From owner-freebsd-current@FreeBSD.ORG Wed Jul 28 03:53:41 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5940016A4D3; Wed, 28 Jul 2004 03:53:41 +0000 (GMT) Received: from cs.rice.edu (cs.rice.edu [128.42.1.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30E5343D5A; Wed, 28 Jul 2004 03:53:41 +0000 (GMT) (envelope-from alc@cs.rice.edu) Received: from localhost (calypso.cs.rice.edu [128.42.1.127]) by cs.rice.edu (Postfix) with ESMTP id B84AA4AB9C; Tue, 27 Jul 2004 22:53:40 -0500 (CDT) Received: from cs.rice.edu ([128.42.1.30]) by localhost (calypso.cs.rice.edu [128.42.1.127]) (amavisd-new, port 10024) with LMTP id 07012-01-12; Tue, 27 Jul 2004 22:53:40 -0500 (CDT) Received: by cs.rice.edu (Postfix, from userid 19572) id 661DD4AB99; Tue, 27 Jul 2004 22:53:40 -0500 (CDT) Date: Tue, 27 Jul 2004 22:53:40 -0500 From: Alan Cox To: Robert Watson Message-ID: <20040728035340.GA18577@cs.rice.edu> References: <022801c47429$b8957420$471b3dd4@digiware.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2i X-Virus-Scanned: by amavis-20030616-p7 at cs.rice.edu cc: bzeeb+freebsd+lor@zabbadoz.net cc: jhb@FreeBSD.ORG cc: alc@FreeBSD.ORG cc: current@FreeBSD.ORG Subject: Re: Fatal LOR: PV ENTRY (UMA zone) @ /home2/src/sys/vm/uma_core.c:2033 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 03:53:41 -0000 The lock-order reversal that precedes this panic makes little sense: lock order reversal 1st 0xffffff007fed7c10 PV ENTRY (UMA zone) @ /home2/src/sys/vm/uma_core.c:2033 2nd 0xffffffff8063dce0 UMA pcpu (UMA pcpu) @ /home2/src/sys/vm/uma_core.c:2015 This corresponds to: void uma_zfree_arg(uma_zone_t zone, void *item, void *udata) { ... zfree_restart: cpu = PCPU_GET(cpuid); CPU_LOCK(cpu); *** 2nd *** cache = &zone->uz_cpu[cpu]; zfree_start: bucket = cache->uc_freebucket; if (bucket) { /* * Do we have room in our bucket? It is OK for this uz count * check to be slightly out of sync. */ if (bucket->ub_cnt < bucket->ub_entries) { KASSERT(bucket->ub_bucket[bucket->ub_cnt] == NULL, ("uma_zfree: Freeing to non free bucket index.")); bucket->ub_bucket[bucket->ub_cnt] = item; bucket->ub_cnt++; #ifdef INVARIANTS ZONE_LOCK(zone); *** 1st *** if (keg->uk_flags & UMA_ZONE_MALLOC) uma_dbg_free(zone, udata, item); else uma_dbg_free(zone, NULL, item); ZONE_UNLOCK(zone); #endif CPU_UNLOCK(cpu); return; So, whereas Giant isn't held and it should be, the pv zone lock is held and it shouldn't be. Even with preemption, it's hard to see how we would wind up in namei() with the pv zone lock still held. Alan