On Thursday 10 November 2005 10:40 am, SUZUKI Shinsuke wrote: > >>>>> On Thu, 10 Nov 2005 16:54:34 +0600 > >>>>> snezhko_at_indorsoft.ru(Victor Snezhko) said: > > > > Mark Tinguely has found the offending timer. > > The following patch fixes the problem for me: > > Thanks. sounds right for me. > So please commit it if when you've finished the test with fresh -current. As a general rule you should be using callout_drain() before freeing a callout to handle the race condition where the callout is running on another CPU (so callout_stop can't stop it) while you are freeing it. Note that you can not use callout_drain() if you are holding any locks, though. In those cases you will need to defer the callout_drain() and free() until you have dropped the locks. Here's one example fix: Index: nd6.c =================================================================== RCS file: /usr/cvs/src/sys/netinet6/nd6.c,v retrieving revision 1.62 diff -u -r1.62 nd6.c --- nd6.c 22 Oct 2005 05:07:16 -0000 1.62 +++ nd6.c 3 Nov 2005 19:56:42 -0000 _at__at_ -398,7 +398,7 _at__at_ if (tick < 0) { ln->ln_expire = 0; ln->ln_ntick = 0; - callout_stop(&ln->ln_timer_ch); + callout_drain(&ln->ln_timer_ch); } else { ln->ln_expire = time_second + tick / hz; if (tick > INT_MAX) { -- John Baldwin <jhb_at_FreeBSD.org> <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve" = http://www.FreeBSD.orgReceived on Thu Nov 10 2005 - 15:42:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:47 UTC