On 5/7/21 12:36 PM, Stefano Brivio wrote:
Can you reproduce this reliably? That would be helpful.
No :-( this is a live production system. The backtrace was triggered by real life traffic. Even worse, I can't hack the kernel with a patch ... We should stick to debian kernel builds for production systems per our internal policy.
However, the nft ruleset is quite simple. It should be possible for you to grab a similar arch CPU, introduce the ruleset and generate some traffic to trigger the lookup(), no?
Thanks for your prompt response, also Florian for the patch proposal!
