From owner-svn-src-head@freebsd.org Tue Mar 7 00:20:03 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 312C4CFA1F3; Tue, 7 Mar 2017 00:20:03 +0000 (UTC) (envelope-from hiren@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F25E819A3; Tue, 7 Mar 2017 00:20:02 +0000 (UTC) (envelope-from hiren@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v270K2jn039656; Tue, 7 Mar 2017 00:20:02 GMT (envelope-from hiren@FreeBSD.org) Received: (from hiren@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v270K2vA039655; Tue, 7 Mar 2017 00:20:02 GMT (envelope-from hiren@FreeBSD.org) Message-Id: <201703070020.v270K2vA039655@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: hiren set sender to hiren@FreeBSD.org using -f From: Hiren Panchasara Date: Tue, 7 Mar 2017 00:20:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r314813 - head/sys/kern X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 00:20:03 -0000 Author: hiren Date: Tue Mar 7 00:20:01 2017 New Revision: 314813 URL: https://svnweb.freebsd.org/changeset/base/314813 Log: We've found a recurring problem where some userland process would be stuck spinning at 100% cpu around sbcut_internal(). Inside sbflush_internal(), sb_ccc reached to about 4GB and before passing it to sbcut_internal(), we type-cast it from uint to int making it -ve. The root cause of sockbuf growing this large is unknown. Correct fix is also not clear but based on mailing list discussions, adding KASSERTs to panic instead of looping endlessly. Reviewed by: glebius Sponsored by: Limelight Networks Modified: head/sys/kern/uipc_sockbuf.c Modified: head/sys/kern/uipc_sockbuf.c ============================================================================== --- head/sys/kern/uipc_sockbuf.c Tue Mar 7 00:13:53 2017 (r314812) +++ head/sys/kern/uipc_sockbuf.c Tue Mar 7 00:20:01 2017 (r314813) @@ -1043,6 +1043,11 @@ sbcut_internal(struct sockbuf *sb, int l { struct mbuf *m, *next, *mfree; + KASSERT(len > 0, ("%s: len is %d but it is supposed to be +ve", + __func__, len)); + KASSERT(len <= sb->sb_ccc, ("%s: len: %d is > ccc: %u", + __func__, len, sb->sb_ccc)); + next = (m = sb->sb_mb) ? m->m_nextpkt : 0; mfree = NULL;