Comment 15 for bug 1837430

Based on the code review, it is an obvious problem which was introduced by race condition.

The epi is removed from list by list_del_rcu(&epi->fllink) under list_for_each_entry_rcu() without rcu_read_lock. If the rcu grace-period thread free epi before next list_for_each loop, the content of epi will be corrupted.

Normally, the rcu read should be protected by rcu_read_lock. For performance optimization, it does not hold the lock here. But it removes the item from list and call_rcu() to free the pointer. The rcu task is running in background with about (HZ/10). The gap between call_rcu() and next loop is only a few C lines without sleep/sched. So it is very hard to reproduce it.

I think this is the reason that this patch is not in original Centos kernel. I checked it in https://git.centos.org/rpms/kernel/raw/c7/f/SPECS/kernel.spec, and did not found this patch currently.