Re: WARNING in check_flush_dependency
From: Dmitry Vyukov
Date: Mon Feb 19 2018 - 13:58:41 EST
On Wed, Jan 24, 2018 at 8:39 AM, Johannes Berg
<johannes@xxxxxxxxxxxxxxxx> wrote:
> On Mon, 2018-01-22 at 23:39 -0800, syzbot wrote:
>> Hello,
>>
>> syzbot hit the following crash on upstream commit
>> 0d665e7b109d512b7cae3ccef6e8654714887844 (Fri Jan 19 12:49:24 2018 +0000)
>> mm, page_vma_mapped: Drop faulty pointer arithmetics in check_pte()
>>
>> So far this crash happened 23 times on net-next, upstream.
>> C reproducer is attached.
>> syzkaller reproducer is attached.
>> Raw console output is attached.
>> compiler: gcc (GCC) 7.1.1 20170620
>> .config is attached.
>> user-space arch: i386
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+41cdaf4232c50e658934@xxxxxxxxxxxxxxxxxxxxxxxxx
>> It will help syzbot understand when the bug is fixed. See footer for
>> details.
>> If you forward the report, please keep this part and the footer.
>>
>> ------------[ cut here ]------------
>> workqueue: WQ_MEM_RECLAIM hwsim_wq:destroy_radio is
>> flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog
>> WARNING: CPU: 0 PID: 3706 at kernel/workqueue.c:2439
>> check_flush_dependency+0x239/0x380 kernel/workqueue.c:2435
>> Kernel panic - not syncing: panic_on_warn set ...
>
> Yeah, we clearly shouldn't have WQ_RECLAIM set on this workqueue...
Hi Johannes,
Do you mind to send a patch to fix this?