This is a fascinating bug. The way that FreeBSD handles superpage demotion by default will trigger it (it doesn’t do any TLB shoot downs, because a stale 4K mapping is still fine and hitting with the stale mapping is cheaper than an IPI and then missing with the superpage mapping), if instruction fetch on the page happens at the right time. I wonder if people have noted FreeBSD crashing the hypervisor more than other systems.
This is a fascinating bug. The way that FreeBSD handles superpage demotion by default will trigger it (it doesn’t do any TLB shoot downs, because a stale 4K mapping is still fine and hitting with the stale mapping is cheaper than an IPI and then missing with the superpage mapping), if instruction fetch on the page happens at the right time. I wonder if people have noted FreeBSD crashing the hypervisor more than other systems.