[Bug 231064] data abort in in_pcbremlbgrouphash() on ThunderX

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Sep 1 22:14:10 UTC 2018


--- Comment #1 from Mark Johnston <markj at FreeBSD.org> ---
It looks like the lbgroup hash table is getting corrupted; many of the list
heads are equal to 0xffffff00ffffff or 0xffffff.  Nothing on the system
actually uses SO_REUSEPORT_LB, so we shouldn't be inserting any hash table
entries.  I tried making the hash-table read-only using pmap_protect(), but
that doesn't seem to catch the problem - the system still panics the same way. 
This plus the fact that the bug is apparently sensitive to memory layout (goes
away when compiling with GENERIC or when increasing KSTACK_PAGES) makes it seem
like this isn't a generic kernel bug.

That said, there are some bugs in the SO_REUSEPORT_LB implementation:
- Lookups are protected with epoch, but the hash table doesn't use CK_ lists
and we don't defer frees of the hash table entries.
- in_pcblbgroup_free() uses the wrong malloc type.
- Lots of style bugs.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list