0000000777fa93eb
FS:  00007f87449f56c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000100 CR3: 00000000235da000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hpage_collapse_scan_file+0xc8e/0x1650 mm/khugepaged.c:2285
 madvise_collapse+0x52c/0xb50 mm/khugepaged.c:2729
 madvise_vma_behavior+0x200/0x1e60 mm/madvise.c:1094
 madvise_walk_vmas+0x1cf/0x2c0 mm/madvise.c:1268
 do_madvise+0x333/0x660 mm/madvise.c:1448
 __do_sys_madvise mm/madvise.c:1461 [inline]
 __se_sys_madvise mm/madvise.c:1459 [inline]
 __x64_sys_madvise+0xaa/0x110 mm/madvise.c:1459
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8744a553d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f87449f5228 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007f87449f56c0 RCX: 00007f8744a553d9
RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000000020000000
RBP: 00007f8744adf318 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8744adf310
R13: 6d766b2f7665642f R14: 00007ffc69639110 R15: 00007ffc696391f8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:collapse_file+0x1169/0x5530 mm/khugepaged.c:1785
Code: 89 c6 e8 1a b1 a5 ff 84 db 0f 85 66 f1 ff ff e8 dd b5 a5 ff 0f 0b e9 5a f1 ff ff c6 44 24 48 00 e9 65 f0 ff ff e8 c7 b5 a5 ff <0f> 0b e8 c0 b5 a5 ff 4d 85 ed 74 1c e8 b6 b5 a5 ff 44 89 eb 31 ff
RSP: 0018:ffffc900056a7820 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00000000000001eb RCX: 0000000000000000
RDX: ffff8880782d5940 RSI: ffffffff81e13729 RDI: 0000000000000007
RBP: 0000000777fa95eb R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000001eb R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880299a0280 R15: 0000000777fa93eb
FS:  00007f87449f56c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8744aaba38 CR3: 00000000235da000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (14):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/07/22 18:26 linux-next ae867bc97b71 27cbe77f .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/22 14:03 linux-next ae867bc97b71 27cbe77f .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/19 00:22 linux-next aeba456828b4 022df2bb .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/19 00:01 linux-next aeba456828b4 022df2bb .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/13 12:58 linux-next e32622656258 86081196 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/24 02:05 linux-next ae867bc97b71 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/23 09:18 linux-next ae867bc97b71 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/22 00:33 linux-next ae867bc97b71 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/21 01:12 linux-next c58c49dd8932 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/19 20:54 linux-next 352ce39a8bba 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/17 19:41 linux-next 2205be537aeb e5f10889 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/15 15:50 linux-next 7c2878be5732 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/13 15:50 linux-next e32622656258 86081196 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
2023/07/13 12:31 linux-next e32622656258 86081196 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in collapse_file
* Struck through repros no longer work on HEAD.