[Bug 231064] data abort in in_pcbremlbgrouphash() on ThunderX
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Sep 1 22:14:10 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231064
--- Comment #1 from Mark Johnston <markj at FreeBSD.org> ---
It looks like the lbgroup hash table is getting corrupted; many of the list
heads are equal to 0xffffff00ffffff or 0xffffff. Nothing on the system
actually uses SO_REUSEPORT_LB, so we shouldn't be inserting any hash table
entries. I tried making the hash-table read-only using pmap_protect(), but
that doesn't seem to catch the problem - the system still panics the same way.
This plus the fact that the bug is apparently sensitive to memory layout (goes
away when compiling with GENERIC or when increasing KSTACK_PAGES) makes it seem
like this isn't a generic kernel bug.
That said, there are some bugs in the SO_REUSEPORT_LB implementation:
- Lookups are protected with epoch, but the hash table doesn't use CK_ lists
and we don't defer frees of the hash table entries.
- in_pcblbgroup_free() uses the wrong malloc type.
- Lots of style bugs.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list