"value":"In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()\n\nFor the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and\nCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()\nin the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:\n\n CPU2 CPU11\nkthread\nrcu_nocb_cb_kthread ksys_write\nrcu_do_batch vfs_write\nrcu_torture_timer_cb proc_sys_write\n__kmem_cache_free proc_sys_call_handler\nkmemleak_free drop_caches_sysctl_handler\ndelete_object_full drop_slab\n__delete_object shrink_slab\nput_object lazy_rcu_shrink_scan\ncall_rcu rcu_nocb_flush_bypass\n__call_rcu_commn rcu_nocb_bypass_lock\n raw_spin_trylock(&rdp->nocb_bypass_lock) fail\n atomic_inc(&rdp->nocb_lock_contended);\nrcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu);\n WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) |\n |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|\n\nReproduce this bug with \"echo 3 > /proc/sys/vm/drop_caches\".\n\nThis commit therefore uses rcu_nocb_try_flush_bypass() instead of\nrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass\nqueue is being flushed, then rcu_nocb_try_flush_bypass will return\ndirectly."
