From owner-freebsd-bugs@freebsd.org  Sat Jul 22 01:17:04 2017
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9A7FC789F0
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 22 Jul 2017 01:17:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B038864A06
 for <freebsd-bugs@FreeBSD.org>; Sat, 22 Jul 2017 01:17:04 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v6M1H4jQ096518
 for <freebsd-bugs@FreeBSD.org>; Sat, 22 Jul 2017 01:17:04 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 220916] kernel panic when reboot -r to zfs root because
 ASSERT(spa->spa_state == POOL_STATE_UNINITIALIZED); is triggered in
 spa_remove()
Date: Sat, 22 Jul 2017 01:17:04 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: wheelcomplex@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-220916-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jul 2017 01:17:04 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220916

            Bug ID: 220916
           Summary: kernel panic when reboot -r to zfs root because
                    ASSERT(spa->spa_state =3D=3D POOL_STATE_UNINITIALIZED);=
 is
                    triggered in spa_remove()
           Product: Base System
           Version: CURRENT
          Hardware: arm64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: wheelcomplex@gmail.com

git 66cab836b0e5b1e7ba73227c4ddf58a8cb7c668a

When test reboot -r (switch root filesystem to new one from userspace) with=
 zfs
root, ASSERT is triggered in spa_remove().

Reproduce:

1. boot into rescue shell(or normal system).
2. import/create other zfs pool(for example pi3tank), a spa registered.
3. create/refresh dataset for new root filesystem: pi3tank/bsdrootfs.
4. zpool export pi3tank
5. kenv vfs.root.mountfrom=3Dzfs:pi3tank/bsdrootfs && reboot -r
6. ASSERT panic ...

Analyse:

In spa_import_rootpool (sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.=
c:
4062), spa_unload and spa_deactivate should be called for a zfs pool with
spa->spa_state !=3D POOL_STATE_UNINITIALIZED although this zfs pool has been
exported.

Fix(works for me):

--- cut here ---
---
/home/david/sandspace/private-freebsd/sys/cddl/contrib/opensolaris/uts/comm=
on/fs/zfs/spa.c.orig
+++
/home/david/sandspace/private-freebsd/sys/cddl/contrib/opensolaris/uts/comm=
on/fs/zfs/spa.c
@@ -4079,6 +4079,10 @@
                 * Remove the existing root pool from the namespace so that=
 we
                 * can replace it with the correct config we just read in.
                 */
+               if (spa->spa_state !=3D POOL_STATE_UNINITIALIZED) {
+                       spa_unload(spa);
+                       spa_deactivate(spa);
+               }
                spa_remove(spa);
        }

@@ -4294,6 +4298,10 @@
                         * that we can replace it with the correct config
                         * we just read in.
                         */
+                       if (spa->spa_state !=3D POOL_STATE_UNINITIALIZED) {
+                               spa_unload(spa);
+                               spa_deactivate(spa);
+                       }
                        spa_remove(spa);
                }
                spa =3D spa_add(pname, config, NULL);
--- cut here ---

ASSERT panic information:

Trying to mount root from zfs:pi3tank/bsdrootfs []...
panic: solaris assert: spa->spa_state =3D=3D POOL_STATE_UNINITIALIZED, file:
/home/david/sandspace/private-freebsd/sys/cddl/contrib/opensolaris/uts/comm=
on/fs/zfs/spa_misc.c,
line: 805
cpuid =3D 2
time =3D 318
KDB: stack backtrace:
db_trace_self() at db_trace_self_wrapper+0x28
         pc =3D 0xffff000000747b80  lr =3D 0xffff00000018ce8c
         sp =3D 0xffff000078bbcd50  fp =3D 0xffff000078bbcf60

db_trace_self_wrapper() at vpanic+0x184
         pc =3D 0xffff00000018ce8c  lr =3D 0xffff0000004373a8
         sp =3D 0xffff000078bbcf70  fp =3D 0xffff000078bbcff0

vpanic() at panic+0x48
         pc =3D 0xffff0000004373a8  lr =3D 0xffff000000437434
         sp =3D 0xffff000078bbd000  fp =3D 0xffff000078bbd080

panic() at assfail+0x28
         pc =3D 0xffff000000437434  lr =3D 0xffff000000043378
         sp =3D 0xffff000078bbd090  fp =3D 0xffff000078bbd090

assfail() at spa_remove+0x6c
         pc =3D 0xffff000000043378  lr =3D 0xffff0000000d0a80
         sp =3D 0xffff000078bbd0a0  fp =3D 0xffff000078bbd0d0

spa_remove() at spa_import_rootpool+0x658
         pc =3D 0xffff0000000d0a80  lr =3D 0xffff0000000c46d8
         sp =3D 0xffff000078bbd0e0  fp =3D 0xffff000078bbd180

spa_import_rootpool() at zfs_mount+0x384
         pc =3D 0xffff0000000c46d8  lr =3D 0xffff000000112bec
         sp =3D 0xffff000078bbd190  fp =3D 0xffff000078bbd340

zfs_mount() at vfs_donmount+0xcfc
         pc =3D 0xffff000000112bec  lr =3D 0xffff0000004ec35c
         sp =3D 0xffff000078bbd350  fp =3D 0xffff000078bbd590

vfs_donmount() at kernel_mount+0x58
         pc =3D 0xffff0000004ec35c  lr =3D 0xffff0000004eef7c
         sp =3D 0xffff000078bbd5a0  fp =3D 0xffff000078bbd5f0

kernel_mount() at parse_mount+0x39c
         pc =3D 0xffff0000004eef7c  lr =3D 0xffff0000004f1578
         sp =3D 0xffff000078bbd600  fp =3D 0xffff000078bbd750

parse_mount() at vfs_mountroot+0x574
         pc =3D 0xffff0000004f1578  lr =3D 0xffff0000004ef93c
         sp =3D 0xffff000078bbd760  fp =3D 0xffff000078bbd920

vfs_mountroot() at sys_reboot+0x2bc
         pc =3D 0xffff0000004ef93c  lr =3D 0xffff0000004368dc
         sp =3D 0xffff000078bbd930  fp =3D 0xffff000078bbd9a0

sys_reboot() at do_el0_sync+0x884
         pc =3D 0xffff0000004368dc  lr =3D 0xffff0000007611bc
         sp =3D 0xffff000078bbd9b0  fp =3D 0xffff000078bbda70

do_el0_sync() at handle_el0_sync+0x74
         pc =3D 0xffff0000007611bc  lr =3D 0xffff0000007499f4
         sp =3D 0xffff000078bbda80  fp =3D 0xffff000078bbdb90

handle_el0_sync() at 0x30d9c
         pc =3D 0xffff0000007499f4  lr =3D 0x0000000000030d9c
         sp =3D 0xffff000078bbdba0  fp =3D 0x0000ffffffffe7f0

KDB: enter: panic
[ thread pid 1 tid 100002 ]
Stopped at      kdb_enter+0x40: undefined       d4200000
db>

--=20
You are receiving this mail because:
You are the assignee for the bug.=