On Wed, Apr 21, 2021 at 11:28:17PM +0200, Hrvoje Popovski wrote:
> with this diff i'm getting panic when i'm pushing traffic over that box.
Thanks for testing.
> I'm sending traffic from host connected on ix0 from address 10.10.0.1 to
> host connected to ix1 to addresses 10.11.0.1 - 10.11.255.255 at cca 10Mpps
I don't see the panic, but for you it is easily reproducable. I
use only 1 destination address, but you have 65000. Maybe is is a
routing or ARP issue.
> x3550m4# panic: pool_cache_item_magic_check: mbufpl cpu free list
> modified: item addr 0xfffffd8066bbd6
This is a use after free bug with the mbuf. Either our pool is not
MP safe or mbuf handling anywhere in the driver or network stack
is buggy.
As a wild guess, you could apply this diff on top. Something similar
has fixed IPv6 NDP problem I have seen. Maybe it is in the routing
table, that is used for ARP and NDP.
bluhm
--- net/if_ethersubr.c
+++ net/if_ethersubr.c
@@ -222,7 +222,10 @@ ether_resolve(struct ifnet *ifp, struct mbuf *m, struct
sockaddr *dst,
switch (af) {
case AF_INET:
+ KERNEL_LOCK();
+ /* XXXSMP there is a MP race in arpresolve() */
error = arpresolve(ifp, rt, m, dst, eh->ether_dhost);
+ KERNEL_UNLOCK();
if (error)
return (error);
eh->ether_type = htons(ETHERTYPE_IP);
