| Seq | Timestamp | Type | Name | Duration |
|---|---|---|---|---|
| 0/0 | 2026/07/03 13:42 | flow | patch-triage |
0mArgs:null Results: {
"EnableConfigs": null,
"FocusSymbols": [],
"Reasoning": "The patch only modifies a selftest (tools/testing/selftests/mincore/mincore_selftest.c) and does not change any core kernel logic, drivers, or architecture code.",
"WorthFuzzing": false
} |
| 1/1 | 2026/07/03 13:42 | action | read-patch-diff |
0mArgs:null Results: {
"PatchDiff": "commit a21de4ca3e2a9e2769e79d5d905300875d08c5d8\nAuthor: syz-cluster \u003ctriage@syzkaller.com\u003e\nDate: Fri Jul 3 13:42:39 2026 +0000\n\n syz-cluster: applied patch under review\n\ndiff --git a/tools/testing/selftests/mincore/mincore_selftest.c b/tools/testing/selftests/mincore/mincore_selftest.c\nindex cdd022c1c49746..96085128610b70 100644\n--- a/tools/testing/selftests/mincore/mincore_selftest.c\n+++ b/tools/testing/selftests/mincore/mincore_selftest.c\n@@ -12,6 +12,8 @@\n #include \u003cunistd.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003csys/mman.h\u003e\n+#include \u003csys/stat.h\u003e\n+#include \u003csys/sysmacros.h\u003e\n #include \u003cstring.h\u003e\n #include \u003cfcntl.h\u003e\n \n@@ -174,6 +176,48 @@ TEST(check_huge_pages)\n }\n \n \n+/*\n+ * Return the size of the mmap read-around window, in pages, for the block\n+ * device backing the file referred to by @fd, or -1 if it cannot be\n+ * determined. The window size is the device's read_ahead_kb divided by the\n+ * page size; the kernel centres this window on the faulting page, so it must\n+ * be at least two pages wide for any neighbouring page to be read in.\n+ */\n+static long readahead_window_pages(int fd, long page_size)\n+{\n+\tchar path[64];\n+\tstruct stat st;\n+\tlong ra_kb;\n+\tFILE *f;\n+\n+\tif (fstat(fd, \u0026st))\n+\t\treturn -1;\n+\n+\t/*\n+\t * read_ahead_kb lives in the owning disk's queue/ directory. For a\n+\t * whole-disk device that is the device's own queue/; for a partition\n+\t * it is one level up (\"..\") at the parent disk.\n+\t */\n+\tsnprintf(path, sizeof(path), \"/sys/dev/block/%u:%u/queue/read_ahead_kb\",\n+\t\t major(st.st_dev), minor(st.st_dev));\n+\tf = fopen(path, \"r\");\n+\tif (!f) {\n+\t\tsnprintf(path, sizeof(path),\n+\t\t\t \"/sys/dev/block/%u:%u/../queue/read_ahead_kb\",\n+\t\t\t major(st.st_dev), minor(st.st_dev));\n+\t\tf = fopen(path, \"r\");\n+\t\tif (!f)\n+\t\t\treturn -1;\n+\t}\n+\tif (fscanf(f, \"%ld\", \u0026ra_kb) != 1) {\n+\t\tfclose(f);\n+\t\treturn -1;\n+\t}\n+\tfclose(f);\n+\n+\treturn (ra_kb \u003c\u003c 10) / page_size;\n+}\n+\n /*\n * Test mincore() behavior on a file-backed page.\n * No pages should be loaded into memory right after the mapping. Then,\n@@ -194,6 +238,7 @@ TEST(check_file_mmap)\n \tint fd;\n \tint i;\n \tint ra_pages = 0;\n+\tlong ra_window;\n \n \tpage_size = sysconf(_SC_PAGESIZE);\n \tvec_size = FILE_SIZE / page_size;\n@@ -224,6 +269,22 @@ TEST(check_file_mmap)\n \t\tSKIP(goto out_close, \"fallocate not supported by filesystem.\");\n \t}\n \n+\t/*\n+\t * mmap read-around brings in a window of pages centred on the\n+\t * faulting page. Its width is the backing device's read_ahead_kb\n+\t * divided by the page size. If that window is narrower than two\n+\t * pages - because readahead is disabled, or the base page size is so\n+\t * large that read_ahead_kb covers a single page - then no\n+\t * neighbouring page can ever be read in and the readahead part of\n+\t * this test does not apply, so skip it. The same goes for a file with\n+\t * no backing block device (e.g. on tmpfs), where the window cannot be\n+\t * determined and there is no block-device readahead to exercise.