Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Sep 2011 07:40:17 -0400
From:      John Baldwin <jhb@freebsd.org>
To:        freebsd-net@freebsd.org
Cc:        Ryan Stone <rysto32@gmail.com>, Jack Vogel <jfvogel@gmail.com>, Arnaud Lacombe <lacombar@gmail.com>
Subject:   Re: FreeBSD 7-STABLE mbuf corruption
Message-ID:  <201109140740.17319.jhb@freebsd.org>
In-Reply-To: <CAFMmRNwrD-v52iW5%2Bw_hbgL9battHjXSKcOWBTiMnBHM-cURXg@mail.gmail.com>
References:  <CACqU3MUs9Z9GeuGe=8iVp=MWV6eG-tO%2BkHb1znatsTq2uEqwvA@mail.gmail.com> <CACqU3MV7JRxQ_mNeHCk7RVyzETZLAcc3XL=xyZ-qqtPfRxkZeQ@mail.gmail.com> <CAFMmRNwrD-v52iW5%2Bw_hbgL9battHjXSKcOWBTiMnBHM-cURXg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Tuesday, September 13, 2011 6:29:05 pm Ryan Stone wrote:
> On Tue, Sep 13, 2011 at 2:36 PM, Arnaud Lacombe <lacombar@gmail.com> wrote:
> > It did not crash, yet. The only downside is that after 3h30 and ~4h,
> > igb(4) queues' handler started spinning infinitely, breaking network
> > connectivity.
> 
> I saw a similar issue on HEAD last week.  The attached patch fix the
> problem for me.  The problem was that if a struct task's ta_pending
> field overflows, the task will be inserted into a list when it is
> already in that list, causing a cycle in the list of tasks to be run.
> This causes the taskqueue thread to spin indefinitely as it looks over
> the cycle again and again.
> 
> In case the list eats the patch, it was:
> 
> Index: sys/kern/subr_taskqueue.c
> ===================================================================
> --- sys/kern/subr_taskqueue.c   (revision 225537)
> +++ sys/kern/subr_taskqueue.c   (working copy)
> @@ -173,7 +173,8 @@
>          * Count multiple enqueues.
>          */
>         if (task->ta_pending) {
> -               task->ta_pending++;
> +               if (task->ta_pending < UINT16_MAX)
> +                       task->ta_pending++;
>                 return (0);
>         }

You should probably commit that.  I wonder if it should be a KASSERT() also so 
that it outright panics on a kernel with INVARIANTS enabled so developers will 
go fix their code as it seems to me to likely be a bug to enqueue a task that 
many times.

-- 
John Baldwin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109140740.17319.jhb>