Corrupted pool should not panic the system when doing 'zpool import'
Craig Rodrigues have reported a panic when a corrupted pool is present (on our patched version of FreeBSD aka "TrueOS" at github.com/trueos). "zpool import" would panic the system.
The panic is spa_tryimport -> spa_load -> load_nvlist, where there is a:
VERIFY(0 == dmu_bonus_hold(spa->spa_meta_objset, obj, FTAG, &db));
Note that load_nvlist is a static method and all callers are within spa.c, which all handles errors. With this in mind, it seems to be reasonable to just return the error returned from dmu_bonus_hold instead of asserting it be succeed.
I'd like to request a review of the attached patch (trueos 825d6821d636129800c00b10eafb68e6e00cb23a) and merge to upstream if it's appropriate.
Updated by Matthew Ahrens about 9 years ago
Patch looks fine. Only one nit: we try to explicitly convert to booleans, so "if (error != 0)" would be preferable.
Updated by Xin Li about 9 years ago
- File spa-rev1.diff spa-rev1.diff added
Updated by F. H. almost 2 years ago
Fix in OpenZFS with commit: https://github.com/openzfs/zfs/commit/c3275b56a1470ed255441df6ff105d0c3c095d8b