From owner-freebsd-net@FreeBSD.ORG  Wed Sep 14 11:48:43 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 20BF1106564A
	for <freebsd-net@freebsd.org>; Wed, 14 Sep 2011 11:48:43 +0000 (UTC)
	(envelope-from jhb@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id EA2CC8FC17
	for <freebsd-net@freebsd.org>; Wed, 14 Sep 2011 11:48:42 +0000 (UTC)
Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net
	[66.111.2.69])
	by cyrus.watson.org (Postfix) with ESMTPSA id 9DD5B46B09;
	Wed, 14 Sep 2011 07:48:42 -0400 (EDT)
Received: from jhbbsd.localnet (unknown [209.249.190.124])
	by bigwig.baldwin.cx (Postfix) with ESMTPSA id 2605F8A02F;
	Wed, 14 Sep 2011 07:48:42 -0400 (EDT)
From: John Baldwin <jhb@freebsd.org>
To: freebsd-net@freebsd.org
Date: Wed, 14 Sep 2011 07:40:17 -0400
User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110617; KDE/4.5.5; amd64; ; )
References: <CACqU3MUs9Z9GeuGe=8iVp=MWV6eG-tO+kHb1znatsTq2uEqwvA@mail.gmail.com>
	<CACqU3MV7JRxQ_mNeHCk7RVyzETZLAcc3XL=xyZ-qqtPfRxkZeQ@mail.gmail.com>
	<CAFMmRNwrD-v52iW5+w_hbgL9battHjXSKcOWBTiMnBHM-cURXg@mail.gmail.com>
In-Reply-To: <CAFMmRNwrD-v52iW5+w_hbgL9battHjXSKcOWBTiMnBHM-cURXg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201109140740.17319.jhb@freebsd.org>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6
	(bigwig.baldwin.cx); Wed, 14 Sep 2011 07:48:42 -0400 (EDT)
Cc: Ryan Stone <rysto32@gmail.com>, Jack Vogel <jfvogel@gmail.com>,
	Arnaud Lacombe <lacombar@gmail.com>
Subject: Re: FreeBSD 7-STABLE mbuf corruption
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2011 11:48:43 -0000

On Tuesday, September 13, 2011 6:29:05 pm Ryan Stone wrote:
> On Tue, Sep 13, 2011 at 2:36 PM, Arnaud Lacombe <lacombar@gmail.com> wrote:
> > It did not crash, yet. The only downside is that after 3h30 and ~4h,
> > igb(4) queues' handler started spinning infinitely, breaking network
> > connectivity.
> 
> I saw a similar issue on HEAD last week.  The attached patch fix the
> problem for me.  The problem was that if a struct task's ta_pending
> field overflows, the task will be inserted into a list when it is
> already in that list, causing a cycle in the list of tasks to be run.
> This causes the taskqueue thread to spin indefinitely as it looks over
> the cycle again and again.
> 
> In case the list eats the patch, it was:
> 
> Index: sys/kern/subr_taskqueue.c
> ===================================================================
> --- sys/kern/subr_taskqueue.c   (revision 225537)
> +++ sys/kern/subr_taskqueue.c   (working copy)
> @@ -173,7 +173,8 @@
>          * Count multiple enqueues.
>          */
>         if (task->ta_pending) {
> -               task->ta_pending++;
> +               if (task->ta_pending < UINT16_MAX)
> +                       task->ta_pending++;
>                 return (0);
>         }

You should probably commit that.  I wonder if it should be a KASSERT() also so 
that it outright panics on a kernel with INVARIANTS enabled so developers will 
go fix their code as it seems to me to likely be a bug to enqueue a task that 
many times.

-- 
John Baldwin