Re: [syzbot] [mm?] kernel BUG in hpage_collapse_scan_file (2)

[David Hildenbrand (Red Hat)]

On 1/25/26 13:10, Lance Yang wrote:
> Ccing Willy.
>
> On Sat, 24 Jan 2026 18:23:28 -0800, syzbot wrote:
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:    ca3a02fda4da Add linux-next specific files for 20260123
> > git tree:       linux-next
> > console output: https://syzkaller.appspot.com/x/log.txt?x=10c42452580000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=10f2b64f8f12b9a4
> > dashboard link: https://syzkaller.appspot.com/bug?extid=bf6e6a6ca143afea5ca2
> > compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17f7cbfa580000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=112d405a580000
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/291ebca63a31/disk-ca3a02fd.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/b2112a214b54/vmlinux-ca3a02fd.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/77d1ae437e07/bzImage-ca3a02fd.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+bf6e6a6ca143afea5ca2@xxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > node ffff888148816ec0 offset 0 parent ffff888148817700 shift 0 count 64 values 0 array ffff88807be6b0f0 list ffff888148816ed8 ffff888148816ed8 marks 0 0 0
> > ------------[ cut here ]------------
> > kernel BUG at ./include/linux/xarray.h:1441!
> > Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
> > CPU: 0 UID: 0 PID: 6017 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
> > RIP: 0010:XAS_INVALID include/linux/xarray.h:1441 [inline]
>
> Seems like that is:
>
> ```
> static inline struct xa_state *XAS_INVALID(struct xa_state *xas)
> {
> 	XA_NODE_BUG_ON(xas->xa_node, xas_valid(xas));
> 	return xas;
> }
> ```

I think there was recently already a discussion about this.

See

https://lore.kernel.org/linux-mm/aVvz3tYdu49TGkjI@xxxxxxxxxxxxx/


And where Willy said that likely it needs more thought:

https://lore.kernel.org/linux-mm/aVwm3MQ_ZDa_kU8c@xxxxxxxxxxxxxxxxxxxx/

--
Cheers

David