From owner-freebsd-current@FreeBSD.ORG  Sat Aug 11 20:55:39 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1B16816A420
	for <freebsd-current@freebsd.org>; Sat, 11 Aug 2007 20:55:39 +0000 (UTC)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.freebsd.org (Postfix) with ESMTP id 5341613C45D
	for <freebsd-current@freebsd.org>; Sat, 11 Aug 2007 20:55:37 +0000 (UTC)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id B310D48805; Sat, 11 Aug 2007 22:55:35 +0200 (CEST)
Received: from localhost (154.81.datacomsa.pl [195.34.81.154])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id A3126487FA;
	Sat, 11 Aug 2007 22:55:29 +0200 (CEST)
Date: Sat, 11 Aug 2007 22:54:37 +0200
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Max Laier <max@love2party.net>
Message-ID: <20070811205437.GA24731@garage.freebsd.pl>
References: <6eb82e0708111122g7e36b725h19ede889e4bbc9d6@mail.gmail.com>
	<20070811191835.GA28716@rot26.obsecurity.org>
	<200708112129.29751.max@love2party.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="tKW2IUtsqtDRztdT"
Content-Disposition: inline
In-Reply-To: <200708112129.29751.max@love2party.net>
User-Agent: Mutt/1.4.2.3i
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=3.0 tests=BAYES_00 autolearn=ham 
	version=3.0.4
Cc: freebsd-current@freebsd.org, Rong-en Fan <grafan@gmail.com>,
	Kris Kennaway <kris@obsecurity.org>
Subject: Re: panic: sleeping thread owns a non-sleepable lock
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2007 20:55:39 -0000


--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 11, 2007 at 09:29:23PM +0200, Max Laier wrote:
> On Saturday 11 August 2007, Kris Kennaway wrote:
> > On Sun, Aug 12, 2007 at 02:22:35AM +0800, Rong-en Fan wrote:
> > > I'm running 7.0-CURRENT as of  yesterday, and it's very easy
> > > to make it panic:
> > >
> > > Sleeping thread (tid 100065, pid 1066) owns a non-sleepable lock
> > > sched_switch(c50a1600,0,1,1c7a7e4,4217e5,...) at sched_switch+0x190
> > > mi_switch(1,0) at mi_switch+0x13f
> > > sleepq_switch(c50a1600,0,c078a4e2,21b,c07e3820,...) at
> > > sleepq_switch+0x87 sleepq_wait(c07e3820,0,c0770b7e,3,0,...) at
> > > sleepq_wait+0x36 _sx_xlock_hard(c07e3820,c50a1600,0,0,0,...) at
> > > _sx_xlock_hard+0x21d
> > > fr_checknatout(f9c7a8d0,f9c7a8cc,64,c57ad900,c4de7400,...) at
> > > fr_checknatout+0x29d
> > > fr_check(c8cc4644,14,c4de7400,1,f9c7a9b4,...) at fr_check+0x9b1
> > > fr_check_wrapper(0,f9c7a9b4,c4de7400,2,c54dab28,...) at
> > > fr_check_wrapper+0x3f
> > > pfil_run_hooks(c08057c0,f9c7aa4c,c4de7400,2,c54dab28,...) at
> > > pfil_run_hooks+0x74 ip_output(c8cc4600,0,f9c7aa10,0,0,...) at
> > > ip_output+0x913
> > > tcp_output(cae322d0,cb277200,0,0,0,...) at tcp_output+0x1106
> > > tcp_usr_send(c51e7318,0,cb277200,0,0,...) at tcp_usr_send+0x240
> > > kern_sendfile(c50a1600,f9c7acfc,0,0,0,...) at kern_sendfile+0x1037
> > > sendfile(c50a1600,f9c7acfc,20,16,f9c7ad2c,...) at sendfile+0xa8
> > > syscall(f9c7ad38) at syscall+0x315
> > > Xint0x80_syscall() at Xint0x80_syscall+0x20
> > > --- syscall (393, FreeBSD ELF32, sendfile), eip =3D 0x28290bff, esp =
=3D
> > > 0xbfbfc6ac, ebp =3D 0xbfbfe718 ---
> >
> > What is the lock it holds, and where is it acquired?
>=20
> My bet is on the pfil rwlock - accquired in pfil_run_hooks and tcbinfo /=
=20
> inp mtxs from tcp_output.  Nothing in the transmission path must use sx=
=20
> locks.  I keep on telling that.

It looks like a whole lot of complex code can be run with pfil rwlock
held. More complex code - harder to avoid sleeping. Is it not possible
to call ->pfil_func() without holding pfil rwlock? For example by
acquiring the lock, taking a hook, increasing its reference count so it
won't go away, dropping the lock and calling ->pfil_func() ?

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFGviINForvXbEpPzQRAnvMAJ4sM+ThlRSHetbefN0xTpQbEXY8/ACfahL2
sZ1A9COwMSj/glnM6/nnbvQ=
=yMK7
-----END PGP SIGNATURE-----

--tKW2IUtsqtDRztdT--