On Wed, Jun 10, 2026 at 06:29:12PM +0800, Baolin Wang wrote: [...] >@@ -2808,7 +2875,7 @@ static enum scan_result collapse_single_pmd(unsigned >long addr, > mmap_read_unlock(mm); > *lock_dropped = true; > retry: >- result = collapse_scan_file(mm, addr, file, pgoff, cc); >+ result = collapse_scan_file(mm, vma, addr, file, pgoff, cc);
Looks unsafe to pass "vma" down here, since we have already dropped mmap_read_unlock(mm) ... A racing munmap() could leave it stale before collapse_scan_file() use it, no? Cheers, Lance
