Re: [syzbot] kernel BUG in find_lock_entries
From: syzbot
Date: Mon Aug 09 2021 - 18:51:30 EST
> On Mon, Aug 09, 2021 at 02:02:22PM -0700, syzbot wrote:
>> The issue was bisected to:
>>
>> commit 997acaf6b4b59c6a9c259740312a69ea549cc684
>> Author: Mark Rutland <mark.rutland@xxxxxxx>
>> Date: Mon Jan 11 15:37:07 2021 +0000
>>
>> lockdep: report broken irq restoration
>
> That's just a bogus bisection. The correct bad commit is 5c211ba29deb.
>
>> kernel BUG at mm/filemap.c:2041!
>> invalid opcode: 0000 [#1] PREEMPT SMP KASAN
>> CPU: 1 PID: 24786 Comm: syz-executor626 Not tainted 5.14.0-rc4-syzkaller #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
>> RIP: 0010:find_lock_entries+0x10d5/0x1110 mm/filemap.c:2041
>
> This patch should fix it. It's not just removing the warning; this
> warning duplicates the warning a few lines down (after taking the
> lock). It's not safe to make this assertion without holding the page
> lock as the page can move between the page cache and the swap cache.
>
> #syz test
want 2 args (repo, branch), got 4
>
> diff --git a/mm/filemap.c b/mm/filemap.c
> index d1458ecf2f51..34de0b14aaa9 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -2038,7 +2038,6 @@ unsigned find_lock_entries(struct address_space *mapping, pgoff_t start,
> if (!xa_is_value(page)) {
> if (page->index < start)
> goto put;
> - VM_BUG_ON_PAGE(page->index != xas.xa_index, page);
> if (page->index + thp_nr_pages(page) - 1 > end)
> goto put;
> if (!trylock_page(page))