GENERIC HEAD from 2009-04-16 11:57:16 UTC, r191144M, No vmcore KDB: debugger backends: ddb KDB: current backend: ddb 524288K of memory above 4GB ignored Copyright (c) 1992-2009 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.0-CURRENT #3 r191144M: Fri Apr 17 21:38:18 CEST 2009 pho@x4.osted.lan:/usr/src/sys/i386/compile/PHO WARNING: WITNESS option enabled, expect reduced performance. WARNING: DIAGNOSTIC option enabled, expect reduced performance. Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: AMD Phenom(tm) 9150e Quad-Core Processor (1799.99-MHz 686-class CPU) Origin = "AuthenticAMD" Id = 0x100f23 Stepping = 3 Features=0x178bfbff Features2=0x802009 AMD Features=0xee500800 AMD Features2=0x7ff TSC: P-state invariant Cores per package: 4 real memory = 4294967296 (4096 MB) avail memory = 3539959808 (3375 MB) : Trying to mount root from ufs:/dev/ad4s1a Entropy harvesting: interrupts ethernet point_to_point kickstart. GEOM_LABEL: Label ufsid/48f38e3c5b611e96 removed. /dev/ad4s1a: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad4s1a: clean, 253892 free (2252 frags, 31G455 blocks, 0.2%EOM_LABEL fragmentation): Labe l for provider ad4s1a is ufsid/48f38e3c5b611e96. GEOM_LABEL: Label ufsid/48f38e3cff1ca3a5 removed. /dev/ad4s1e: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad4s1e: clean, 50338126 frGEOM_LABEL:ee (1534 frags, 6292074 blocks, Label for provider ad4s1e is ufsid/48f38e3cff1ca3a5.0.0% fragmentati on) GEOM_LABEL: Label ufsid/48f38e47737647c8 removed. /dev/ad4s1f: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad4s1f: clean, 8890327 free (169255 frags,GEOM_LABEL: 1090134 blocks, 0.8% fragmentatLabel for provider ad4s1f is ufsid/48f38e47737647c8.ion) GEOM_LABEL: Label ufsid/48f38e4956403ff8 removed. /dev/ad4s1d: FILGEOM_LABEL:E SYSTEM CLEAN; SKIPPING CHECKSLabel for provider ad4s1d is ufsid/48f38e4956403ff8. /dev/ad4s1d: cl ean, 28662001 free (95609 frags, 3570799 blocks, 0.2% fragmentation) GEOM_LABEL: Label ufsid/48f38e3c5b611e96 removed. GEOM_LABEL: Label ufsid/48f38e3cff1ca3a5 removed. GEOM_LABEL: Label ufsid/48f38e47737647c8 removed. GEOM_LABEL: Label ufsid/48f38e4956403ff8 removed. re0: link state changed to DOWN Starting Network: lo0 re0. add net default: gateway 192.168.1.1 Additional ABI support: linux. lock order reversal: 1st 0xdad13cf0 bufwait (bufwait) @ kern/vfs_bio.c:2555 2nd 0xc72f6000 dirhash (dirhash) @ ufs/ufs/ufs_dirhash.c:275 KDB: stack backtrace: db_trace_self_wrapper(c0c36617,e9af987c,c0898d65,c088aaab,c0c394ce,...) at db_trace_self_wrapper+0x26 kdb_backtrace(c088aaab,c0c394ce,c6d25a80,c6d290f0,e9af98d8,...) at kdb_backtrace+0x29 _witness_debugger(c0c394ce,c72f6000,c0c58e5a,c6d290f0,c0c58b00,...) at _witness_debugger+0x25 witness_checkorder(c72f6000,9,c0c58af7,113,0,...) at witness_checkorder+0x839 _sx_xlock(c72f6000,0,c0c58af7,113,c742b0f8,...) at _sx_xlock+0x85 ufsdirhash_acquire(dad13c90,e9af9a20,28,db631dec,e9af99a8,...) at ufsdirhash_acquire+0x48 ufsdirhash_add(c742b0f8,e9af9a20,dec,e9af9994,e9af9998,...) at ufsdirhash_add+0x13 ufs_direnter(c742c6b8,c75ea408,e9af9a20,e9af9c04,dad14164,...) at