Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes

From: David Hildenbrand (Red Hat)
Date: Thu Jan 01 2026 - 12:06:31 EST

Next message: J. Neuschäfer via B4 Relay: "[PATCH] powerpc: DTS: mpc8313erdb: Add timer@*/clock-frequency properties"
Previous message: J. Neuschäfer via B4 Relay: "[PATCH v5] dt-bindings: powerpc: Add Freescale/NXP MPC83xx SoCs"
In reply to: Lorenzo Stoakes: "Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes"
Next in thread: Lorenzo Stoakes: "Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/1/26 17:32, Lorenzo Stoakes wrote:

On Thu, Jan 01, 2026 at 11:30:52PM +0900, Jeongjun Park wrote:

Based on my testing, I found that the WARNING starts from commit
d23cb648e365 ("mm/mremap: permit mremap() move of multiple VMAs"),
which is right after commit 2cf442d74216 ("mm/mremap: clean up mlock
populate behavior") in Lorenzo's mremap-related patch series.

OK let me take a look.

Trying to make sense of the reproducer and how bpf comes into play ... I assume BPF is only used to install a uprobe.

We seem to create a file0 and register a uprobe on it.

We then mmap() that file with PROT_NONE. We should end up in uprobe_mmap() and trigger a COW fault -> allocate an anon_vma.

So likely the bpf magic is only there to allocate an anon_vma for a PROT_NONE region.

But it's all a bit confusing ... :)

--
Cheers

David

Next message: J. Neuschäfer via B4 Relay: "[PATCH] powerpc: DTS: mpc8313erdb: Add timer@*/clock-frequency properties"
Previous message: J. Neuschäfer via B4 Relay: "[PATCH v5] dt-bindings: powerpc: Add Freescale/NXP MPC83xx SoCs"
In reply to: Lorenzo Stoakes: "Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes"
Next in thread: Lorenzo Stoakes: "Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]