From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S968870AbdD0Ubn (ORCPT ); Thu, 27 Apr 2017 16:31:43 -0400 Received: from mail-wm0-f44.google.com ([74.125.82.44]:35878 "EHLO mail-wm0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S968851AbdD0Ubc (ORCPT ); Thu, 27 Apr 2017 16:31:32 -0400 MIME-Version: 1.0 In-Reply-To: References: From: Cong Wang Date: Thu, 27 Apr 2017 13:31:10 -0700 Message-ID: Subject: Re: Boot regression caused by kauditd To: Paul Moore Cc: LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 26, 2017 at 2:20 PM, Paul Moore wrote: > Thanks for the report, this is the only one like it that I've seen. > I'm looking at the code in Linus' tree and I'm not seeing anything > obvious ... looking at the trace above it appears that the problem is > when get_net() goes to bump the refcount and the passed net pointer is > NULL; unless I'm missing something, the only way this would happen in > kauditd_thread() is if the auditd_conn.pid value is non-zero but the > auditd_conn.net pointer is NULL. > > That shouldn't happen. > Looking at the code that reads/writes the global auditd_conn, I don't see how it even works with RCU+spinlock, RCU plays with pointers and you have to make a copy as its name implies. But it looks like you simply use RCU+spinlock as a traditional rwlock, it doesn't work.