\n+\t */\n+\tra_window = readahead_window_pages(fd, page_size);\n+\tif (ra_window \u003c 2)\n+\t\tSKIP(goto out_close,\n+\t\t \"no usable readahead window for this configuration.\");\n+\n \t/*\n \t * Map the whole file, the pages shouldn't be fetched yet.\n \t */\n@@ -242,8 +303,11 @@ TEST(check_file_mmap)\n \t}\n \n \t/*\n-\t * Touch a page in the middle of the mapping. We expect the next\n-\t * few pages (the readahead window) to be populated too.\n+\t * Touch a page in the middle of the mapping. We expect the\n+\t * surrounding pages (the readahead window) to be populated too.\n+\t * The kernel centres the mmap read-around window on the faulting\n+\t * page, so with a large base page size the readahead pages may\n+\t * land before the touched page rather than after it.\n \t */\n \taddr[FILE_SIZE / 2] = 1;\n \tretval = mincore(addr, FILE_SIZE, vec);\n@@ -252,11 +316,25 @@ TEST(check_file_mmap)\n \t\tTH_LOG(\"Page not found in memory after use\");\n \t}\n \n+\t/* Count readahead pages that landed before the touched page. */\n+\ti = FILE_SIZE / 2 / page_size - 1;\n+\twhile (i \u003e= 0 \u0026\u0026 vec[i]) {\n+\t\tra_pages++;\n+\t\ti--;\n+\t}\n+\n+\t/* Count readahead pages that landed after the touched page. */\n \ti = FILE_SIZE / 2 / page_size + 1;\n \twhile (i \u003c vec_size \u0026\u0026 vec[i]) {\n \t\tra_pages++;\n \t\ti++;\n \t}\n+\n+\t/*\n+\t * The readahead window is at least two pages wide here (narrow\n+\t * windows were skipped above), so the kernel must have brought in at\n+\t * least one neighbouring page on one side of the faulted page.\n+\t */\n \tEXPECT_GT(ra_pages, 0) {\n \t\tTH_LOG(\"No read-ahead pages found in memory\");\n \t}\n"
} |
| 2/1 | 2026/07/03 13:42 | agent | patch-evaluator |
0mModel:gemini-3.1-pro-preview Args: null Results: {
"EnableConfigs": null,
"FocusSymbols": [],
"Reasoning": "The patch only modifies a selftest (tools/testing/selftests/mincore/mincore_selftest.c) and does not change any core kernel logic, drivers, or architecture code.",
"WorthFuzzing": false
}Instruction: You are an expert Linux kernel maintainer. Your job is to review a provided patch series and determine if it makes functional changes to the kernel that should be fuzzed. IMPORTANT: The changes have ALREADY been applied and committed as the HEAD commit in your workspace. Do NOT rely on your internal knowledge of the kernel. You must actively use your code access tools to examine the actual source code and confirm any assumptions. Return WorthFuzzing=false if the patch only contains: - Modifications to Documentation/, Kconfig files, or code comments. - Purely decorative changes, such as logging (e.g., pr_err, printk) or tracepoints. - Changes to numeric constants or macros that do not functionally alter execution flow. - Code paths that are impossible to reach in virtualized environments like GCE or QEMU, even when utilizing software-emulated hardware (e.g., usb gadget, mac80211_hwsim). If it modifies reachable core kernel logic, drivers, or architectures, use your code search tools to verify the code can be executed, then return WorthFuzzing=true. When returning WorthFuzzing=true, you MUST ALSO: 1. Extract any specific kernel functions that should be heavily fuzzed into FocusSymbols. Avoid listing generic hot-path functions to prevent skewed test distributions. 