From 8516a82ffb2bbe555d6fe560cf0ddc1e3253e867 Mon Sep 17 00:00:00 2001
From: Toomas Soome <tsoome@FreeBSD.org>
Date: Sat, 26 Oct 2019 10:33:21 +0000
Subject: [PATCH] MFC r353757: loader: zfs_fmtdev can crash when pool discovery
 did fail and we have no spa

When zfs probe did fail and no spa was created, but zfs_fmtdev() is called,
we will crash while dereferencing spa (NULL pointer dereference).
---
 stand/libsa/zfs/zfs.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/stand/libsa/zfs/zfs.c b/stand/libsa/zfs/zfs.c
index c4d3df4244d..6a8d523fb79 100644
--- a/stand/libsa/zfs/zfs.c
+++ b/stand/libsa/zfs/zfs.c
@@ -769,11 +769,16 @@ zfs_fmtdev(void *vdev)
 	if (dev->dd.d_dev->dv_type != DEVT_ZFS)
 		return (buf);
 
-	if (dev->pool_guid == 0) {
-		spa = STAILQ_FIRST(&zfs_pools);
+	/* Do we have any pools? */
+	spa = STAILQ_FIRST(&zfs_pools);
+	if (spa == NULL)
+		return (buf);
+
+	if (dev->pool_guid == 0)
 		dev->pool_guid = spa->spa_guid;
-	} else
+	else
 		spa = spa_find_by_guid(dev->pool_guid);
+
 	if (spa == NULL) {
 		printf("ZFS: can't find pool by guid\n");
 		return (buf);
-- 
2.45.0