illumos gate

The following panic is seen anytime smartctl is issued against a SATA disk in virtual box.

$c
sata_txlt_ata_pass_thru+0x42c(ffffff00dc205668)
sata_scsi_start+0x377(ffffff00dc2055c8, ffffff00dc2055c0)
scsi_transport+0xb5(ffffff00dc2055c0)
sd_start_cmds+0x2e8(ffffff00c53d9680, 0)
sd_core_iostart+0x186(18, ffffff00c53d9680, ffffff00c6d3da00)
sd_uscsi_strategy+0x15a(ffffff00c6d3da00)
default_physio+0x3cb(fffffffff7abb7c0, ffffff00c6d3da00, 12500000000, 40, fffffffff79226f0,ffffff000210da00)
physio+0x25(fffffffff7abb7c0, ffffff00c6d3da00, 12500000000, 40, fffffffff79226f0,ffffff000210da00)
scsi_uscsi_handle_cmd+0x21d(12500000000, 0, ffffff00dc29f248, fffffffff7abb7c0, 0,ffffff00dc7e3790)
sd_ssc_send+0x1fd(ffffff00dbfd8500, 80449e8, 100083, 0, 0)
sdioctl+0xfff(12500000000, 4c9, 80449e8, 100083, ffffff00d7c3b510, ffffff000210dd54)
cdev_ioctl+0x45(12500000000, 4c9, 80449e8, 100083, ffffff00d7c3b510, ffffff000210dd54)
spec_ioctl+0x5a(ffffff00d7c2ce40, 4c9, 80449e8, 100083, ffffff00d7c3b510, ffffff000210dd54)
fop_ioctl+0x7b(ffffff00d7c2ce40, 4c9, 80449e8, 100083, ffffff00d7c3b510, ffffff000210dd54)
ioctl+0x18e(4, 4c9, 80449e8)
dtrace_systrace_syscall32+0x11a(4, 4c9, 80449e8, 1c3, 1, 0)
_sys_sysenter_post_swapgs+0x149()

The problem is that for devices that don't support certain commands, a reset can be issued, and this can cause the SATA packet to be freed during the call to sata_hba_start(), or rather concurrently with, and beat the caller. This race condition winds up in a panic as the caller attempts to dereference the packet in order to get the controller's mutex.