ufs_direnter+0x779 ufs_mkdir(e9af9c28,c0c6d72d,0,e9af9bd8,e9af9b70,...) at ufs_mkdir+0x977 VOP_MKDIR_APV(c0d38680,e9af9c28,eab,ea9,0,...) at VOP_MKDIR_APV+0xc5 kern_mkdirat(c7735460,ffffff9c,bfbfef5a,0,1ff,...) at kern_mkdirat+0x23b kern_mkdir(c7735460,bfbfef5a,0,1ff,e9af9d2c,...) at kern_mkdir+0x2e mkdir(c7735460,e9af9cf8,8,c0c39d80,c0d17840,...) at mkdir+0x29 syscall(e9af9d38) at syscall+0x2b4 Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (136, FreeBSD ELF32, mkdir), eip = 0x2815fea3, esp = 0xbfbfed6c, ebp = 0xbfbfee38 --- Starting mountd. Configuring syscons: keymap blanktime. Local package initialization: watchdogd. Fri Apr 17 21:42:23 CEST 2009 FreeBSD/i386 (x4.osted.lan) (console) login: Apr 17 21:43:39 x4 su: pho to root on /dev/pts/0 lock order reversal: 1st 0xc7a22058 ufs (ufs) @ kern/vfs_lookup.c:490 2nd 0xdad3f430 bufwait (bufwait) @ ufs/ffs/ffs_softdep.c:6150 3rd 0xc844dc70 ufs (ufs) @ kern/vfs_subr.c:2101 KDB: stack backtrace: db_trace_self_wrapper(c0c36617,e9b1414c,c0898d65,c088aaab,c0c394e7,...) at db_trace_self_wrapper+0x26 kdb_backtrace(c088aaab,c0c394e7,c6d25a80,c6d29088,e9b141a8,...) at kdb_backtrace+0x29 _witness_debugger(c0c394e7,c844dc70,c0c2cb83,c6d29088,c0c4024e,...) at _witness_debugger+0x25 witness_checkorder(c844dc70,9,c0c40245,835,0,...) at witness_checkorder+0x839 __lockmgr_args(c844dc70,80100,c844dcd8,0,0,...) at __lockmgr_args+0x7a7 ffs_lock(e9b142b4,c0898b0b,c0c3f8e4,80100,c844dc18,...) at ffs_lock+0xa1 VOP_LOCK1_APV(c0d38680,e9b142b4,c77340a4,c0d51220,c844dc18,...) at VOP_LOCK1_APV+0xa5 _vn_lock(c844dc18,80100,c0c40245,835,4,...) at _vn_lock+0x78 vget(c844dc18,80100,c7734000,50,0,...) at vget+0xc9 vfs_hash_get(c75d7598,958055,80000,c7734000,e9b14410,...) at vfs_hash_get+0xed ffs_vgetf(c75d7598,958055,80000,e9b14410,1,...) at ffs_vgetf+0x49 softdep_sync_metadata(c7a22000,0,c0c58747,131,0,...) at softdep_sync_metadata+0x5ba ffs_syncvnode(c7a22000,1,c7734000,e9b144d0,246,...) at ffs_syncvnode+0x3e2 ffs_truncate(c7a22000,200,0,880,c6d3e300,...) at ffs_truncate+0x696 ufs_direnter(c7a22000,c844dc18,e9b1478c,e9b14a8c,daf230e8,...) at ufs_direnter+0x946 ufs_mkdir(e9b14ab0,c0c6d72d,e9b149f8,e9b14a60,e9b14ab0,...) at ufs_mkdir+0x977 VOP_MKDIR_APV(c0d38680,e9b14ab0,e9b14adc,d,0,...) at VOP_MKDIR_APV+0xc5 nfsrv_mkdir(e9b14bb0,0,e9b14ba8,0,c7d88800,...) at nfsrv_mkdir+0x5f5 nfssvc_program(c7d88800,c7ee6e00,c0c54bb7,486,e9b14cdc,...) at nfssvc_program+0x395 svc_run_internal(e9b14d24,c08359e8,c70ead80,e9b14d38,c0c2f2fc,...) at svc_run_internal+0x942 svc_thread_start(c70ead80,e9b14d38,c0c2f2fc,32d,c73d1000,...) at svc_thread_start+0x10 fork_exit(c0a3d5f0,c70ead80,e9b14d38) at fork_exit+0xb8 fork_trampoline() at fork_trampoline+0x8 --- trap 0, eip = 0xc, esp = 0x33, ebp = 0 --- Expensive timeout(9) function: 0xc088f440(0xc746caf0) 0.039502077 s Expensive timeout(9) function: 0xc088f440(0xc6d75460) 0.091842247 s Limiting icmp unreach response from 157972 to 200 packets/sec Limiting icmp unreach response from 157659 to 200 packets/sec Limiting icmp unreach response from 158389 to 200 packets/sec Limiting icmp unreach