Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes

[Lorenzo Stoakes]

On Thu, Jan 01, 2026 at 05:33:11PM +0900, Jeongjun Park wrote:
> #syz test upstream master
>
> ---
>  mm/mremap.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/mm/mremap.c b/mm/mremap.c
> index 672264807db6..9d823ac8ebd3 100644
> --- a/mm/mremap.c
> +++ b/mm/mremap.c
> @@ -1604,6 +1604,9 @@ static bool vrm_move_only(struct vma_remap_struct *vrm)
>  	if (!(vrm->flags & MREMAP_FIXED))
>  		return false;
>
> +	if (vrm->flags & MREMAP_DONTUNMAP)
> +		return false;
> +
>  	if (vrm->old_len != vrm->new_len)
>  		return false;
>
> --

How useful is this when it's a heisenbug that Harry can't repro, I can't
repro and you repro'd just once I think?

Unless syzbot happens to always hit this (I see one single report in the
dashboard so presumably no), it'll potentially say any patch fixes it
right?

Also - this bug might already exist even without the move functionality -
which should be equivalent to a series of mremap() calls, just done all at
once for convenience.

So this patch wouldn't necessarily fix the underlying problem, even if
MREMAP_DONTUNMAP is the issue (the syzbot script is presumably relying on
the batched move logic, but it doesn't mean that is necessary for this bug
to be hit, it maybe alters timing?)

Thanks, Lorenzo