From owner-freebsd-current@FreeBSD.ORG Wed Jan 18 21:52:28 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97FD316A41F; Wed, 18 Jan 2006 21:52:28 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from speedfactory.net (mail6.speedfactory.net [66.23.216.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFE8843D5C; Wed, 18 Jan 2006 21:52:26 +0000 (GMT) (envelope-from jhb@freebsd.org) Received: from server.baldwin.cx (unverified [66.23.211.162]) by speedfactory.net (SurgeMail 3.5b3) with ESMTP id 6389486 for multiple; Wed, 18 Jan 2006 16:53:24 -0500 Received: from localhost (john@localhost [127.0.0.1]) by server.baldwin.cx (8.13.4/8.13.4) with ESMTP id k0ILqMfh057429; Wed, 18 Jan 2006 16:52:22 -0500 (EST) (envelope-from jhb@freebsd.org) From: John Baldwin To: freebsd-current@freebsd.org Date: Wed, 18 Jan 2006 16:52:56 -0500 User-Agent: KMail/1.9.1 References: <20060118070549.GA617@xor.obsecurity.org> In-Reply-To: <20060118070549.GA617@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200601181652.59407.jhb@freebsd.org> X-Virus-Scanned: ClamAV 0.87.1/1245/Wed Jan 18 11:57:44 2006 on server.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-1.4 required=4.2 tests=ALL_TRUSTED autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on server.baldwin.cx X-Server: High Performance Mail Server - http://surgemail.com r=1653887525 Cc: current@freebsd.org, Kris Kennaway Subject: Re: System call munmap returning with the following locks held: Giant X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jan 2006 21:52:28 -0000 On Wednesday 18 January 2006 02:05, Kris Kennaway wrote: > I ran some code of ups@ that essentially does mmap/munmap of created > files, which I ran on a nfs-mounted filesystem. At the same time I > was running umount -f on that filesystem in a loop (this was all to > try and provoke another umount -f panic I'm seeing). It quickly > panicked with this: > > System call munmap returning with the following locks held: > exclusive sleep mutex Giant r = 0 (0xc07ea408) locked @ vm/vm_object.c:449 > panic: witness_warn > cpuid = 1 > KDB: enter: panic > [thread pid 3045 tid 100101 ] > Stopped at kdb_enter+0x30: leave > db> wh > Tracing pid 3045 tid 100101 td 0xc9627000 > kdb_enter(c071c7f5,1,c0720ca2,f7a46c64,c9627000) at kdb_enter+0x30 > panic(c0720ca2,f7a46c8c,1,2,c9627000) at panic+0x13f > witness_warn(2,0,c073c410,c07214aa,c9922318) at witness_warn+0x16a > syscall(3b,3b,3b,2804ebb6,bfbfe8a8) at syscall+0x56d > Xint0x80_syscall() at Xint0x80_syscall+0x1f > --- syscall (0, FreeBSD ELF32, nosys), eip = 0x28127e7f, esp = 0xbfbfe7fc, > ebp = 0xbfbfe828 --- db> I sent this to you on IRC, but for the archives, here's a possible fix. It looks like vm_object_deallocate() never unlocks Giant if it locks it, and the leak would only happen if mpsafevfs=0 or you are using a non-safe filesystem: Index: vm_object.c =================================================================== RCS file: /usr/cvs/src/sys/vm/vm_object.c,v retrieving revision 1.353 diff -u -r1.353 vm_object.c --- vm_object.c 31 Dec 2005 14:39:20 -0000 1.353 +++ vm_object.c 18 Jan 2006 18:50:40 -0000 @@ -467,6 +467,7 @@ object->ref_count--; if (object->ref_count > 1) { VM_OBJECT_UNLOCK(object); + VFS_UNLOCK_GIANT(vfslocked); return; } else if (object->ref_count == 1) { if (object->shadow_count == 0) { @@ -495,6 +496,7 @@ * Let the lower priority thread run. */ tsleep(&proc0, PVM, "vmo_de", 1); + MPASS(vfslocked == 0); continue; } /* @@ -535,11 +537,13 @@ object = robject; vm_object_collapse(object); VM_OBJECT_UNLOCK(object); + MPASS(vfslocked == 0); continue; } VM_OBJECT_UNLOCK(robject); } VM_OBJECT_UNLOCK(object); + MPASS(vfslocked == 0); return; } doterm: @@ -562,6 +566,7 @@ else VM_OBJECT_UNLOCK(object); object = temp; + VFS_UNLOCK_GIANT(vfslocked); } } -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.org