lxc 'delete' fails to destroy ZFS filesystem 'dataset is busy'

This change was made by a bot.

Status changed to 'Confirmed' because the bug affects multiple users.

This is still around. Scott wrote up a script to handle cleaning this up.

https://gist.github.com/smoser/2c78cf54a1e22b6f05270bd3fead8a5c

https://github.com/lxc/lxd/issues/4656

Cosmic is now end-of-life. Does this still occur on Disco?

Do we have any hunches on how to reproduce this issue?

Hi,

I hit this issue on Bionic, Disco and Eoan. Our (server-team) Jenkins nodes are often filled by stale LXD containers which are left there because of "fails to destroy ZFS filesystem" errors.

Some thoughts and qualitative observations:

0. This is not a corner case, I see the problem all the time.

1. There is probably more than one issue involved here, even we get similar error messages when trying to delete a container.

2. One issue is about mount namespaces: stray mounts that prevent to the container to be deleted. This issue can be worked around by entering the namespace and unmounting. The container can then be deleted. When this happens retrying `lxd delete` doesn't help. This is described in [0]. I think the newer versions of LXD are way less prone to end up in this case.

3. In other cases `lxc delete --force` fails with the "ZFS dataset is busy" error, but the deletion succeeds if the delete is retried immediately after. In my case I don't even need to wait for a single second: the second delete in `lxc delete --force <x> ; lxc delete <x>` already works. Stopping and deleting the container as separate operations also works.

4. It has been suggested in [0] that LXD could retry the "delete" operation if it fails. stgraber wrote that LXD *already* retries the operation 20 times over 10 seconds, but the outcome is still a failure. It is not clear to me how retrying manually works, while LXD auto-retrying does not.

5. Some time ago (weeks) the error message changed from "Failed to destroy ZFS filesystem: dataset is busy" to "Failed to destroy ZFS filesystem:" with no other detail. I can't tell which specific upgrade triggered this change.

6. I see this problem in both file-backed and device-backed zpools.

7. I'm not sure system load plays a role: I often hit the problem on my lightly loaded laptop.

8. I don't have clear steps to reproduce the problem, but I personally see it happening most of the time. While I don't have steps to reproduce with 100% probability, I'm seeing this more times than I don't. But see the next point.

9. In my experience a system can be in a "bad state" (the problem always happens), or in a "good state" (the problem never happens). When the system is in a "good state" we can `lxc delete` hundreds of containers with no errors. I can't tell what makes a system switch from a good to a bad state. I almost certain I also saw systems switching from a bad to a good state.

10. The lxcfs package it not installed in the systems where I hit this issue

That's it for the moment. Thanks for looking into this!

Paride

[0] https://github.com/lxc/lxd/issues/4656

To be clear: point(3) above is what I see happening most of the time at the moment.

Reproducer is as follows:

lxc launch ubuntu:bionic zfs-bug-test
Creating zfs-bug-test
Starting zfs-bug-test
lxc delete zfs-bug-test --force
Error: Failed to destroy ZFS filesystem:

Can reproduce this on Eoan with latest 5.2, 5.3 kernel.

The ZFS destroy checks the reference count on the dataset with zfs_refcount_count(&ds->ds_longholds) != expected_holds and returns EBUSY in dsl_destroy_head_check_impl.

Been digging into this a bit further with lxc 3.17 on Eoan.

lxc launch ubuntu:bionic zfs-bug-test
Creating zfs-bug-test
Starting zfs-bug-test
lxc delete zfs-bug-test --force
Error: Failed to destroy ZFS filesystem: Failed to run: zfs destroy -r default/containers/z1: cannot destroy 'default/containers/z1': dataset is busy

However, re-running the delete works fine:
lxd.lxc delete z1 --force

Looking at system calls, it appears that the first failing delete --force command attempts to destroy the zfs file system multiple times and then gives up. In doing so, it umounts the zfs file system. Hence the second time the delete is issued it works fine because zfs is now umounted. So it appears that the ordering in the delete is not as it expected.

It seems to do:
zfs destroy x 10 (or so and then gives up because of errno 16 -EBUSY)
zfs umount

It should be doing:
zfs umount
zfs destroy

This matches the observed reference counting. The ref count is only dropped once the umount is complete. Attempts to destroy it before that will cause an -EBUSY.

See: https://github.com/lxc/lxd/issues/4656#issuecomment-535531229

In https://github.com/lxc/lxd/blob/master/lxd/storage_zfs_utils.go#L255 the umount is done by

    err := unix.Unmount(mountpoint, unix.MNT_DETACH)

The umount2(2) manpage writes about MNT_DETACH:

    Perform a lazy unmount: make the mount point unavailable for new accesses, immediately disconnect the filesystem and all filesystems mounted below it from each other and from the mount table, and actually perform the unmount when the mount point ceases to be busy.

Could this be it? The MNT_DETACH umount looks partially asynchronous. All the subsequent destroy commands may fail because they keep the mount point busy. Finally the retry loop ends, the umount happens for real and the following destroy succeeds.

—

A fix has landed in lxd, I refer you to the following comment:

https://github.com/lxc/lxd/issues/4656#issuecomment-541266681

Please check if this addresses the issues.

The released fix does not appear to fully address the problem:

https://github.com/lxc/lxd/issues/4656#issuecomment-542630903

The current stable snap seems to fully address the issue. See:

https://github.com/lxc/lxd/issues/4656#issuecomment-542886330

and following.

best. fix. ever.

working after a reboot.

$ snap list lxd
Name Version Rev Tracking Publisher Notes
lxd 3.18 12211 stable canonical✓ -

Bug status updated accordingly. I set the linux task to Invalid as the kernel was not involved after all. Thanks again Stéphane and Colin!