Fix ztest deadman panic with indirect vdev damage

This patch fixes an issue where ztest's deadman thread would
trigger a panic because reconstructing artifically damaged
blocks would take too long to reconstruct. This patch simply
limits how often ztest inflicts split-block damage and how
many segments it can damage when it does.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Serapheim Dimitropoulos <serapheim.dimitro@delphix.com>
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Signed-off-by: Tom Caputi <tcaputi@datto.com>
Closes #8010

diff --git a/cmd/ztest/ztest.c b/cmd/ztest/ztest.c
index 44d4e97403f40740421b4a7307d28ff4f0ad8e85..983bc0dfe03685ee7385202e49225f69cd48dbad 100644 (file)
--- a/cmd/ztest/ztest.c
+++ b/cmd/ztest/ztest.c
@@ -7383,8 +7383,13 @@ main(int argc, char **argv)
         * Verify that even extensively damaged split blocks with many
         * segments can be reconstructed in a reasonable amount of time
         * when reconstruction is known to be possible.
+        *
+        * Note: the lower this value is, the more damage we inflict, and
+        * the more time ztest spends in recovering that damage. We chose
+        * to induce damage 1/100th of the time so recovery is tested but
+        * not so frequently that ztest doesn't get to test other code paths.
         */
-       zfs_reconstruct_indirect_damage_fraction = 4;
+       zfs_reconstruct_indirect_damage_fraction = 100;
 
        action.sa_handler = sig_handler;
        sigemptyset(&action.sa_mask);

diff --git a/module/zfs/vdev_indirect.c b/module/zfs/vdev_indirect.c
index 097be6f0e3123418cbf5a196fc54a10e26ee618e..7863fe9d0f351abc3692f57fbfdd2644af13c148 100644 (file)
--- a/module/zfs/vdev_indirect.c
+++ b/module/zfs/vdev_indirect.c
@@ -1614,7 +1614,7 @@ vdev_indirect_splits_damage(indirect_vsd_t *iv, zio_t *zio)
         * result in two or less unique copies per indirect_child_t.
         * Both may need to be checked in order to reconstruct the block.
         * Set iv->iv_attempts_max such that all unique combinations will
-        * enumerated, but limit the damage to at most 16 indirect splits.
+        * enumerated, but limit the damage to at most 12 indirect splits.
         */
        iv->iv_attempts_max = 1;
 
@@ -1632,7 +1632,7 @@ vdev_indirect_splits_damage(indirect_vsd_t *iv, zio_t *zio)
                }
 
                iv->iv_attempts_max *= 2;
-               if (iv->iv_attempts_max > (1ULL << 16)) {
+               if (iv->iv_attempts_max >= (1ULL << 12)) {
                        iv->iv_attempts_max = UINT64_MAX;
                        break;
                }
@@ -1718,7 +1718,7 @@ vdev_indirect_reconstruct_io_done(zio_t *zio)
        /*
         * If nonzero, every 1/x blocks will be damaged, in order to validate
         * reconstruction when there are split segments with damaged copies.
-        * Known_good will TRUE when reconstruction is known to be possible.
+        * Known_good will be TRUE when reconstruction is known to be possible.
         */
        if (zfs_reconstruct_indirect_damage_fraction != 0 &&
            spa_get_random(zfs_reconstruct_indirect_damage_fraction) == 0)