From owner-freebsd-bugs@FreeBSD.ORG  Thu Nov 10 16:50:16 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 15D9316A420
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 10 Nov 2005 16:50:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C202843D45
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 10 Nov 2005 16:50:15 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jAAGoFHc058380
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 10 Nov 2005 16:50:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jAAGoFlZ058379;
	Thu, 10 Nov 2005 16:50:15 GMT (envelope-from gnats)
Date: Thu, 10 Nov 2005 16:50:15 GMT
Message-Id: <200511101650.jAAGoFlZ058379@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: John Baldwin <jhb@freebsd.org>
Cc: 
Subject: Re: kern/88725: /usr/sbin/ppp panic with 2005.10.21 netinet6 changes
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: John Baldwin <jhb@freebsd.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2005 16:50:16 -0000

The following reply was made to PR kern/88725; it has been noted by GNATS.

From: John Baldwin <jhb@freebsd.org>
To: freebsd-current@freebsd.org
Cc: SUZUKI Shinsuke <suz@freebsd.org>, snezhko@indorsoft.ru,
        max@love2party.net, bug-followup@freebsd.org
Subject: Re: kern/88725: /usr/sbin/ppp panic with 2005.10.21 netinet6 changes
Date: Thu, 10 Nov 2005 11:40:13 -0500

 On Thursday 10 November 2005 10:40 am, SUZUKI Shinsuke wrote:
 > >>>>> On Thu, 10 Nov 2005 16:54:34 +0600
 > >>>>> snezhko@indorsoft.ru(Victor Snezhko)  said:
 > >
 > > Mark Tinguely has found the offending timer.
 > > The following patch fixes the problem for me:
 >
 > Thanks.  sounds right for me.
 > So please commit it if when you've finished the test with fresh -current.
 
 As a general rule you should be using callout_drain() before freeing a callout 
 to handle the race condition where the callout is running on another CPU (so 
 callout_stop can't stop it) while you are freeing it.  Note that you can not 
 use callout_drain() if you are holding any locks, though.  In those cases you 
 will need to defer the callout_drain() and free() until you have dropped the 
 locks.  Here's one example fix:
 
 Index: nd6.c
 ===================================================================
 RCS file: /usr/cvs/src/sys/netinet6/nd6.c,v
 retrieving revision 1.62
 diff -u -r1.62 nd6.c
 --- nd6.c       22 Oct 2005 05:07:16 -0000      1.62
 +++ nd6.c       3 Nov 2005 19:56:42 -0000
 @@ -398,7 +398,7 @@
         if (tick < 0) {
                 ln->ln_expire = 0;
                 ln->ln_ntick = 0;
 -               callout_stop(&ln->ln_timer_ch);
 +               callout_drain(&ln->ln_timer_ch);
         } else {
                 ln->ln_expire = time_second + tick / hz;
                 if (tick > INT_MAX) {
  
 -- 
 John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
 "Power Users Use the Power to Serve"  =  http://www.FreeBSD.org