Re: [syzbot] [mm?] WARNING in __folio_rmap_sanity_checks (2)

From: Hillf Danton
Date: Sat Dec 28 2024 - 05:37:18 EST


On Fri, 27 Dec 2024 20:56:21 -0800
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 8155b4ef3466 Add linux-next specific files for 20241220
> git tree: linux-next
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1652fadf980000

#syz test

--- x/include/linux/rmap.h
+++ y/include/linux/rmap.h
@@ -195,7 +195,7 @@ enum rmap_level {
};

static inline void __folio_rmap_sanity_checks(const struct folio *folio,
- const struct page *page, int nr_pages, enum rmap_level level)
+ struct page *page, int nr_pages, enum rmap_level level)
{
/* hugetlb folios are handled separately. */
VM_WARN_ON_FOLIO(folio_test_hugetlb(folio), folio);
@@ -213,8 +213,17 @@ static inline void __folio_rmap_sanity_c
*/

VM_WARN_ON_ONCE(nr_pages <= 0);
- VM_WARN_ON_FOLIO(page_folio(page) != folio, folio);
- VM_WARN_ON_FOLIO(page_folio(page + nr_pages - 1) != folio, folio);
+ if (!folio_test_large(folio)) {
+ VM_WARN_ON_FOLIO(page_folio(page) != folio, folio);
+ VM_WARN_ON_FOLIO(page_folio(page + nr_pages - 1) != folio, folio);
+ } else {
+ struct page *p = compound_head(page);
+
+ VM_WARN_ON_FOLIO(page_folio(p) != folio, folio);
+ p = page + nr_pages - 1;
+ p = compound_head(p);
+ VM_WARN_ON_FOLIO(page_folio(p) != folio, folio);
+ }

switch (level) {
case RMAP_LEVEL_PTE:
--