From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8265513AD1C for ; Thu, 1 Jan 2026 17:06:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767287189; cv=none; b=YjaWTmr+cX9r1ii9+02a9u55/HaiLhkt+vHk+H7wzKKpotLwxgQIWYav+GC/l5qRoj37bKyTD01mIJldW58nOF5/B0L5inwERddhoOkt5aGhma07E4L5O6gP8/0OJnTKvXTpblgafLlIxDJmHo4nyPTc1UuYl3nUD7iy+wGSyGw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767287189; c=relaxed/simple; bh=7VHb7gFbCaM/hW85Z3HtqU3Jb9hcgEWJXjsR78x3bpQ=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=uRyFEo6GJVJerPoa41XD8Riumv21U7XUFQqhvtMRUshZd5SBXYkaa7fOFW0q4+VFqPlrul6oPJbDknRux8/lXQFi+OM9BGc2GO+HtZc/hYBIW3xNaUGh1l2hCZP8EeC0aLW/zAdrBpSgl26bF3Wrr5jDS4ohjOwvTlMmZDSfdk8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qX+LPAe+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qX+LPAe+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 794BAC4CEF7; Thu, 1 Jan 2026 17:06:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1767287189; bh=7VHb7gFbCaM/hW85Z3HtqU3Jb9hcgEWJXjsR78x3bpQ=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=qX+LPAe+FZg99nJcTvX6Zs/zpVzkkdM/I6MZvCitoMZUmIAwdsFrU+3fL78cUPkeN ZSpyKFTnbNbxZeVp9BMcStFWr5V3otjSpxy3f1SzH8lo4nR5nYS7G/zbKpqq4zKgKz tidPVU5Y4tmy3RYeoJyiAMkTpMl6VUW1EqI0SK8Z7D7AgE1Xcts1DLpFY3rL/hW6nq mFAVBYXW4OyBgOYIdOCZSGtP48aJa87NBfdeazMz5UqpGAUU1Zbaoq8qHe9/pdCvea rWxIrpT8Svvb38EDIJKdYGhb2J5zA/9/zxY6EQqZtuNEBtDe/0C8sSLII9XWnwlIRa UbKXOItsyA+MQ== Message-ID: Date: Thu, 1 Jan 2026 18:06:23 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [syzbot] [mm?] WARNING in folio_remove_rmap_ptes To: Lorenzo Stoakes , Jeongjun Park Cc: Harry Yoo , Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, riel@surriel.com, syzbot+b165fc2e11771c66d8ba@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com, vbabka@suse.cz References: <20260101130906.839504-1-aha310510@gmail.com> <794095b5-e9ee-4fff-8e3a-1e6b98e670a2@lucifer.local> From: "David Hildenbrand (Red Hat)" Content-Language: en-US In-Reply-To: <794095b5-e9ee-4fff-8e3a-1e6b98e670a2@lucifer.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/1/26 17:32, Lorenzo Stoakes wrote: > On Thu, Jan 01, 2026 at 11:30:52PM +0900, Jeongjun Park wrote: >> >> Based on my testing, I found that the WARNING starts from commit >> d23cb648e365 ("mm/mremap: permit mremap() move of multiple VMAs"), >> which is right after commit 2cf442d74216 ("mm/mremap: clean up mlock >> populate behavior") in Lorenzo's mremap-related patch series. > > OK let me take a look. Trying to make sense of the reproducer and how bpf comes into play ... I assume BPF is only used to install a uprobe. We seem to create a file0 and register a uprobe on it. We then mmap() that file with PROT_NONE. We should end up in uprobe_mmap() and trigger a COW fault -> allocate an anon_vma. So likely the bpf magic is only there to allocate an anon_vma for a PROT_NONE region. But it's all a bit confusing ... :) -- Cheers David