[Bug 260884] [zfs] Panic in zfs_onexit_destroy

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 02 Jan 2022 20:41:56 UTC

Michael Gmelin <grembo@FreeBSD.org> changed:

           What    |Removed                     |Added
                 CC|                            |allanjude@FreeBSD.org,
                   |                            |freqlabs@FreeBSD.org

--- Comment #1 from Michael Gmelin <grembo@FreeBSD.org> ---
I found a way to reproduce the panic within seconds:

$ cat >crashme.c<<EOF
#include <unistd.h>
#include <sys/stdtypes.h>
#include <libzfs_core.h>

int main(int argc, char** argv)
  fork(); fork(); fork(); fork();
  for (int i=0; i<1000000; ++i) {
    lzc_exists(argc >= 2 ? argv[1] : "zroot");

$ cc \
  -I/usr/src/sys/contrib/openzfs/include \
  -I/usr/src/sys/contrib/openzfs/lib/libspl/include \
  -lzfs_core -lzfs -o crashme crashme.c

$ ./crashme zroot

This doesn't require root privileges.

Applying the patch mentioned above fixes the problem:

# cd /usr/src/sys/contrib/openzfs
# fetch -o - \
  https://github.com/openzfs/zfs/commit/f845b2dd1c60.diff | patch -p1
# cd /usr/src
# make -j8 kernel
# reboot
$ ./crashme zroot && echo "I'm ok"
I'm ok

Given that this can be triggered by two unfortunately timed `zfs list` calls
and that it actually happens in practice (like in my example, where I would see
my hosts crash every few hours/days), I would like us to import this fix to
release/13.0 and create an errata notice.

You are receiving this mail because:
You are the assignee for the bug.