On 04/17/2016 01:29 PM, Alexei Starovoitov wrote: > On Sun, Apr 17, 2016 at 12:58:21PM -0400, Sasha Levin wrote: >> > Hi all, >> > >> > I've hit the following while fuzzing with syzkaller inside a KVM tools >> > guest >> > running the latest -next kernel: > thanks for the report. Adding Tejun... > if I read the report correctly it's not about bpf, but rather points to > the issue inside percpu logic. > First __alloc_percpu_gfp() is called, then the memory is freed with > free_percpu() which triggers async pcpu_balance_work and then > pcpu_extend_area_map is hitting use-after-free. > I guess bpf percpu array map is stressing this logic the most. > Any simpler steps to reproduce ?
No simple way to reproduce. I blamed bpf because I saw a few traces and it was only bpf that was causing it, there was no other reasoning behind it. Thanks, Sasha
