On Wed, May 01, 2024 at 03:13:15PM GMT, Alexander Klimov wrote:
> Oh, I didn't init them first with bioctl.
Init and assemble/attach is the same command.
> And I neither even involved two devices.
> I, literally,
>
> - created one fresh RAID partition with disklabel -E
> - ran ./bioctl -c 1 -l vnd0a,OFFLINE softraid0
>
> Crashed SP and MP kernels, with HDD, USB stick and vndX.
> All on i386, tested on two different machines.
> (amd64 box is still at cvs -q, / is on USB stick.)
The trace in your picture:
panic: pool_put: NULL item
...
pool_put()
dma_free()
sd_get_parms()
Haven't looked at why or how, but it seems obvious this is your double-free:
sd_get_parms() {
...
buf = dma_alloc(sizeof(*buf), PR_NOWAIT);
if (buf == NULL)
goto validate;
...
validate:
if (buf) {
dma_free(buf, sizeof(*buf));
buf = NULL;
}
if (dp.disksize == 0)
goto die;
...
sc->params = dp;
return 0;
die:
dma_free(buf, sizeof(*buf));
return -1;
}
It should either return -1 early or die: must check for NULL.
Does this avoid the panic?
Index: sys/scsi/sd.c
===================================================================
RCS file: /cvs/src/sys/scsi/sd.c,v
diff -u -p -r1.335 sd.c
--- sys/scsi/sd.c 10 Nov 2023 17:43:39 -0000 1.335
+++ sys/scsi/sd.c 1 May 2024 22:32:42 -0000
@@ -1771,7 +1771,7 @@ validate:
}
if (dp.disksize == 0)
- goto die;
+ return -1;
/*
* Restrict secsize values to powers of two between 512 and 64k.
