Bug 243973 - ZFS: rollback segmentation fault
Summary: ZFS: rollback segmentation fault
Status: Closed Feedback Timeout
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.1-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Graham Perrin
URL:
Keywords: crash, needs-qa
Depends on:
Blocks:
 
Reported: 2020-02-08 06:14 UTC by Reshad Patuck
Modified: 2023-04-08 18:53 UTC (History)
3 users (show)

See Also:
koobs: mfc-stable12?
koobs: mfc-stable11?

Attachments
ZFS core file (xz compressed) (32.61 KB, application/x-xz)
2020-02-08 06:14 UTC, Reshad Patuck 		no flags Details
Shell script to reproduce the segfault (1.64 KB, text/plain)
2020-02-08 06:16 UTC, Reshad Patuck 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Reshad Patuck 2020-02-08 06:14:23 UTC 
Created attachment 211466 [details]
ZFS core file (xz compressed)

I have a FreeBSD 12.1 system running zfs as root (default zfs install) + pkg base installed (all 318 packages).
While I was testing the rollback of a system update using the 'zfs rollback' command after 'pkg upgrade -f' and I noticed that zfs rollback for 'zroot/ROOT/default@pre-update' is segfaulting.
Strangely if I run the same command again after sleeping for 10 seconds it works flawlessly every time.

Here is the backtrace for the segmentation fault from the core file.
-----
(gdb) backtrace 
#0  0x00000008004a7e4a in pthread_rwlock_unlock_exp (p0=0x6) at /usr/src/lib/libc/gen/_pthread_stubs.c:249
#1  0x000000080029402e in zcmd_ioctl (fd=6, request=25, zc=0x6) at /usr/src/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_compat.c:113
#2  0x0000000800292374 in lzc_ioctl (ioc=3222821401, name=<optimized out>, source=<optimized out>, resultp=0x7fffffffdc40) at /usr/src/cddl/contrib/opensolaris/lib/libzfs_core/common/libzfs_core.c:187
#3  0x0000000800293492 in lzc_rollback_to (fsname=0xc0185a19 <error: Cannot access memory at address 0xc0185a19>, snapname=<optimized out>) at /usr/src/cddl/contrib/opensolaris/lib/libzfs_core/common/libzfs_core.c:869
#4  0x00000008002dc381 in zfs_rollback (zhp=0x800839280, snap=<optimized out>, force=<optimized out>) at /usr/src/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c:4194
#5  0x000000000020e2a1 in zfs_do_rollback (argc=<optimized out>, argv=0x7fffffffeb18) at /usr/src/cddl/contrib/opensolaris/cmd/zfs/zfs_main.c:3574
#6  0x000000000020c6a4 in main (argc=<optimized out>, argv=0x7fffffffeb10) at /usr/src/cddl/contrib/opensolaris/cmd/zfs/zfs_main.c:7507
(gdb) 
-----

I have attached the zfs.core file along with the shell script to reproduce the segmentation fault.
Comment 1 Reshad Patuck 2020-02-08 06:16:19 UTC 
Created attachment 211467 [details]
Shell script to reproduce the segfault

This shell script reproduces the issue 100% of the time for me
Comment 2 Andriy Gapon freebsd_committer freebsd_triage 2020-02-08 07:23:33 UTC 
Kubilay, I think that zfs-devel@ list is effectively dead.
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2020-02-09 08:38:15 UTC 
Apologies, mistake in drop-down selection, thanks for the heads-up, and everyone (@freebsd.org) can triage :)
Comment 4 Mark Johnston freebsd_committer freebsd_triage 2021-10-29 17:27:06 UTC 
Does this script do a rollback on the mounted root filesystem zroot/ROOT/default?  If so this seems more or less expected since various system libraries, like libthr.so, will be modified during the operation.