kstat_hold() blocks forever #6

lundman · 2021-02-15T00:16:12Z

I had a deadlock with zpool import -d c:/src/diskimage.bin funk with the stack:

 	nt!KeWaitForMultipleObjects+0x287	C/C++/ASM
 	OpenZFS!spl_cv_wait+0x104 [C:\src\openzfs\module\os\windows\spl\spl-condvar.c @ 123]	C/C++/ASM
 	OpenZFS!kstat_hold+0xaf [C:\src\openzfs\module\os\windows\spl\spl-kstat.c @ 610]	C/C++/ASM
 	OpenZFS!kstat_hold_bykid+0x54 [C:\src\openzfs\module\os\windows\spl\spl-kstat.c @ 646]	C/C++/ASM
 	OpenZFS!kstat_delete+0xd2 [C:\src\openzfs\module\os\windows\spl\spl-kstat.c @ 1295]	C/C++/ASM
 	OpenZFS!procfs_list_destroy+0x5e [C:\src\openzfs\module\os\windows\spl\spl-proc_list.c @ 141]	C/C++/ASM
 	OpenZFS!spa_read_history_destroy+0x4b [C:\src\openzfs\module\zfs\spa_stats.c @ 146]	C/C++/ASM
 	OpenZFS!spa_stats_destroy+0x3b [C:\src\openzfs\module\zfs\spa_stats.c @ 1013]	C/C++/ASM
 	OpenZFS!spa_remove+0x3c3 [C:\src\openzfs\module\zfs\spa_misc.c @ 816]	C/C++/ASM
 	OpenZFS!spa_tryimport+0x5f7 [C:\src\openzfs\module\zfs\spa.c @ 6222]	C/C++/ASM
 	OpenZFS!zfs_ioc_pool_tryimport+0x76 [C:\src\openzfs\module\zfs\zfs_ioctl.c @ 1646]	C/C++/ASM

Where we are stuck here:

kstat_hold(avl_tree_t *t, ekstat_t *template)
{
	kstat_t *ksp;
	ekstat_t *e;

	mutex_enter(&kstat_chain_lock);
	for (;;) {
		ksp = avl_find(t, template, NULL);
		if (ksp == NULL)
			break;
		e = (ekstat_t *)ksp;
		if (e->e_owner == NULL) {
			e->e_owner = (void *)curthread;
			break;
		}
		cv_wait(&e->e_cv, &kstat_chain_lock);
	}

e->e_owner is the value of curthread already, so it is waiting for ourselves to wake us up. This could suggest a leak in kstat_hold somewhere,. perhaps from procfs_list_destroy - code we got from FreeBSD. Check and see if they have fixed anything in this area.

The text was updated successfully, but these errors were encountered:

datacore-rm · 2022-08-01T10:47:52Z

Later commits done in spl-proc_list.c/procfs_list_destroy() could resolve this issue?

lundman · 2022-08-01T11:28:08Z

I think it is a bit racey, between mutex_exit and destroy. I've not come across it in quite a while, so hoping other things fixed it. Have you come across it?

datacore-rm · 2022-08-01T13:19:08Z

I have not come across this issue anytime. Thanks.

datacore-rm · 2022-08-09T07:16:53Z

In kstat_install() and kstat_delete() there is below check where there is no corresponding kstat_release(). Can there be any
chance that kstat_hold_bykid() returns some another not null ksp?

if (kstat_hold_bykid(ksp->ks_kid, zoneid) != ksp) {
cmn_err(CE_WARN, "kstat_delete(%p): does not exist",
(void *)ksp);
return;
}

Under certain loads, the following panic is hit: panic: page fault KDB: stack backtrace: #0 0xffffffff805db025 at kdb_backtrace+0x65 #1 0xffffffff8058e86f at vpanic+0x17f #2 0xffffffff8058e6e3 at panic+0x43 #3 0xffffffff808adc15 at trap_fatal+0x385 #4 0xffffffff808adc6f at trap_pfault+0x4f #5 0xffffffff80886da8 at calltrap+0x8 #6 0xffffffff80669186 at vgonel+0x186 #7 0xffffffff80669841 at vgone+0x31 #8 0xffffffff8065806d at vfs_hash_insert+0x26d #9 0xffffffff81a39069 at sfs_vgetx+0x149 #10 0xffffffff81a39c54 at zfsctl_snapdir_lookup+0x1e4 #11 0xffffffff8065a28c at lookup+0x45c #12 0xffffffff806594b9 at namei+0x259 #13 0xffffffff80676a33 at kern_statat+0xf3 #14 0xffffffff8067712f at sys_fstatat+0x2f #15 0xffffffff808ae50c at amd64_syscall+0x10c #16 0xffffffff808876bb at fast_syscall_common+0xf8 The page fault occurs because vgonel() will call VOP_CLOSE() for active vnodes. For this reason, define vop_close for zfsctl_ops_snapshot. While here, define vop_open for consistency. After adding the necessary vop, the bug progresses to the following panic: panic: VERIFY3(vrecycle(vp) == 1) failed (0 == 1) cpuid = 17 KDB: stack backtrace: #0 0xffffffff805e29c5 at kdb_backtrace+0x65 #1 0xffffffff8059620f at vpanic+0x17f #2 0xffffffff81a27f4a at spl_panic+0x3a #3 0xffffffff81a3a4d0 at zfsctl_snapshot_inactive+0x40 #4 0xffffffff8066fdee at vinactivef+0xde #5 0xffffffff80670b8a at vgonel+0x1ea #6 0xffffffff806711e1 at vgone+0x31 #7 0xffffffff8065fa0d at vfs_hash_insert+0x26d #8 0xffffffff81a39069 at sfs_vgetx+0x149 #9 0xffffffff81a39c54 at zfsctl_snapdir_lookup+0x1e4 #10 0xffffffff80661c2c at lookup+0x45c #11 0xffffffff80660e59 at namei+0x259 #12 0xffffffff8067e3d3 at kern_statat+0xf3 #13 0xffffffff8067eacf at sys_fstatat+0x2f #14 0xffffffff808b5ecc at amd64_syscall+0x10c #15 0xffffffff8088f07b at fast_syscall_common+0xf8 This is caused by a race condition that can occur when allocating a new vnode and adding that vnode to the vfs hash. If the newly created vnode loses the race when being inserted into the vfs hash, it will not be recycled as its usecount is greater than zero, hitting the above assertion. Fix this by dropping the assertion. FreeBSD-issue: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252700 Reviewed-by: Andriy Gapon <avg@FreeBSD.org> Reviewed-by: Mateusz Guzik <mjguzik@gmail.com> Reviewed-by: Alek Pinchuk <apinchuk@axcient.com> Reviewed-by: Ryan Moeller <ryan@iXsystems.com> Signed-off-by: Rob Wing <rob.wing@klarasystems.com> Co-authored-by: Rob Wing <rob.wing@klarasystems.com> Submitted-by: Klara, Inc. Sponsored-by: rsync.net Closes openzfs#14501

lundman added the bug Something isn't working label Feb 15, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

kstat_hold() blocks forever #6

kstat_hold() blocks forever #6

lundman commented Feb 15, 2021

datacore-rm commented Aug 1, 2022

lundman commented Aug 1, 2022

datacore-rm commented Aug 1, 2022

datacore-rm commented Aug 9, 2022

kstat_hold() blocks forever #6

kstat_hold() blocks forever #6

Comments

lundman commented Feb 15, 2021

datacore-rm commented Aug 1, 2022

lundman commented Aug 1, 2022

datacore-rm commented Aug 1, 2022

datacore-rm commented Aug 9, 2022