Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 22 Jul 2017 01:17:04 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 220916] kernel panic when reboot -r to zfs root because ASSERT(spa->spa_state == POOL_STATE_UNINITIALIZED); is triggered in spa_remove()
Message-ID:  <bug-220916-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220916

            Bug ID: 220916
           Summary: kernel panic when reboot -r to zfs root because
                    ASSERT(spa->spa_state =3D=3D POOL_STATE_UNINITIALIZED);=
 is
                    triggered in spa_remove()
           Product: Base System
           Version: CURRENT
          Hardware: arm64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: wheelcomplex@gmail.com

git 66cab836b0e5b1e7ba73227c4ddf58a8cb7c668a

When test reboot -r (switch root filesystem to new one from userspace) with=
 zfs
root, ASSERT is triggered in spa_remove().

Reproduce:

1. boot into rescue shell(or normal system).
2. import/create other zfs pool(for example pi3tank), a spa registered.
3. create/refresh dataset for new root filesystem: pi3tank/bsdrootfs.
4. zpool export pi3tank
5. kenv vfs.root.mountfrom=3Dzfs:pi3tank/bsdrootfs && reboot -r
6. ASSERT panic ...

Analyse:

In spa_import_rootpool (sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.=
c:
4062), spa_unload and spa_deactivate should be called for a zfs pool with
spa->spa_state !=3D POOL_STATE_UNINITIALIZED although this zfs pool has been
exported.

Fix(works for me):

--- cut here ---
---
/home/david/sandspace/private-freebsd/sys/cddl/contrib/opensolaris/uts/comm=
on/fs/zfs/spa.c.orig
+++
/home/david/sandspace/private-freebsd/sys/cddl/contrib/opensolaris/uts/comm=
on/fs/zfs/spa.c
@@ -4079,6 +4079,10 @@
                 * Remove the existing root pool from the namespace so that=
 we
                 * can replace it with the correct config we just read in.
                 */
+               if (spa->spa_state !=3D POOL_STATE_UNINITIALIZED) {
+                       spa_unload(spa);
+                       spa_deactivate(spa);
+               }
                spa_remove(spa);
        }

@@ -4294,6 +4298,10 @@
                         * that we can replace it with the correct config
                         * we just read in.
                         */
+                       if (spa->spa_state !=3D POOL_STATE_UNINITIALIZED) {
+                               spa_unload(spa);
+                               spa_deactivate(spa);
+                       }
                        spa_remove(spa);
                }
                spa =3D spa_add(pname, config, NULL);
--- cut here ---

ASSERT panic information:

Trying to mount root from zfs:pi3tank/bsdrootfs []...
panic: solaris assert: spa->spa_state =3D=3D POOL_STATE_UNINITIALIZED, file:
/home/david/sandspace/private-freebsd/sys/cddl/contrib/opensolaris/uts/comm=
on/fs/zfs/spa_misc.c,
line: 805
cpuid =3D 2
time =3D 318
KDB: stack backtrace:
db_trace_self() at db_trace_self_wrapper+0x28
         pc =3D 0xffff000000747b80  lr =3D 0xffff00000018ce8c
         sp =3D 0xffff000078bbcd50  fp =3D 0xffff000078bbcf60

db_trace_self_wrapper() at vpanic+0x184
         pc =3D 0xffff00000018ce8c  lr =3D 0xffff0000004373a8
         sp =3D 0xffff000078bbcf70  fp =3D 0xffff000078bbcff0

vpanic() at panic+0x48
         pc =3D 0xffff0000004373a8  lr =3D 0xffff000000437434
         sp =3D 0xffff000078bbd000  fp =3D 0xffff000078bbd080

panic() at assfail+0x28
         pc =3D 0xffff000000437434  lr =3D 0xffff000000043378
         sp =3D 0xffff000078bbd090  fp =3D 0xffff000078bbd090

assfail() at spa_remove+0x6c
         pc =3D 0xffff000000043378  lr =3D 0xffff0000000d0a80
         sp =3D 0xffff000078bbd0a0  fp =3D 0xffff000078bbd0d0

spa_remove() at spa_import_rootpool+0x658
         pc =3D 0xffff0000000d0a80  lr =3D 0xffff0000000c46d8
         sp =3D 0xffff000078bbd0e0  fp =3D 0xffff000078bbd180

spa_import_rootpool() at zfs_mount+0x384
         pc =3D 0xffff0000000c46d8  lr =3D 0xffff000000112bec
         sp =3D 0xffff000078bbd190  fp =3D 0xffff000078bbd340

zfs_mount() at vfs_donmount+0xcfc
         pc =3D 0xffff000000112bec  lr =3D 0xffff0000004ec35c
         sp =3D 0xffff000078bbd350  fp =3D 0xffff000078bbd590

vfs_donmount() at kernel_mount+0x58
         pc =3D 0xffff0000004ec35c  lr =3D 0xffff0000004eef7c
         sp =3D 0xffff000078bbd5a0  fp =3D 0xffff000078bbd5f0

kernel_mount() at parse_mount+0x39c
         pc =3D 0xffff0000004eef7c  lr =3D 0xffff0000004f1578
         sp =3D 0xffff000078bbd600  fp =3D 0xffff000078bbd750

parse_mount() at vfs_mountroot+0x574
         pc =3D 0xffff0000004f1578  lr =3D 0xffff0000004ef93c
         sp =3D 0xffff000078bbd760  fp =3D 0xffff000078bbd920

vfs_mountroot() at sys_reboot+0x2bc
         pc =3D 0xffff0000004ef93c  lr =3D 0xffff0000004368dc
         sp =3D 0xffff000078bbd930  fp =3D 0xffff000078bbd9a0

sys_reboot() at do_el0_sync+0x884
         pc =3D 0xffff0000004368dc  lr =3D 0xffff0000007611bc
         sp =3D 0xffff000078bbd9b0  fp =3D 0xffff000078bbda70

do_el0_sync() at handle_el0_sync+0x74
         pc =3D 0xffff0000007611bc  lr =3D 0xffff0000007499f4
         sp =3D 0xffff000078bbda80  fp =3D 0xffff000078bbdb90

handle_el0_sync() at 0x30d9c
         pc =3D 0xffff0000007499f4  lr =3D 0x0000000000030d9c
         sp =3D 0xffff000078bbdba0  fp =3D 0x0000ffffffffe7f0

KDB: enter: panic
[ thread pid 1 tid 100002 ]
Stopped at      kdb_enter+0x40: undefined       d4200000
db>

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220916-8>