response from 153537 to 200 packets/sec Limiting icmp unreach response from 80315 to 200 packets/sec Limiting icmp unreach response from 32647 to 200 packets/sec Limiting icmp unreach response from 64578 to 200 packets/sec Limiting icmp unreach response from 26810 to 200 packets/sec Limiting icmp unreach response from 20876 to 200 packets/sec Limiting icmp unreach response from 24745 to 200 packets/sec Limiting icmp unreach response from 23177 to 200 packets/sec Limiting icmp unreach response from 25289 to 200 packets/sec Limiting icmp unreach response from 15478 to 200 packets/sec Limiting icmp unreach response from 45085 to 200 packets/sec Limiting icmp unreach response from 23716 to 200 packets/sec Limiting icmp unreach response from 31823 to 200 packets/sec Limiting icmp unreach response from 42564 to 200 packets/sec Limiting icmp unreach response from 41607 to 200 packets/sec Limiting icmp unreach response from 40081 to 200 packets/sec Limiting icmp unreach response from 63371 to 200 packets/sec Limiting icmp unreach response from 49332 to 200 packets/sec Limiting icmp unreach response from 45053 to 200 packets/sec Limiting icmp unreach response from 49595 to 200 packets/sec Limiting icmp unreach response from 29636 to 200 packets/sec Limiting icmp unreach response from 94154 to 200 packets/sec Expensive timeout(9) function: 0xc0716250(0xc6f88000) 0.135433541 s Limiting icmp unreach response from 33485 to 200 packets/sec Limiting icmp unreach response from 41906 to 200 packets/sec Limiting icmp unreach response from 45199 to 200 packets/sec Limiting icmp unreach response from 43535 to 200 packets/sec Limiting icmp unreach response from 34727 to 200 packets/sec Limiting icmp unreach response from 36868 to 200 packets/sec Limiting icmp unreach response from 50126 to 200 packets/sec Limiting icmp unreach response from 30185 to 200 packets/sec Limiting icmp unreach response from 735 to 200 packets/sec Limiting icmp unreach response from 39516 to 200 packets/sec Limiting icmp unreach response from 90898 to 200 packets/sec Limiting icmp unreach response from 102714 to 200 packets/sec Limiting icmp unreach response from 82289 to 200 packets/sec Limiting icmp unreach response from 88413 to 200 packets/sec Limiting icmp unreach response from 61155 to 200 packets/sec Limiting icmp unreach response from 105015 to 200 packets/sec Limiting icmp unreach response from 89950 to 200 packets/sec Limiting icmp unreach response from 78449 to 200 packets/sec Limiting icmp unreach response from 74062 to 200 packets/sec Limiting icmp unreach response from 86392 to 200 packets/sec Limiting icmp unreach response from 15186 to 200 packets/sec Limiting icmp unreach response from 3603 to 200 packets/sec Limiting icmp unreach response from 233 to 200 packets/sec Limiting icmp unreach response from 250 to 200 packets/sec Limiting icmp unreach response from 30873 to 200 packets/sec Limiting icmp unreach response from 33288 to 200 packets/sec Limiting icmp unreach response from 48754 to 200 packets/sec Limiting icmp unreach response from 33748 to 200 packets/sec