From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 16 16:30:06 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42FEC1065676 for ; Tue, 16 Feb 2010 16:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 06E158FC14 for ; Tue, 16 Feb 2010 16:30:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o1GGU5qV034485 for ; Tue, 16 Feb 2010 16:30:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o1GGU5Qr034484; Tue, 16 Feb 2010 16:30:05 GMT (envelope-from gnats) Resent-Date: Tue, 16 Feb 2010 16:30:05 GMT Resent-Message-Id: <201002161630.o1GGU5Qr034484@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthew Fleming Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FAF21065672 for ; Tue, 16 Feb 2010 16:20:45 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 3F9B48FC14 for ; Tue, 16 Feb 2010 16:20:45 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o1GGKjSa065323 for ; Tue, 16 Feb 2010 16:20:45 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o1GGKiDH065322; Tue, 16 Feb 2010 16:20:44 GMT (envelope-from nobody) Message-Id: <201002161620.o1GGKiDH065322@www.freebsd.org> Date: Tue, 16 Feb 2010 16:20:44 GMT From: Matthew Fleming To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/144003: [lor] kqueue / system map X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Feb 2010 16:30:06 -0000 >Number: 144003 >Category: kern >Synopsis: [lor] kqueue / system map >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 16 16:30:05 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Matthew Fleming >Release: releng/7.2 >Organization: Isilon Systems >Environment: Isilon OneFS mdf-head-1 vHEAD Isilon OneFS vHEAD B_6211(DEBUG): 0x600000E00184300:Mon Feb 15 04:47:17 PST 2010 root@fastbuild-02.west.isilon.com:/build/mnt/obj.DEBUG/build/mnt/src/sys/IQ.amd64.debug amd64 >Description: We've been seeing LOR #185 on http://sources.zabbadoz.net/freebsd/lor.html since October 2007 on and off. lock order reversal: 1st 0xffffff010a371600 kqueue (kqueue) @ /build/mnt/src/sys/kern/kern_event.c:1056 2nd 0xffffff009541b3d0 system map (system map) @ /build/mnt/src/sys/vm/vm_map.c:2424 Stack: ------------------------------------------------- 0xffffffff802117f9 -> 0xffffffff802117b0 (fp=0xffffffffde8f95c0): _mtx_lock_flags 0xffffffff80366047 -> 0xffffffff80366020 (fp=0xffffffffde8f95e0): _vm_map_lock 0xffffffff80368d8d -> 0xffffffff80368d60 (fp=0xffffffffde8f9610): vm_map_remove 0xffffffff8035f0a4 -> 0xffffffff8035f050 (fp=0xffffffffde8f9630): uma_large_free 0xffffffff8020ea20 -> 0xffffffff8020e9b0 (fp=0xffffffffde8f9660): free 0xffffffff801f82ed -> 0xffffffff801f8120 (fp=0xffffffffde8f96a0): kqueue_expand 0xffffffff801f9675 -> 0xffffffff801f9110 (fp=0xffffffffde8f9720): kqueue_register 0xffffffff801f9e60 -> 0xffffffff801f9d70 (fp=0xffffffffde8f98e0): kern_kevent 0xffffffff803ba626 -> 0xffffffff803ba5e0 (fp=0xffffffffde8f9940): freebsd32_kevent 0xffffffff803b97aa -> 0xffffffff803b94c0 (fp=0xffffffffde8f9c20): ia32_syscall >How-To-Repeat: unknown; kqueue_expand will call free(9) regularly but I think most of the time it doesn't cause the LOR. >Fix: Patch attached with submission follows: Index: kern_event.c =================================================================== --- kern_event.c (revision 140805) +++ kern_event.c (working copy) @@ -1094,82 +1094,86 @@ kqueue_schedtask(struct kqueue *kq) /* * Expand the kq to make sure we have storage for fops/ident pair. * * Return 0 on success (or no work necessary), return errno on failure. * * Not calling hashinit w/ waitok (proper malloc flag) should be safe. * If kqueue_register is called from a non-fd context, there usually/should * be no locks held. */ static int kqueue_expand(struct kqueue *kq, struct filterops *fops, uintptr_t ident, int waitok) { struct klist *list, *tmp_knhash; + struct klist *to_free = NULL; u_long tmp_knhashmask; int size; int fd; int mflag = waitok ? M_WAITOK : M_NOWAIT; KQ_NOTOWNED(kq); if (fops->f_isfd) { fd = ident; if (kq->kq_knlistsize <= fd) { size = kq->kq_knlistsize; while (size <= fd) size += KQEXTENT; list = malloc(size * sizeof(*list), M_KQUEUE, mflag); if (list == NULL) return ENOMEM; KQ_LOCK(kq); if (kq->kq_knlistsize > fd) { - free(list, M_KQUEUE); + to_free = list; list = NULL; } else { if (kq->kq_knlist != NULL) { bcopy(kq->kq_knlist, list, kq->kq_knlistsize * sizeof list); - free(kq->kq_knlist, M_KQUEUE); + to_free = kq->kq_knlist; kq->kq_knlist = NULL; } bzero((caddr_t)list + kq->kq_knlistsize * sizeof list, (size - kq->kq_knlistsize) * sizeof list); kq->kq_knlistsize = size; kq->kq_knlist = list; } KQ_UNLOCK(kq); } } else { if (kq->kq_knhashmask == 0) { tmp_knhash = hashinit(KN_HASHSIZE, M_KQUEUE, &tmp_knhashmask); if (tmp_knhash == NULL) return ENOMEM; KQ_LOCK(kq); if (kq->kq_knhashmask == 0) { kq->kq_knhash = tmp_knhash; kq->kq_knhashmask = tmp_knhashmask; } else { - free(tmp_knhash, M_KQUEUE); + to_free = tmp_knhash; } KQ_UNLOCK(kq); } } + if (to_free != NULL) + free(to_free, M_KQUEUE); + KQ_NOTOWNED(kq); return 0; } static void kqueue_task(void *arg, int pending) { struct kqueue *kq; int haskqglobal; haskqglobal = 0; kq = arg; KQ_GLOBAL_LOCK(&kq_global, haskqglobal); KQ_LOCK(kq); >Release-Note: >Audit-Trail: >Unformatted: