search

openzfs / zfs

OpenZFS on Linux and FreeBSD
https://openzfs.github.io/openzfs-docs
Other
10.62k stars 1.75k forks source link

'zpool get' segfaults with two vdevs #15972

Open tonyhutter opened 8 months ago

tonyhutter commented 8 months ago

System information

Type Version/Name
Distribution Name Fedora
Distribution Version 39
Kernel Version 6.6.13
Architecture x86-64
OpenZFS Version 8f2f6cd2ac688916adb2caf979daf95365ccb48f (master)

Describe the problem you're observing

If you pass two vdevs to zpool get, it will segfault. Both vdevs need to be part of the pool.

Describe how to reproduce the problem

zpool get state <pool> <vdev1> <vdev2>

Include any warning/errors/backtraces from the system logs

#0  0x00007ffff76de7ff in ____strtoull_l_internal () from /lib64/libc.so.6
#1  0x00007ffff7f70e17 in zpool_find_vdev (zhp=zhp@entry=0x4471f0, path=path@entry=0x0, avail_spare=avail_spare@entry=0x7fffffff81c8, l2cache=l2cache@entry=0x7fffffff81cc, log=log@entry=0x0)
    at lib/libzfs/libzfs_pool.c:3053
#2  0x00007ffff7f70f4b in zpool_vdev_guid (zhp=zhp@entry=0x4471f0, vdevname=vdevname@entry=0x0, vdev_guid=vdev_guid@entry=0x7fffffff8628) at lib/libzfs/libzfs_pool.c:5147
#3  0x00007ffff7f777ac in zpool_get_vdev_prop (zhp=zhp@entry=0x4471f0, vdevname=vdevname@entry=0x0, prop=VDEV_PROP_NAME, prop_name=0x0, buf=buf@entry=0x7fffffff8aa0 "/file1", len=len@entry=4096, 
    srctype=0x0, literal=B_FALSE) at lib/libzfs/libzfs_pool.c:5340
#4  0x00007ffff7f77b45 in vdev_expand_proplist (zhp=zhp@entry=0x4471f0, vdevname=vdevname@entry=0x0, plp=plp@entry=0x7fffffffac70) at lib/libzfs/libzfs_pool.c:1044
#5  0x000000000040a89b in get_callback (zhp=0x4471f0, data=0x7fffffffac30) at cmd/zpool/zpool_main.c:10550
#6  0x00000000004090ef in pool_list_iter (zlp=0x4496b0, unavail=<optimized out>, func=0x40a720 <get_callback>, data=0x7fffffffac30) at cmd/zpool/zpool_iter.c:186
#7  0x000000000040929a in for_each_pool (argc=argc@entry=1, argv=argv@entry=0x4498e8, unavail=unavail@entry=B_TRUE, proplist=proplist@entry=0x7fffffffac70, type=<optimized out>, literal=<optimized out>, 
    func=0x40a720 <get_callback>, data=0x7fffffffac30) at cmd/zpool/zpool_iter.c:262
#8  0x000000000041d796 in zpool_do_get (argc=1, argv=0x4498e8) at cmd/zpool/zpool_main.c:10777
#9  0x000000000040895e in main (argc=6, argv=0x7fffffffe408) at cmd/zpool/zpool_main.c:11545
madwizard commented 6 months ago

I did a test on FreeBSD: FreeBSD version: FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE #0 releng/14.0-n265380-f9716eee8ab4: Fri Nov 10 05:57:23 UTC 2023 Zpool version: zpool version zfs-2.2.0-FreeBSD_g95785196f zfs-kmod-2.2.0-FreeBSD_g95785196f running this command gives me the same result: segfault.

I've run this through gdb, and se segfault happens within zpool_find_vdev in this line: https://github.com/openzfs/zfs/blob/04bae5ec95f7273105237159a882d5b72ec2b998/lib/libzfs/libzfs_pool.c#L3056

`GI_____strtoul_l_internal (nptr=0x0, endptr=0x7fffffff8250, base=0, group=0, bin_cst=true, loc=0x7ffff7da33c0 <_nl_global_locale>) at ../stdlib/strtol_l.c:238 238 { (gdb) s 252 struct locale_data current = loc->__locales[LC_NUMERIC]; (gdb) s 264 if (__glibc_unlikely (group)) (gdb) s 295 if (base < 0 || base == 1 || base > 36) (gdb) s 304 while (ISSPACE (s)) (gdb) print s $4 = 0x0 (gdb) s

Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7c197ff in __GI_____strtoul_l_internal (nptr=0x0, endptr=0x7fffffff8250, base=0, group=, bin_cst=true, loc=0x7ffff7da33c0 <_nl_global_locale>) at ../stdlib/strtol_l.c:304 304 while (ISSPACE (*s))`

The ISSPACE receives 0x0.