[Bug 295532] lock order reversal zfs and ufs

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 295532] lock order reversal zfs and ufs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 23 May 2026 21:46:54 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295532

            Bug ID: 295532
           Summary: lock order reversal zfs and ufs
           Product: Base System
           Version: 16.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: jfc@mit.edu

Today running 16-CURRENT in bhyve I had a lock order reversal with zfs and ufs
named and nullfs implied.

Given the stack trace and concurrent system activity, I figure poudriere was
cleaning up its ZFS filesystems at the end of a build.  The build filesystems
had nullfs mounts leading back to UFS /usr/src.

Root filesystem (UFS) includes /usr/src.
Poudriere master filesystem (ZFS) has a nullfs mount of root filesystem
/usr/src.
Builder filesystem (ZFS) has a nullfs mount of master filesystem usr/src.

But there are four null_lock calls in the stack trace, not three.  I might have
missed a filesystem.

lock order reversal:
 1st 0xfffff80c0f52d908 zfs (zfs, lockmgr) @ /usr/src/sys/kern/vfs_mount.c:2299
 2nd 0xfffff80005a55c78 ufs (ufs, lockmgr) @
/usr/src/sys/fs/nullfs/null_vnops.c:851
lock order ufs -> zfs established at:
#0 0xffffffff80c2f16b at witness_checkorder+0x35b
#1 0xffffffff80b80f1a at lockmgr_lock_flags+0x16a
#2 0xffffffff811db702 at VOP_LOCK1_APV+0x32
#3 0xffffffff80cd9123 at _vn_lock+0x53
#4 0xffffffff80cbeb19 at vflush+0xe9
#5 0xffffffff8305885a at zfs_umount+0xda
#6 0xffffffff80cb28b4 at dounmount+0x664
#7 0xffffffff80cb21fc at kern_unmount+0x35c
#8 0xffffffff8110ba08 at amd64_syscall+0x168
#9 0xffffffff810db0ab at fast_syscall_common+0xf8
lock order zfs -> ufs attempted at:
#0 0xffffffff80c2faa7 at witness_checkorder+0xc97
#1 0xffffffff80b80f1a at lockmgr_lock_flags+0x16a
#2 0xffffffff80f615fd at ffs_lock+0x8d
#3 0xffffffff811db702 at VOP_LOCK1_APV+0x32
#4 0xffffffff82e89229 at null_lock+0x169
#5 0xffffffff811db702 at VOP_LOCK1_APV+0x32
#6 0xffffffff82e89229 at null_lock+0x169
#7 0xffffffff811db702 at VOP_LOCK1_APV+0x32
#8 0xffffffff82e89229 at null_lock+0x169
#9 0xffffffff811db702 at VOP_LOCK1_APV+0x32
#10 0xffffffff80cd9123 at _vn_lock+0x53
#11 0xffffffff80cbeb19 at vflush+0xe9
#12 0xffffffff82e87fd0 at nullfs_unmount+0x50
#13 0xffffffff80cb28b4 at dounmount+0x664
#14 0xffffffff80cb21fc at kern_unmount+0x35c
#15 0xffffffff8110ba08 at amd64_syscall+0x168
#16 0xffffffff810db0ab at fast_syscall_common+0xf8

-- 
You are receiving this mail because:
You are the assignee for the bug.