From a789d36dbe0be98594761131e2235fef955a8e4a Mon Sep 17 00:00:00 2001
From: markj <markj@FreeBSD.org>
Date: Wed, 23 Oct 2019 17:58:19 +0000
Subject: [PATCH] Verify identity after checking for WAITFAIL in
 vm_page_busy_acquire().

A caller that does not guarantee that a page's identity won't change
while sleeping for a busy lock must specify either NOWAIT or WAITFAIL.

Reported by:	syzkaller
Reviewed by:	alc, kib
Discussed with:	jeff
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D22124
---
 sys/vm/vm_page.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c
index 1f7b82fdf7e3..e3ebe2d6ca26 100644
--- a/sys/vm/vm_page.c
+++ b/sys/vm/vm_page.c
@@ -900,9 +900,11 @@ vm_page_busy_acquire(vm_page_t m, int allocflags)
 		    (allocflags & VM_ALLOC_SBUSY) != 0, locked);
 		if (locked)
 			VM_OBJECT_WLOCK(obj);
-		MPASS(m->object == obj || m->object == NULL);
 		if ((allocflags & VM_ALLOC_WAITFAIL) != 0)
 			return (FALSE);
+		KASSERT(m->object == obj || m->object == NULL,
+		    ("vm_page_busy_acquire: page %p does not belong to %p",
+		    m, obj));
 	}
 }