On Mon, Jan 25, 2010 at 07:07:00PM +1100, Peter Jeremy
wrote:> I had the following crop up recently in 8-STABLE/amd64 from end of
> November. It's been reported as kern/143184.
Basically, page containing the buffer for read(2) is swapped out.
This causes page fault in copyout(9) and entry into vm subsystem
while zfs vnode lock is held.
If the buffer is backed by e.g. UFS vnode instead of anonymous
memory, you would get UFS/zfs LOR.
The problem is generic, I am working on the solution in collaboration
with Peter Holm, basing on the Jeff Roberson idea.
>
> lock order reversal:
> 1st 0xffffff002f7fb270 zfs (zfs) @ /usr/src/sys/kern/vfs_vnops.c:533
> 2nd 0xffffff80803a26e0 bufwait (bufwait) @ /usr/src/sys/vm/vm_pager.c:311
> KDB: stack backtrace:
> db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
> _witness_debugger() at _witness_debugger+0x2c
> witness_checkorder() at witness_checkorder+0x66f
> __lockmgr_args() at __lockmgr_args+0x475
> initpbuf() at initpbuf+0xb9
> getpbuf() at getpbuf+0xdc
> swap_pager_getpages() at swap_pager_getpages+0x1aa
> vm_fault() at vm_fault+0x5f7
> trap_pfault() at trap_pfault+0x128
> trap() at trap+0x379
> calltrap() at calltrap+0x8
> --- trap 0xc, rip = 0xffffffff8049497b, rsp = 0xffffff809a427830, rbp =
0xffffff809a4278b0 ---
> copyout() at copyout+0x3b
> dmu_read_uio() at dmu_read_uio+0x98
> zfs_freebsd_read() at zfs_freebsd_read+0x56f
> VOP_READ_APV() at VOP_READ_APV+0x44
> vn_read() at vn_read+0x149
> dofileread() at dofileread+0xa1
> kern_readv() at kern_readv+0x60
> read() at read+0x55
> syscall() at syscall+0x1ac
> Xfast_syscall() at Xfast_syscall+0xe1
> --- syscall (3, FreeBSD ELF64, read), rip = 0x8008ce86c, rsp =
0x7ffffffeb718, rbp = 0x805b41d18 ---
>
> --
> Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100125/644d791a/attachment.pgp