293492 – p9fs: VNASSERT failed: locked not true at /usr/src/sys/kern/vfs_subr.c:5816 (assert_vop_elocked)

Bug 293492 - p9fs: VNASSERT failed: locked not true at /usr/src/sys/kern/vfs_subr.c:5816 (assert_vop_elocked)

Summary: p9fs: VNASSERT failed: locked not true at /usr/src/sys/kern/vfs_subr.c:5816 (...

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	16.0-CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-fs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2026-02-27 17:12 UTC by Gleb Popov
Modified:	2026-03-05 12:39 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gleb Popov freebsd_committer

2026-02-27 17:12:02 UTC

Playing with p9fs and bhyve I've the following crash:

VNASSERT failed: locked not true at /usr/src/sys/kern/vfs_subr.c:5816 (assert_vop_elocked)
0xfffff80026d99898: type VREG state VSTATE_CONSTRUCTED op 0xffffffff827a5480
    usecount 1, writecount 0, refcount 1 seqc users 0
    hold count flags ()
    flags ()
    v_object 0xfffff8002ae61870 ref 0 pages 0 cleanbuf 0 dirtybuf 0
    lock type p9fs: SHARED (count 1)
panic: vnode_pager_setsize and not locked vnode: vnode is not exclusive locked but should be
cpuid = 0
time = 1772222915
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe004ad75630
vpanic() at vpanic+0x136/frame 0xfffffe004ad75760
panic() at panic+0x43/frame 0xfffffe004ad757c0
assert_vop_elocked() at assert_vop_elocked+0x86/frame 0xfffffe004ad757f0
vnode_pager_setsize() at vnode_pager_setsize+0x3c/frame 0xfffffe004ad75830
p9fs_stat_vnode_dotl() at p9fs_stat_vnode_dotl+0x45/frame 0xfffffe004ad75860
p9fs_reload_stats_dotl() at p9fs_reload_stats_dotl+0xfe/frame 0xfffffe004ad758a0
p9fs_vget_common() at p9fs_vget_common+0x10b/frame 0xfffffe004ad75950
p9fs_lookup() at p9fs_lookup+0x4ad/frame 0xfffffe004ad75aa0
VOP_LOOKUP_APV() at VOP_LOOKUP_APV+0x57/frame 0xfffffe004ad75ad0
vfs_lookup() at vfs_lookup+0x5aa/frame 0xfffffe004ad75b60
namei() at namei+0x35d/frame 0xfffffe004ad75bc0
kern_statat() at kern_statat+0x13c/frame 0xfffffe004ad75d00
sys_fstatat() at sys_fstatat+0x27/frame 0xfffffe004ad75e00
amd64_syscall() at amd64_syscall+0x169/frame 0xfffffe004ad75f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe004ad75f30
--- syscall (552, FreeBSD ELF64, fstatat), rip = 0x988ea977a0a, rsp = 0x988e7ecf6d8, rbp = 0x988e7ecf800 ---
KDB: enter: panic
[ thread pid 5748 tid 100113 ]
Stopped at      kdb_enter+0x33: movq    $0,0x15ea8a2(%rip)

Comment 1 Konstantin Belousov freebsd_committer

2026-02-28 16:37:18 UTC

This is systematic issue with our networking file systems.
I handled this once for nfs client, and propose to generalize the infra to reuse
the same solution for other filesystems.

https://reviews.freebsd.org/D55595

Note that this is not a fix for p9fs, it is only code that would allow the relatively
simple fix to be written later.

Comment 2 Konstantin Belousov freebsd_committer

2026-03-05 12:39:09 UTC

D55595 + D55665 should fix this