Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Jun 2009 01:40:43 +1000 (EST)
From:      Emil Mikulic <emikulic@gmail.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/135480: (zfs) panic: lock &arg.lock already initialized
Message-ID:  <20090611154043.71E395C46@ppp154-240.static.internode.on.net>
Resent-Message-ID: <200906111550.n5BFo1lV013111@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         135480
>Category:       kern
>Synopsis:       (zfs) panic: lock &arg.lock already initialized
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 11 15:50:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Emil Mikulic
>Release:        8.0-CURRENT, GENERIC, svn r193609
>Organization:
>Environment:
dual-core amd64, 4GB RAM
>Description:
On doing "zfs destroy" of a snapshot, I get the panic.

It doesn't happen with all snapshots, but I've got one that makes this
very reproducible.

Taken from kgdb:

panic: lock &arg.lock already initialized
cpuid = 1
KDB: enter: panic
Physical memory: 4047 MB
Dumping [...]

(kgdb) where
#0  doadump () at pcpu.h:223
[...]
#9  0xffffffff805713fb in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:558
#10 0xffffffff8125758e in dsl_dataset_destroy_sync (arg1=0xffffff0005e71c00,
    tag=0xffffff000b6f89a0, cr=0xffffff00024ddd00, tx=0xffffff000bbe9b00)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c:1422
#11 0xffffffff81259f0b in dsl_sync_task_group_sync (dstg=0xffffff0005d52a00,
    tx=0xffffff000bbe9b00)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_synctask.c:186
#12 0xffffffff81259a33 in dsl_pool_sync (dp=0xffffff0005e1e400, txg=75219)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_pool.c:316
#13 0xffffffff81268405 in spa_sync (spa=0xffffff00058ca000, txg=75219)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c:3988
#14 0xffffffff812704bf in txg_sync_thread (arg=Variable "arg" is not available.
)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/txg.c:352
#15 0xffffffff80549a3a in fork_exit (
    callout=0xffffffff81270230 <txg_sync_thread>, arg=0xffffff0005e1e400,
    frame=0xffffff8078c17c90) at /usr/src/sys/kern/kern_fork.c:828
#16 0xffffffff80828abe in fork_trampoline ()
    at /usr/src/sys/amd64/amd64/exception.S:552
#17 0x0000000000000000 in ?? ()
#18 0x0000000000000000 in ?? ()
#19 0x0000000000000001 in ?? ()
#20 0x0000000000000000 in ?? ()
[...]

(kgdb) frame 10
#10 0xffffffff8125758e in dsl_dataset_destroy_sync (arg1=0xffffff0005e71c00,
    tag=0xffffff000b6f89a0, cr=0xffffff00024ddd00, tx=0xffffff000bbe9b00)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c:1422
1422            mutex_init(&arg.lock, NULL, MUTEX_DEFAULT, NULL);
(kgdb) list
1417    static void
1418    dsl_dataset_drain_refs(dsl_dataset_t *ds, void *tag)
1419    {
1420            struct refsarg arg;
1421
1422 ---------> mutex_init(&arg.lock, NULL, MUTEX_DEFAULT, NULL);
1423            cv_init(&arg.cv, NULL, CV_DEFAULT, NULL);
1424            arg.gone = FALSE;
1425            (void) dmu_buf_update_user(ds->ds_dbuf, ds, &arg, &ds->ds_phys,
1426                dsl_dataset_refs_gone);
(kgdb) print arg
No symbol "arg" in current context.
(kgdb) print ds
Variable "ds" is not available.
(kgdb) print tag
$1 = (void *) 0xffffff000b6f89a0

(kgdb) list *0xffffffff8125758e
0xffffffff8125758e is in dsl_dataset_destroy_sync (/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c:1717).
1712            if (ds->ds_phys->ds_props_obj != 0)
1713                    VERIFY(0 == zap_destroy(mos, ds->ds_phys->ds_props_obj, tx));
1714            dsl_dir_close(ds->ds_dir, ds);
1715            ds->ds_dir = NULL;
1716 ---------> dsl_dataset_drain_refs(ds, tag);
1717            VERIFY(0 == dmu_object_free(mos, obj, tx));
1718    }
1719
1720    static int
1721    dsl_dataset_snapshot_reserve_space(dsl_dataset_t *ds, dmu_tx_t *tx)

>How-To-Repeat:
# zfs destroy tank/foo@bar
(and get unlucky)
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090611154043.71E395C46>