On 5/3/20 10:25 PM, Nikolaus Rath wrote:
> On May 03 2020, Gabriel Krisman Bertazi <krisman@xxxxxxxxxxxxx> wrote:
>> Matthew Wilcox <willy@xxxxxxxxxxxxx> writes:
>>
>>> On Sun, May 03, 2020 at 09:43:41AM +0100, Nikolaus Rath wrote:
>>>> Here's what I got:
>>>>
>>>> [ 221.277260] page:ffffec4bbd639880 refcount:1 mapcount:0 mapping:0000000000000000 index:0xd9
>>>> [ 221.277265] flags: 0x17ffffc0000097(locked|waiters|referenced|uptodate|lru)
>>>> [ 221.277269] raw: 0017ffffc0000097 ffffec4bbd62f048 ffffec4bbd619308 0000000000000000
>>>> [ 221.277271] raw: 00000000000000d9 0000000000000000 00000001ffffffff ffff9aec11beb000
>>>> [ 221.277272] page dumped because: fuse: trying to steal weird page
>>>> [ 221.277273] page->mem_cgroup:ffff9aec11beb000
>>>
>>> Great! Here's the condition:
>>>
>>> if (page_mapcount(page) ||
>>> page->mapping != NULL ||
>>> page_count(page) != 1 ||
>>> (page->flags & PAGE_FLAGS_CHECK_AT_PREP &
>>> ~(1 << PG_locked |
>>> 1 << PG_referenced |
>>> 1 << PG_uptodate |
>>> 1 << PG_lru |
>>> 1 << PG_active |
>>> 1 << PG_reclaim))) {
>>>
>>> mapcount is 0, mapping is NULL, refcount is 1, so that's all fine.
>>> flags has 'waiters' set, which is not in the allowed list. I don't
>>> know the internals of FUSE, so I don't know why that is.
>>>
>>
>> On the first message, Nikolaus sent the following line:
>>
>>>> [ 2333.009937] fuse: page=00000000dd1750e3 index=2022240 flags=17ffffc0000097, count=1,
>>>> mapcount=0, mapping=00000000125079ad
>>
>> It should be noted that on the second run, where we got the dump_page
>> log, it indeed had a null mapping, which is similar to what Nikolaus
>> asked on the previous thread he linked to, but looks like this wasn't
>> the case on at least some of the reproductions of the issue. On the
>> line above, the condition that triggered the warning was page->mapping
>> != NULL. I don't know what to do with this information, though.
>
> Indeed, that's curious. I've modified the patch slightly to print both
> the old and the new message to confirm. And indeed:
>
> [ 260.882873] fuse: trying to steal weird page
> [ 260.882879] fuse: page=00000000813e7570 index=2010048 flags=17ffffc0000097, count=1, mapcount=0, mapping=0000000094844a11
fuse_check_page() is using %p for these, so they are hashed (IIRC that means the
upper part is zeroed and the lower hashed)
> [ 260.882882] page:ffffe13431bcc000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x1eabc0
__dump_page() in 5.6 uses %px so they are unmodified. Thus it's really a NULL
pointer.
For extra fun, __dump_page() in 5.7 will also print page pointer unmodified, but
mapping will become hashed too.
Yeah it would be nice if NULLish values were treated specially, as
0000000094844a11 instead of NULL is really misleading. __dump_page() is fine
thanks to the raw dump, but other places perhaps not.