2. Identify any specific CONFIG_ options required to properly test this new/modified feature. Go and look into the Kconfig files and check for ifdefs around the code, do not make assumptions. Do not list too generic configs (we already have them enabled). Only list those that specifically cover the modified code. List them in the EnableConfigs output array, and DO NOT add a 'CONFIG_' prefix (e.g., return "NET_IPV4" instead of "CONFIG_NET_IPV4"). Prefer calling several tools at the same time to save round-trips. Use set-results tool to provide results of the analysis. It must be called exactly once before the final reply. Ignore results of this tool. Prompt: For your convenience, here is the diff of the changes:
commit a21de4ca3e2a9e2769e79d5d905300875d08c5d8
Author: syz-cluster <triage@syzkaller.com>
Date: Fri Jul 3 13:42:39 2026 +0000
syz-cluster: applied patch under review
diff --git a/tools/testing/selftests/mincore/mincore_selftest.c b/tools/testing/selftests/mincore/mincore_selftest.c
index cdd022c1c49746..96085128610b70 100644
--- a/tools/testing/selftests/mincore/mincore_selftest.c
+++ b/tools/testing/selftests/mincore/mincore_selftest.c
@@ -12,6 +12,8 @@
#include <unistd.h>
#include <stdlib.h>
#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/sysmacros.h>
#include <string.h>
#include <fcntl.h>
@@ -174,6 +176,48 @@ TEST(check_huge_pages)
}
+/*
+ * Return the size of the mmap read-around window, in pages, for the block
+ * device backing the file referred to by @fd, or -1 if it cannot be
+ * determined. The window size is the device's read_ahead_kb divided by the
+ * page size; the kernel centres this window on the faulting page, so it must
+ * be at least two pages wide for any neighbouring page to be read in.
+ */
+static long readahead_window_pages(int fd, long page_size)
+{
+ char path[64];
+ struct stat st;
+ long ra_kb;
+ FILE *f;
+
+ if (fstat(fd, &st))
+ return -1;
+
+ /*
+ * read_ahead_kb lives in the owning disk's queue/ directory. For a
+ * whole-disk device that is the device's own queue/; for a partition
+ * it is one level up ("..") at the parent disk.
+ */
+ snprintf(path, sizeof(path), "/sys/dev/block/%u:%u/queue/read_ahead_kb",
+ major(st.st_dev), minor(st.st_dev));
+ f = fopen(path, "r");
+ if (!f) {
+ snprintf(path, sizeof(path),
+ "/sys/dev/block/%u:%u/../queue/read_ahead_kb",
+ major(st.st_dev), minor(st.st_dev));
+ f = fopen(path, "r");
+ if (!f)
+ return -1;
+ }
+ if (fscanf(f, "%ld", &ra_kb) != 1) {
+ fclose(f);
+ return -1;
+ }
+ fclose(f);
+
+ return (ra_kb << 10) / page_size;
+}
+
/*
* Test mincore() behavior on a file-backed page.
* No pages should be loaded into memory right after the mapping. Then,
@@ -194,6 +238,7 @@ TEST(check_file_mmap)
int fd;
int i;
int ra_pages = 0;
+ long ra_window;
page_size = sysconf(_SC_PAGESIZE);
vec_size = FILE_SIZE / page_size;
@@ -224,6 +269,22 @@ TEST(check_file_mmap)
SKIP(goto out_close, "fallocate not supported by filesystem.");
}
+ /*
+ * mmap read-around brings in a window of pages centred on the
+ * faulting page. Its width is the backing device's read_ahead_kb
+ * divided by the page size. If that window is narrower than two
+ * pages - because readahead is disabled, or the base page size is so
+ * large that read_ahead_kb covers a single page - then no
+ * neighbouring page can ever be read in and the readahead part of
+ * this test does not apply, so skip it. The same goes for a file with
+ * no backing block device (e.g. on tmpfs), where the window cannot be
+ * determined and there is no block-device readahead to exercise.