Limiting icmp unreach response from 34878 to 200 packets/sec Limiting icmp unreach response from 38415 to 200 packets/sec Limiting icmp unreach response from 30794 to 200 packets/sec Limiting icmp unreach response from 34313 to 200 packets/sec Limiting icmp unreach response from 42275 to 200 packets/sec Limiting icmp unreach response from 34026 to 200 packets/sec Limiting icmp unreach response from 30098 to 200 packets/sec Limiting icmp unreach response from 42929 to 200 packets/sec Limiting icmp unreach response from 44560 to 200 packets/sec Limiting icmp unreach response from 41045 to 200 packets/sec Limiting icmp unreach response from 39677 to 200 packets/sec Limiting icmp unreach response from 36362 to 200 packets/sec Limiting icmp unreach response from 41303 to 200 packets/sec Limiting icmp unreach response from 36241 to 200 packets/sec Limiting icmp unreach response from 44396 to 200 packets/sec Limiting icmp unreach response from 45990 to 200 packets/sec Limiting icmp unreach response from 41113 to 200 packets/sec Limiting icmp unreach response from 36332 to 200 packets/sec Limiting icmp unreach response from 42101 to 200 packets/sec Limiting icmp unreach response from 29768 to 200 packets/sec Limiting icmp unreach response from 46711 to 200 packets/sec Limiting icmp unreach response from 48141 to 200 packets/sec Limiting icmp unreach response from 40951 to 200 packets/sec Limiting icmp unreach response from 40002 to 200 packets/sec Limiting icmp unreach response from 53181 to 200 packets/sec Limiting icmp unreach response from 33378 to 200 packets/sec Limiting icmp unreach response from 38970 to 200 packets/sec Limiting icmp unreach response from 46150 to 200 packets/sec Limiting icmp unreach response from 56650 to 200 packets/sec Limiting icmp unreach response from 35206 to 200 packets/sec Limiting icmp unreach response from 64271 to 200 packets/sec Limiting icmp unreach response from 39096 to 200 packets/sec Limiting icmp unreach response from 34329 to 200 packets/sec Limiting icmp unreach response from 16409 to 200 packets/sec witness_lock_list_get: witness exhausted panic: vm_page_dirty: 0xc2abfa38 not fully valid cpuid = 2 KDB: enter: panic [thread pid 9 tid 100062 ] Stopped at kdb_enter+0x3a: movl $0,kdb_why db:0:kdb.enter.panic> run pho db:1:pho> bt Tracing pid 9 tid 100062 td 0xc70e9460 kdb_enter(c0c33328,c0c33328,c0c5bd8e,e77f4c34,2,...) at kdb_enter+0x3a panic(c0c5bd8e,c2abfa38,e77f4cf8,c0aa1d8f,c2abfa38,...) at panic+0x136 vm_page_dirty(c2abfa38,80,c0c5c30e,303,1388,...) at vm_page_dirty+0x46 vm_pageout(0,e77f4d38,c0c2f2fc,32d,c72e17ec,...) at vm_pageout+0x9ff fork_exit(c0aa1390,0,e77f4d38) at fork_exit+0xb8 fork_trampoline() at fork_trampoline+0x8 --- trap 0, eip = 0, esp = 0xe77f4d70, ebp = 0 --- db:1:bt> show allpcpu Current CPU: 2 cpuid = 0 curthread = 0xc7cb58c0: pid 5788 "swap" curpcb = 0xe9ce8d90 fpcurthread = none idlethread = 0xc6d73460: pid 11 "idle: cpu0" APIC ID = 0 currentldt = 0x50 spin locks held: cpuid = 1 curthread = 0xc79de8c0: pid 5815 "syscall" curpcb = 0xe9bbcd90 fpcurthread = none idlethread = 0xc6d73690: