All of lore.kernel.org
 help / color / mirror / Atom feed
From: syzbot ci <syzbot+cifae32d7ea2365dc0@syzkaller.appspotmail.com>
To: syzkaller-upstream-moderation@googlegroups.com
Cc: syzbot@lists.linux.dev
Subject: [moderation/CI] Re: Use generic_file_read_iter() in hugetlbfs
Date: Fri, 10 Jul 2026 13:52:36 -0700	[thread overview]
Message-ID: <6a515b94.574492cf.19a3b.0000.GAE@google.com> (raw)

syzbot ci has tested the following series

[v2] Use generic_file_read_iter() in hugetlbfs
https://lore.kernel.org/all/20260709184740.1286561-1-willy@infradead.org
* [PATCH v2 01/10] mm: Rename folio_contain_hwpoison_page() to folio_has_hwpoison_page()
* [PATCH v2 02/10] hugetlb: Mark some function arguments as const
* [PATCH v2 03/10] filemap: Remove checks in mapping_set_folio_order_range()
* [PATCH v2 04/10] hugetlb: Set mapping folio order
* [PATCH v2 05/10] memory-failure: Remove raw_hwp_list_head()
* [PATCH v2 06/10] memory-failure: Prevent UAF in raw_hwp_page list
* [PATCH v2 07/10] mm: Handle hugetlb correctly in is_page_hwpoison()
* [PATCH v2 08/10] filemap: Add hwpoison handling to filemap_read()
* [PATCH v2 09/10] filemap: Add support for authoritative mappings
* [PATCH v2 10/10] hugetlb: replace hugetlbfs_read_iter() with generic_file_read_iter()

and found the following issue:
BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio

Full report is available here:
https://ci.syzbot.org/series/35ead019-1e81-4d15-8801-8ff11d9c959b

***

BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio

tree:      mm-new
URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/mm.git
base:      dc59e4fea9d83f03bad6bddf3fa2e52491777482
arch:      amd64
compiler:  Debian clang version 22.1.6 (++20260514074242+fc4aad7b5db3-1~exp1~20260514074407.73), Debian LLD 22.1.6
config:    https://ci.syzbot.org/builds/fedb89e4-11ba-4995-927f-a51101829a59/config
syz repro: https://ci.syzbot.org/findings/7a0cb565-4340-4daf-8de2-06f5b1d2af93/syz_repro

BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 8000000117bc9067 P4D 8000000117bc9067 PUD 0 
Oops: Oops: 0010 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5840 Comm: syz.2.19 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc900035eebf8 EFLAGS: 00010293
RAX: ffffffff82063559 RBX: 1ffff920006bdd84 RCX: ffff88810ba18000
RDX: 0000000000000000 RSI: ffffea0000948000 RDI: ffff88810139d200
RBP: ffffc900035eecb0 R08: ffffea0000948007 R09: 1ffffd4000129000
R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 1ffffd4000129000 R14: ffffea0000948000 R15: 1ffffd4000129001
FS:  00007f2e39ef46c0(0000) GS:ffff88818dc11000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000011578a000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 filemap_read_folio+0x12c/0x3a0 mm/filemap.c:2512
 filemap_create_folio mm/filemap.c:2650 [inline]
 filemap_get_pages+0xe9a/0x21e0 mm/filemap.c:2714
 filemap_read+0x428/0x1700 mm/filemap.c:2841
 __kernel_read+0x4ca/0x960 fs/read_write.c:532
 integrity_kernel_read+0x89/0xd0 security/integrity/iint.c:28
 ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:222 [inline]
 ima_calc_file_hash+0x451/0x890 security/integrity/ima/ima_crypto.c:280
 ima_collect_measurement+0x51b/0xa00 security/integrity/ima/ima_api.c:300
 process_measurement+0x1272/0x1c10 security/integrity/ima/ima_main.c:425
 ima_file_mmap+0x1b0/0x200 security/integrity/ima/ima_main.c:523
 security_mmap_file+0x773/0xa20 security/security.c:2581
 vm_mmap_pgoff+0x134/0x4e0 mm/util.c:575
 ksys_mmap_pgoff+0x57d/0x760 mm/mmap.c:606
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2e38f9ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2e39ef4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f2e39215fa0 RCX: 00007f2e38f9ce59
RDX: 0000000000000007 RSI: 0000000000003000 RDI: 0000200000000000
RBP: 00007f2e39032e6f R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000040033 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2e39216038 R14: 00007f2e39215fa0 R15: 00007ffe3450a298
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc900035eebf8 EFLAGS: 00010293
RAX: ffffffff82063559 RBX: 1ffff920006bdd84 RCX: ffff88810ba18000
RDX: 0000000000000000 RSI: ffffea0000948000 RDI: ffff88810139d200
RBP: ffffc900035eecb0 R08: ffffea0000948007 R09: 1ffffd4000129000
R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 1ffffd4000129000 R14: ffffea0000948000 R15: 1ffffd4000129001
FS:  00007f2e39ef46c0(0000) GS:ffff88818dc11000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000011578a000 CR4: 00000000000006f0


***

If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
  Tested-by: syzbot@syzkaller.appspotmail.com

---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzkaller@googlegroups.com.

To test a patch for this bug, please reply with `#syz test`
(should be on a separate line).

The patch should be attached to the email.
Note: arguments like custom git repos and branches are not supported.

The email will later be sent to:
[akpm@linux-foundation.org christian@brauner.io david@kernel.org jack@suse.cz jane.chu@oracle.com linmiaohe@huawei.com linux-fsdevel@vger.kernel.org linux-mm@kvack.org muchun.song@linux.dev nao.horiguchi@gmail.com osalvador@suse.de willy@infradead.org]

If the report looks fine to you, reply with:
#syz upstream

If the report is a false positive, reply with
#syz invalid


             reply	other threads:[~2026-07-10 20:52 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-10 20:52 syzbot ci [this message]
2026-07-10 23:02 ` [moderation/CI] Re: Use generic_file_read_iter() in hugetlbfs Pimyn Girgis
  -- strict thread matches above, loose matches on Subject: below --
2026-07-08  5:15 syzbot ci

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6a515b94.574492cf.19a3b.0000.GAE@google.com \
    --to=syzbot+cifae32d7ea2365dc0@syzkaller.appspotmail.com \
    --cc=syzbot@lists.linux.dev \
    --cc=syzkaller-upstream-moderation@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.