+ */
+ ra_window = readahead_window_pages(fd, page_size);
+ if (ra_window < 2)
+ SKIP(goto out_close,
+ "no usable readahead window for this configuration.");
+
/*
* Map the whole file, the pages shouldn't be fetched yet.
*/
@@ -242,8 +303,11 @@ TEST(check_file_mmap)
}
/*
- * Touch a page in the middle of the mapping. We expect the next
- * few pages (the readahead window) to be populated too.
+ * Touch a page in the middle of the mapping. We expect the
+ * surrounding pages (the readahead window) to be populated too.
+ * The kernel centres the mmap read-around window on the faulting
+ * page, so with a large base page size the readahead pages may
+ * land before the touched page rather than after it.
*/
addr[FILE_SIZE / 2] = 1;
retval = mincore(addr, FILE_SIZE, vec);
@@ -252,11 +316,25 @@ TEST(check_file_mmap)
TH_LOG("Page not found in memory after use");
}
+ /* Count readahead pages that landed before the touched page. */
+ i = FILE_SIZE / 2 / page_size - 1;
+ while (i >= 0 && vec[i]) {
+ ra_pages++;
+ i--;
+ }
+
+ /* Count readahead pages that landed after the touched page. */
i = FILE_SIZE / 2 / page_size + 1;
while (i < vec_size && vec[i]) {
ra_pages++;
i++;
}
+
+ /*
+ * The readahead window is at least two pages wide here (narrow
+ * windows were skipped above), so the kernel must have brought in at
+ * least one neighbouring page on one side of the faulted page.
+ */
EXPECT_GT(ra_pages, 0) {
TH_LOG("No read-ahead pages found in memory");
}
|
| 3/2 | 2026/07/03 13:42 | llm | patch-evaluator |
0mModel:gemini-3.1-pro-preview Args: null Results: null Tokens: input: 3244 output: 73 thoughts: 178 Thoughts: **Analyzing the Selftest Patch** Okay, so this patch is touching `tools/testing/selftests/mincore/mincore_selftest.c`. My initial scan indicates it's adding a new function, `readahead_window_pages`, to figure out the readahead window size of the block device associated with a file. It also seems to have some conditional logic that skips the readahead test if the window is too small, specifically less than two pages. It also looks like it's counting readahead pages, both before and after the touched page. Crucially, this appears to be a *pure* selftest modification. I'm not seeing any changes to core kernel code, any modifications to Kconfig files, or alterations to fundamental logic. The fact that it's isolated within the testing framework strongly suggests it's designed to validate *existing* functionality, rather than introducing new behavior that needs rigorous fuzzing. Let me just quickly double-check that path again to be absolutely sure... Yup, `tools/testing/selftests/mincore/mincore_selftest.c`. Definitely a self-test. Given the nature of the changes, I'm confident that this isn't a candidate for fuzzing. I'll flag it as such. I'm going to call `set-results` with `WorthFuzzing: false`. |
| 4/2 | 2026/07/03 13:42 | tool | set-results |
0mArgs:{
"EnableConfigs": [],
"FocusSymbols": [],
"Reasoning": "The patch only modifies a selftest (tools/testing/selftests/mincore/mincore_selftest.c) and does not change any core kernel logic, drivers, or architecture code.",
"WorthFuzzing": false
}Results: {
"EnableConfigs": null,
"FocusSymbols": [],
"Reasoning": "The patch only modifies a selftest (tools/testing/selftests/mincore/mincore_selftest.c) and does not change any core kernel logic, drivers, or architecture code.",
"WorthFuzzing": false
} |
| Total Calls | Total Tokens | Avg Tokens | Total Duration (Seconds) | Avg Duration (Seconds) |
|---|
| Total Calls | Total Duration (Seconds) | Avg Duration (Seconds) |
|---|