NetBSD Problem Report #55042

From www@netbsd.org  Mon Mar  2 19:19:00 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 2EE901A9217
	for <gnats-bugs@gnats.NetBSD.org>; Mon,  2 Mar 2020 19:19:00 +0000 (UTC)
Message-Id: <20200302191859.293AE1A921A@mollari.NetBSD.org>
Date: Mon,  2 Mar 2020 19:18:59 +0000 (UTC)
From: ci4ic4@gmail.com
Reply-To: ci4ic4@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Panic when creating a directory on a NFS served ZFS  
X-Send-Pr-Version: www-1.0

>Number:         55042
>Category:       misc
>Synopsis:       Panic when creating a directory on a NFS served ZFS
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    misc-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 02 19:20:01 +0000 2020
>Closed-Date:    Mon Mar 22 18:25:14 +0000 2021
>Last-Modified:  Mon Mar 22 18:35:01 +0000 2021
>Originator:     Chavdar Ivanov
>Release:        9.99.48, amd64
>Organization:
CI4 Consulting Ltd
>Environment:
NetBSD ymir 9.99.48 NetBSD 9.99.48 (GENERIC) #17: Sat Feb 29 19:58:04 GMT 2020  sysbuild@ymir:/home/sysbuild/amd64/obj/home/sysbuild/src/sys/arch/amd64/compile/GENERIC amd64

>Description:
ZFS file system is exported via an entry in /etc/exports:

/tank/t1 -maproot=0:10 -network 192.168.0/24

It is mounted on another NetBSD-current system; all files and directories are seen from the client. 

When the client attempts to create a directory on the nfs-server zfs filesystem, the server either resets straight away, or panics; as the client is still waiting for the directory to be created, upon restart the same happens in a loop, this time for sure saving a core dump. The trace is as follows:
..
(gdb) target kvm netbsd.0.core
0xffffffff80224225 in cpu_reboot ()
(gdb) bt
#0  0xffffffff80224225 in cpu_reboot ()
#1  0xffffffff809fdbff in kern_reboot ()
#2  0xffffffff80a3fff9 in vpanic ()
#3  0xffffffff80a400bd in panic ()
#4  0xffffffff8022669d in trap ()
#5  0xffffffff8021ed43 in alltraps ()
#6  0xffffffff827340a1 in zfs_log_create ()
#7  0xffffffff827410aa in zfs_netbsd_mkdir ()
#8  0xffffffff80ab14d9 in VOP_MKDIR ()
#9  0xffffffff8090de71 in nfsrv_mkdir ()
#10 0xffffffff80922172 in do_nfssvc ()
#11 0xffffffff80255cb9 in syscall ()
#12 0xffffffff802096ad in handle_syscall ()


To exit the reboot loop, one has to boot single-user and comment out the line in /etc/exports. 

>How-To-Repeat:
- enable zfs (zfs=YES >> /etc/rc.conf; reboot)
- create a zpool - even backed up by a file
- create a filesystem in this pool 
- nfs export it as above, copy some files, create som directories etc. 
- mount -t nfs from another host (tested only with NetBSD-current)
- mkdir whatever on the mounted directory
>Fix:
N/A 

>Release-Note:

>Audit-Trail:
From: "Juergen Hannken-Illjes" <hannken@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55042 CVS commit: src/external/cddl/osnet/dist/uts/common/fs/zfs/sys
Date: Tue, 16 Feb 2021 09:54:17 +0000

 Module Name:	src
 Committed By:	hannken
 Date:		Tue Feb 16 09:54:17 UTC 2021

 Modified Files:
 	src/external/cddl/osnet/dist/uts/common/fs/zfs/sys: zfs_context.h

 Log Message:
 Use the right uid / gid for nobody:nobody like FreeBSD does.

 Prevents null pointer dereferences when ZFS replaces this
 illegal (according to IS_EPHEMERAL()) id with another
 illegal id in operation zfs_fuid_create_cred() and
 finally zfs_log_create() dereferences fuidp being NULL.

 Adresses PR misc/55042 (Panic when creating a directory on a NFS served ZFS)


 To generate a diff of this commit:
 cvs rdiff -u -r1.2 -r1.3 \
     src/external/cddl/osnet/dist/uts/common/fs/zfs/sys/zfs_context.h

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: nia@NetBSD.org
State-Changed-When: Sun, 07 Mar 2021 08:06:48 +0000
State-Changed-Why:
Has this gone away? Is it worth pulling this up?


State-Changed-From-To: feedback->needs-pullups
State-Changed-By: gdt@NetBSD.org
State-Changed-When: Sat, 20 Mar 2021 20:02:17 +0000
State-Changed-Why:
Confirmed ok on current.   Issue exists in NetBSD 9 still.


State-Changed-From-To: needs-pullups->closed
State-Changed-By: gdt@NetBSD.org
State-Changed-When: Mon, 22 Mar 2021 18:25:14 +0000
State-Changed-Why:
fix pulled up
to netbsd-9, which is the only release where zfs is thought to work.


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55042 CVS commit: [netbsd-9] src/external/cddl/osnet/dist/uts/common/fs/zfs/sys
Date: Mon, 22 Mar 2021 18:22:59 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Mon Mar 22 18:22:59 UTC 2021

 Modified Files:
 	src/external/cddl/osnet/dist/uts/common/fs/zfs/sys [netbsd-9]:
 	    zfs_context.h

 Log Message:
 Pull up following revision(s) (requested by hannken in ticket #1235):

 	external/cddl/osnet/dist/uts/common/fs/zfs/sys/zfs_context.h: revision 1.3

 Use the right uid / gid for nobody:nobody like FreeBSD does.

 Prevents null pointer dereferences when ZFS replaces this
 illegal (according to IS_EPHEMERAL()) id with another
 illegal id in operation zfs_fuid_create_cred() and
 finally zfs_log_create() dereferences fuidp being NULL.

 Adresses PR misc/55042 (Panic when creating a directory on a NFS served ZFS)


 To generate a diff of this commit:
 cvs rdiff -u -r1.2 -r1.2.2.1 \
     src/external/cddl/osnet/dist/uts/common/fs/zfs/sys/zfs_context.h

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.