pid 11 "idle: cpu1" APIC ID = 1 currentldt = 0x50 spin locks held: cpuid = 2 curthread = 0xc70e9460: pid 9 "pagedaemon" curpcb = 0xe77f4d90 fpcurthread = none idlethread = 0xc6d738c0: pid 11 "idle: cpu2" APIC ID = 2 currentldt = 0x50 spin locks held: cpuid = 3 curthread = 0xc746caf0: pid 5836 "umount" curpcb = 0xe9a3ed90 fpcurthread = none idlethread = 0xc6d73af0: pid 11 "idle: cpu3" APIC ID = 3 currentldt = 0x50 spin locks held: db:1:allpcpu> show alllocks Process 1133 (sshd) thread 0xc786c230 (100133) db:1:alllocks> show lockedvnods Locked vnodes 0xc7191d70: tag ufs, type VDIR usecount 235, writecount 0, refcount 237 mountedhere 0 flags (VV_ROOT) v_object 0xc739026c ref 0 pages 0 lock type ufs: SHARED (count 1) #0 0xc08428a2 at __lockmgr_args+0x582 #1 0xc0a72eb1 at ffs_lock+0xa1 #2 0xc0b77495 at VOP_LOCK1_APV+0xa5 #3 0xc08f0a38 at _vn_lock+0x78 #4 0xc08d85bf at lookup+0xef #5 0xc08d97ab at namei+0x4fb #6 0xc08f0736 at vn_open_cred+0x286 #7 0xc08f09b3 at vn_open+0x33 #8 0xc08ee2d8 at kern_openat+0x108 #9 0xc08ee7c5 at kern_open+0x35 #10 0xc08ee800 at open+0x30 #11 0xc0b69564 at syscall+0x2b4 #12 0xc0b4d940 at Xint0x80_syscall+0x20 ino 2, on dev ad4s1a 0xc783b408: tag ufs, type VDIR usecount 1, writecount 0, refcount 2 mountedhere 0xc75dc000 flags () v_object 0xc772207c ref 0 pages 0 lock type ufs: EXCL by thread 0xc746caf0 (pid 5836) with shared waiters pending #0 0xc0842ea0 at __lockmgr_args+0xb80 #1 0xc0a72eb1 at ffs_lock+0xa1 #2 0xc0b77495 at VOP_LOCK1_APV+0xa5 #3 0xc08f0a38 at _vn_lock+0x78 #4 0xc08de27c at dounmount+0x8c #5 0xc08debef at unmount+0x2df #6 0xc0b69564 at syscall+0x2b4 #7 0xc0b4d940 at Xint0x80_syscall+0x20 ino 70657, on dev ad4s1a 0xc970ac18: tag nfs, type VREG usecount 0, writecount 0, refcount 1 mountedhere 0 flags (VI_DOOMED) v_object 0xc7fa0d14 ref 0 pages 0 lock type nfs: EXCL by thread 0xc746caf0 (pid 5836) #0 0xc0842ea0 at __lockmgr_args+0xb80 #1 0xc08d42b5 at vop_stdlock+0x65 #2 0xc0b77495 at VOP_LOCK1_APV+0xa5 #3 0xc08f0a38 at _vn_lock+0x78 #4 0xc08e7394 at vflush+0x144 #5 0xc0a0892e at nfs_unmount+0x3e #6 0xc08de672 at dounmount+0x482 #7 0xc08debef at unmount+0x2df #8 0xc0b69564 at syscall+0x2b4 #9 0xc0b4d940 at Xint0x80_syscall+0x20 $ svn diff /usr/src/sys Index: /usr/src/sys/nfsclient/nfs_bio.c =================================================================== --- /usr/src/sys/nfsclient/nfs_bio.c (revision 191144) +++ /usr/src/sys/nfsclient/nfs_bio.c (working copy) @@ -220,7 +220,7 @@ m->valid = 0; vm_page_set_validclean(m, 0, size - toff); /* handled by vm_fault now */ - /* vm_page_zero_invalid(m, TRUE); */ + vm_page_zero_invalid(m, TRUE); } else { /* * Read operation was short. If no error occured Index: /usr/src/sys/ufs/ufs/ufs_lookup.c =================================================================== --- /usr/src/sys/ufs/ufs/ufs_lookup.c (revision 191144) +++ /usr/src/sys/ufs/ufs/ufs_lookup.c (working copy) @@ -1235,20 +1235,45 @@ return (1); } +static int +ufs_dir_dd_ino(struct vnode *vp, struct ucred *cred, ino_t *dd_ino) +{ + struct dirtemplate dirbuf; + int error, namlen; + + if (vp->v_type != VDIR) + return (ENOTDIR); + error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf, + sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, + IO_NODELOCKED | IO_NOMACCHECK, cred, NOCRED, (int *)0, NULL); + if (error != 0) + return (error); +#if (BYTE_ORDER == LITTLE_ENDIAN) + if (OFSFMT(vp)) + namlen = dirbuf.dotdot_type; + else + namlen = dirbuf.dotdot_namlen; +#else + namlen = dirbuf.dotdot_namlen; +#endif + if (namlen != 2 || dirbuf.dotdot_name[0] != '.' || + dirbuf.dotdot_name[1] != '.') + return (ENOTDIR); + *dd_ino = dirbuf.dotdot_ino; + return (0); +} + /* * Check if source directory is in the path of the target directory. * Target is supplied locked, source is unlocked. * The target is always vput before returning. */ int -ufs_checkpath(source, target, cred) - struct inode *source, *target; - struct ucred *cred; +ufs_checkpath(struct inode *source, struct inode *target, struct ucred *cred) { - struct vnode *vp; - int error, namlen; - ino_t rootino; - struct dirtemplate dirbuf; + struct vnode *vp, *vp1; + int error; + ino_t rootino, dd_ino; vp = ITOV(target); if (target->i_number == source->i_number) { @@ -1261,43 +1286,39 @@ goto out; for (;;) { - if (vp->v_type != VDIR) { - error = ENOTDIR; + error = ufs_dir_dd_ino(vp, cred, &dd_ino); + if (error) break; + if (dd_ino == source->i_number) { + error = EINVAL; + break; } - error = vn_rdwr(UIO_READ, vp, (caddr_t)&dirbuf, - sizeof (struct dirtemplate), (off_t)0, UIO_SYSSPACE, - IO_NODELOCKED | IO_NOMACCHECK, cred, NOCRED, (int *)0, - (struct thread *)0); - if (error != 0) + if (dd_ino == rootino) break; -# if (BYTE_ORDER == LITTLE_ENDIAN) - if (OFSFMT(vp)) - namlen = dirbuf.dotdot_type; - else - namlen = dirbuf.dotdot_namlen; -# else - namlen = dirbuf.dotdot_namlen; -# endif - if (namlen != 2 || - dirbuf.dotdot_name[0] != '.' || - dirbuf.dotdot_name[1] != '.') { - error = ENOTDIR; + VOP_UNLOCK(vp, 0); + error = VFS_VGET(vp->v_mount, dd_ino, LK_EXCLUSIVE, &vp1); + if (error) { + vrele(vp); + vp = NULL; break; } - if (dirbuf.dotdot_ino == source->i_number) { - error = EINVAL; + error = vn_lock(vp, LK_EXCLUSIVE); + if (error) { + vput(vp1); + vp = NULL; break; } - if (dirbuf.dotdot_ino == rootino) - break; + /* Recheck that ".." still points to vp1 after relock of vp */ + error = ufs_dir_dd_ino(vp, cred, &dd_ino); vput(vp); - error = VFS_VGET(vp->v_mount, dirbuf.dotdot_ino, - LK_EXCLUSIVE, &vp); - if (error) { + if (error || dd_ino != VTOI(vp1)->i_number) { + vput(vp1); vp = NULL; + if (error == 0) + error = ENOENT; break; } + vp = vp1; } out: Index: /usr/src/sys/kern/vfs_cache.c =================================================================== --- /usr/src/sys/kern/vfs_cache.c (revision 191144) +++ /usr/src/sys/kern/vfs_cache.c (working copy) @@ -630,18 +630,26 @@ * to new parent vnode, otherwise continue with new * namecache entry allocation. */ - if ((ncp = dvp->v_cache_dd) != NULL) { - if (ncp->nc_flag & NCF_ISDOTDOT) { - KASSERT(ncp->nc_dvp == dvp, - ("wrong isdotdot parent")); + if ((ncp = dvp->v_cache_dd) != NULL && + (ncp->nc_flag & NCF_ISDOTDOT)) { + KASSERT(ncp->nc_dvp == dvp, + ("wrong isdotdot parent")); + if (ncp->nc_vp == vp) + goto skip_retarget; + if (ncp->nc_vp != NULL) TAILQ_REMOVE(&ncp->nc_vp->v_cache_dst, ncp, nc_dst); - TAILQ_INSERT_HEAD(&vp->v_cache_dst, - ncp, nc_dst); - ncp->nc_vp = vp; - CACHE_WUNLOCK(); - return; - } + else + TAILQ_REMOVE(&ncneg, ncp, nc_dst); + if (vp != NULL) + TAILQ_INSERT_HEAD(&vp->v_cache_dst, ncp, + nc_dst); + else + TAILQ_INSERT_TAIL(&ncneg, ncp, nc_dst); + ncp->nc_vp = vp; + skip_retarget: + CACHE_WUNLOCK(); + return; } dvp->v_cache_dd = NULL; SDT_PROBE(vfs, namecache, enter, done, dvp, "..", vp, Index: /usr/src/sys/vm/vm_pageout.c =================================================================== --- /usr/src/sys/vm/vm_pageout.c (revision 191144) +++ /usr/src/sys/vm/vm_pageout.c (working copy) @@ -1184,6 +1184,7 @@ struct proc *p, *bigproc; vm_offset_t size, bigsize; struct thread *td; + struct vmspace *vm; /* * We keep the process bigproc locked once we find it to keep anyone @@ -1205,7 +1206,7 @@ * If this is a system or protected process, skip it. */ if ((p->p_flag & P_SYSTEM) || (p->p_pid == 1) || - (p->p_flag & P_PROTECTED) || + (p->p_flag & P_PROTECTED) || (p->p_flag & P_INEXEC) || ((p->p_pid < 48) && (swap_pager_avail != 0))) { PROC_UNLOCK(p); continue; @@ -1233,14 +1234,21 @@ /* * get the process size */ - if (!vm_map_trylock_read(&p->p_vmspace->vm_map)) { + vm = vmspace_acquire_ref(p); + if (vm == NULL) { PROC_UNLOCK(p); continue; } + if (!vm_map_trylock_read(&vm->vm_map)) { + vmspace_free(vm); + PROC_UNLOCK(p); + continue; + } size = vmspace_swap_count(p->p_vmspace); - vm_map_unlock_read(&p->p_vmspace->vm_map); if (shortage == VM_OOM_MEM) - size += vmspace_resident_count(p->p_vmspace); + size += vmspace_resident_count(vm); + vm_map_unlock_read(&vm->vm_map); + vmspace_free(vm); /* * if the this process is bigger than the biggest one * remember it. @@ -1533,6 +1541,7 @@ struct rlimit rsslim; struct proc *p; struct thread *td; + struct vmspace *vm; int breakout, swapout_flags; while (TRUE) { @@ -1557,7 +1566,7 @@ * looked at this process, skip it. */ PROC_LOCK(p); - if (p->p_flag & (P_SYSTEM | P_WEXIT)) { + if (p->p_flag & (P_SYSTEM | P_WEXIT | P_INEXEC)) { PROC_UNLOCK(p); continue; } @@ -1595,13 +1604,19 @@ */ if ((p->p_flag & P_INMEM) == 0) limit = 0; /* XXX */ + vm = vmspace_acquire_ref(p); + if (vm == NULL) { + PROC_UNLOCK(p); + continue; + } PROC_UNLOCK(p); - size = vmspace_resident_count(p->p_vmspace); + size = vmspace_resident_count(vm); if (limit >= 0 && size >= limit) { vm_pageout_map_deactivate_pages( - &p->p_vmspace->vm_map, limit); + &vm->vm_map, limit); } + vmspace_free(vm); } sx_sunlock(&allproc_lock); } Index: /usr/src/sys/vm/vm_page.c =================================================================== --- /usr/src/sys/vm/vm_page.c (revision 191144) +++ /usr/src/sys/vm/vm_page.c (working copy) @@ -570,6 +570,7 @@ ("vm_page_dirty: page in cache!")); KASSERT(!VM_PAGE_IS_FREE(m), ("vm_page_dirty: page is free!")); + KASSERT(m->valid == VM_PAGE_BITS_ALL, ("vm_page_dirty: %p not fully valid", m)); m->dirty = VM_PAGE_BITS_ALL; } -- Test scenario: nfs3.sh