Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes
From: Lorenzo Stoakes
Date: Thu Jan 01 2026 - 16:29:17 EST
On Thu, Jan 01, 2026 at 06:06:23PM +0100, David Hildenbrand (Red Hat) wrote:
> On 1/1/26 17:32, Lorenzo Stoakes wrote:
> > On Thu, Jan 01, 2026 at 11:30:52PM +0900, Jeongjun Park wrote:
> > >
> > > Based on my testing, I found that the WARNING starts from commit
> > > d23cb648e365 ("mm/mremap: permit mremap() move of multiple VMAs"),
> > > which is right after commit 2cf442d74216 ("mm/mremap: clean up mlock
> > > populate behavior") in Lorenzo's mremap-related patch series.
> >
> > OK let me take a look.
>
> Trying to make sense of the reproducer and how bpf comes into play ... I
> assume BPF is only used to install a uprobe.
>
> We seem to create a file0 and register a uprobe on it.
>
> We then mmap() that file with PROT_NONE. We should end up in uprobe_mmap()
> and trigger a COW fault -> allocate an anon_vma.
>
> So likely the bpf magic is only there to allocate an anon_vma for a
> PROT_NONE region.
>
> But it's all a bit confusing ... :)
>
> --
> Cheers
>
> David
OK I had a huge reply going through all of Jeongjun's stuff (thanks for
reporting!) but then got stuck into theories and highways and byways... all the
while I couldn't repro.
Well now I can repro reliably, finally!
So I will dig into this more tomorrow. Having a reliable repro makes this
vastly easier.
I have theories... almost tempting to carry on right now but I'll end up
not sleeping :)
Cheers, Lorenzo