Hi,
在 2024/10/08 9:49, Yu Kuai 写道:
Hi,
在 2024/10/05 10:55, ValdikSS 写道:
On 05.10.2024 04:35, ValdikSS wrote:
Fedora 39 with 6.10.11-100.fc39 kernel dereferences NULL in
raid10_size and locks up with 3-drive raid10 configuration upon its
degradation and reattachment.
How to reproduce:
1. Get 3 USB flash drives
2. mdadm --create -b internal -l 10 -n 3 -z 1G /dev/md0 /dev/sda
/dev/sdb /dev/sdc
3. Unplug 2 USB drives
4. Plug one of the drive again
Happens every time, every USB flash reattachment.
Reproduced on 6.11.2-250.vanilla.fc39.x86_64
Can you use addr2line or gdb to see which codeline is this?
RIP: 0010:raid10_size+0x15/0x70 [raid10]
From code review, looks like this can only happen if raid10_run() return
0 while mddev->private(the raid10 conf) is still NULL. Can you also give
the following patch a test?
Thanks,
Kuai
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index f3bf1116794a..b7f2530ae257 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -4061,9 +4061,13 @@ static int raid10_run(struct mddev *mddev)
}
if (!mddev_is_dm(conf->mddev)) {
- ret = raid10_set_queue_limits(mddev);
- if (ret)
+ /* don't overwrite ret on success */
+ int err = raid10_set_queue_limits(mddev);
+
+ if (err) {
+ ret = err;
goto out_free_conf;
+ }
}
/* need to check that every block has at least one working
mirror */
Thanks,
Kuai
.
