Index: sys/kern/sched_ule.c
===================================================================
--- sys/kern/sched_ule.c	(revision 202744)
+++ sys/kern/sched_ule.c	(working copy)
@@ -1822,18 +1822,24 @@
 	 */
 	spinlock_enter();
 	thread_block_switch(td);	/* This releases the lock on tdq. */
-	TDQ_LOCK(tdn);
-	tdq_add(tdn, td, flags);
-	tdq_notify(td->td_sched);
+
 	/*
-	 * After we unlock tdn the new cpu still can't switch into this
-	 * thread until we've unblocked it in cpu_switch().  The lock
-	 * pointers may match in the case of HTT cores.  Don't unlock here
-	 * or we can deadlock when the other CPU runs the IPI handler.
+	 * Acquire both run-queue locks before placing the thread on the new
+	 * run-queue to avoid deadlocks created by placing a thread with a
+	 * blocked lock on the run-queue of a remote processor.  The deadlock
+	 * occurs when a third processor attempts to lock the two queues in
+	 * question while the target processor is spinning with its own
+	 * run-queue lock held while waiting for the blocked lock to clear.
 	 */
-	if (TDQ_LOCKPTR(tdn) != TDQ_LOCKPTR(tdq)) {
+	if (TDQ_LOCKPTR(tdn) == TDQ_LOCKPTR(tdq)) {
+		TDQ_LOCK(tdq);
+		tdq_add(tdn, td, flags);
+		tdq_notify(td->td_sched);
+	} else {
+		tdq_lock_pair(tdn, tdq);
+		tdq_add(tdn, td, flags);
+		tdq_notify(td->td_sched);
 		TDQ_UNLOCK(tdn);
-		TDQ_LOCK(tdq);
 	}
 	spinlock_exit();
 #endif