Re: [x86] BUG: unable to handle kernel paging request at 00740060

[Oleg Nesterov]

I'll try to find other messages to understand what you are talking
about, just one note for now....

On 10/07, Linus Torvalds wrote:
>
> Your oops makes very little sense, it looks like task_work_run() just
> called out to random crap, probably because the work was already
> released, so "work->func()" ends up being bad.

Or task_work_run() can hit work->func == NULL if do_exit() is called
twice if, say, the task does BUG() after exit_task_work().

> participants anyway, just in case there is some race. The comment says
> that it can race with task_work_cancel() playing with *work. Oleg,
> comments?

The comment tries to say that if we are racing with task_work_cancel()
it can't delete the first entry == work, we won the race, its
cmpxchg(task->task_works) should fail.

Howver, task_work_cancel() can delete one of the next entries and
change, say, work->next. And we need to wait anyway if it scans this
list.

I'll try to recheck, but so far I do not see anything wrong.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/