[Bug 260884] [zfs] Panic in zfs_onexit_destroy

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260884] [zfs] Panic in zfs_onexit_destroy"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 02 Jan 2022 20:41:56 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260884

Michael Gmelin <grembo@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |allanjude@FreeBSD.org,
                   |                            |freqlabs@FreeBSD.org

--- Comment #1 from Michael Gmelin <grembo@FreeBSD.org> ---
I found a way to reproduce the panic within seconds:

```
$ cat >crashme.c<<EOF
#include <unistd.h>
#include <sys/stdtypes.h>
#include <libzfs_core.h>

int main(int argc, char** argv)
{
  fork(); fork(); fork(); fork();
  for (int i=0; i<1000000; ++i) {
    libzfs_core_init();
    lzc_exists(argc >= 2 ? argv[1] : "zroot");
    libzfs_core_fini();
  }
}
EOF

$ cc \
  -I/usr/src/sys/contrib/openzfs/include \
  -I/usr/src/sys/contrib/openzfs/lib/libspl/include \
  -lzfs_core -lzfs -o crashme crashme.c

$ ./crashme zroot
```

This doesn't require root privileges.

Applying the patch mentioned above fixes the problem:

```
# cd /usr/src/sys/contrib/openzfs
# fetch -o - \
  https://github.com/openzfs/zfs/commit/f845b2dd1c60.diff | patch -p1
# cd /usr/src
# make -j8 kernel
# reboot
...
$ ./crashme zroot && echo "I'm ok"
I'm ok
$ 
```

Given that this can be triggered by two unfortunately timed `zfs list` calls
and that it actually happens in practice (like in my example, where I would see
my hosts crash every few hours/days), I would like us to import this fix to
release/13.0 and create an errata notice.

-- 
You are receiving this mail because:
You are the assignee for the bug.