From owner-freebsd-hackers@FreeBSD.ORG Fri Feb 3 12:48:14 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AED4516A422 for ; Fri, 3 Feb 2006 12:48:14 +0000 (GMT) (envelope-from kostikbel@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71F3743D6B for ; Fri, 3 Feb 2006 12:48:09 +0000 (GMT) (envelope-from kostikbel@gmail.com) Received: by uproxy.gmail.com with SMTP id j3so251968ugf for ; Fri, 03 Feb 2006 04:48:08 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=PbP5e0b9U9xg5ecmd9kBC8Rk2RPC3U54xmZqz9JQ01yFddbuMjf+DnwR06JBj+Uqkh+rlufNsRG1N5Vx4lDONqfZR+9kytxOqc7bDr+Ck+Ae4i7ya7kFCWjv3hwslORBX6xfQSy2JZ4Gbt1ATwFThjP4qD+Sko4MnhA1/AXrg0c= Received: by 10.49.36.13 with SMTP id o13mr484906nfj; Fri, 03 Feb 2006 04:48:06 -0800 (PST) Received: by 10.48.230.8 with HTTP; Fri, 3 Feb 2006 04:48:06 -0800 (PST) Message-ID: Date: Fri, 3 Feb 2006 14:48:06 +0200 From: Kostik Belousov To: freebsd-hackers@freebsd.org, jeff@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Cc: Subject: [patch] GIANT and fchdir X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Feb 2006 12:48:14 -0000 I have a system where root is on MP-safe UFS, and have (MP-unsafe) fdescfs mounted at /dev/fd. Doing "find /" causes panic in line 2029 of the sys/kern/vfs_subr.c, namely, in vrele() assertion VFS_ASSERT_GIANT(vp->v_mount); Trace shows that the guilty process (find) did the fchdir syscall. Reason for the panic is call vrele(vpold) in kern/vfs_syscalls.c, line 718 without calling VFS_LOCK_GIANT for vpold. Problem is quite similar to what was fixed several days ago for chroot and chdir. The following small patch fixes the panic: Index: sys/kern/vfs_syscalls.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/local/arch/ncvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.402 diff -u -r1.402 vfs_syscalls.c --- sys/kern/vfs_syscalls.c 1 Feb 2006 09:30:44 -0000 1.402 +++ sys/kern/vfs_syscalls.c 3 Feb 2006 12:47:13 -0000 @@ -715,6 +715,8 @@ vpold =3D fdp->fd_cdir; fdp->fd_cdir =3D vp; FILEDESC_UNLOCK_FAST(fdp); + VFS_UNLOCK_GIANT(vfslocked); + vfslocked =3D VFS_LOCK_GIANT(vpold->v_mount); vrele(vpold); VFS_UNLOCK_GIANT(vfslocked); return (0); It seems that the issue is present in 6-STABLE too. Best regards, Kostik Belousov. P.S. Also, I got a bunch of the lockmgr messages about thread unlocking unheld locks with traces pointed at kern_lstat. It seems related to the fact that / dir appears as one of the fd's in /dev/fd. I'm currently looking in the problem.