From nobody@FreeBSD.org  Thu Jan 10 13:46:37 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 010D516A420
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Jan 2008 13:46:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id BF45413C448
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Jan 2008 13:46:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m0ADjThO094210
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Jan 2008 13:45:29 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m0ADjTCt094209;
	Thu, 10 Jan 2008 13:45:29 GMT
	(envelope-from nobody)
Message-Id: <200801101345.m0ADjTCt094209@www.freebsd.org>
Date: Thu, 10 Jan 2008 13:45:29 GMT
From: Sebastien Petit <sebastien.petit@kewego.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Kqueue/Kevent causes fatal trap 12
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         119530
>Category:       kern
>Synopsis:       [kqueue] [patch] kqueue/kevent causes fatal trap 12
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    emaste
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 10 13:50:01 UTC 2008
>Closed-Date:    Mon Nov 24 14:16:41 UTC 2008
>Last-Modified:  Mon Nov 24 14:16:41 UTC 2008
>Originator:     Sebastien Petit
>Release:        FreeBSD-6.2-RELEASE, FreeBSD-6.2-STABLE, FreeBSD-6.3-PRERELEASE
>Organization:
Kewego
>Environment:
FreeBSD proxy0.XXXXXXXXXXXX 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #0: Thu Jan 10 00:13:27 CET 2008     root@build0.XXXXXXXXXXXX:/usr/src-6.2-STABLE/sys/i386/compile/PE2950-i386  i386
>Description:
There is probably a race condition with kqueue and expire of a
EVFILT_TIMER event set with EV_ONESHOT flag.
 
In some cases, the kernel crash with a supervisor read error on
callout_reset(), probably a race condition because the first argument
is NULL, and should not be (struct callout* is NULL)
 
Application that cause this bug create a lot of EVFILT_TIMER events
(about 300-400) with 300 seconds of timeout. when EVFILT_TIMER expire,
a new is created with 300 seconds of timeout.
 
This application cause the crash detailed below:
 
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x18
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc051b4bc
stack pointer           = 0x28:0xe6ea5c68
frame pointer           = 0x28:0xe6ea5c78
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 14 (swi4: clock)
[thread pid 14 tid 100002 ]
Stopped at      callout_reset+0xc4:     testb   $0x4,0x18(%esi)
db> where
Tracing pid 14 tid 100002 td 0xc8326c00
callout_reset(0,1,c04ed97c,c85cf4c8) at callout_reset+0xc4
filt_timerexpire(c85cf4c8) at filt_timerexpire+0xa8
softclock(0) at softclock+0x2eb
ithread_execute_handlers(c8325430,c8375b80) at ithread_execute_handlers+0x125
ithread_loop(c83068c0,e6ea5d38) at ithread_loop+0x55
fork_exit(c04f6cb8,c83068c0,e6ea5d38) at fork_exit+0x71
fork_trampoline() at fork_trampoline+0x8
--- trap 0x1, eip = 0, esp = 0xe6ea5d6c, ebp = 0 ---
db>
 
Ugly patch is attached (test of NULL pointers before calling callout_reset
and print a kernel error if a NULL is detected). It must work but a good
patch must be created to avoid that.
>How-To-Repeat:
Run an application that do a lot of EVFILT_TIMER with EV_ONESHOT flag
and read the same kqueue with multiple threads. libthr is used.
Seem to appear on SMP servers only

Kqueue/Kevent is not thread safe ?
>Fix:
Patch on /usr/src/sys/kern/kern_event.c (filt_timerexpire function) to
see what is happening and avoid the call of callout_reset with a NULL
struct callout* that cause the fatal trap.

static void
filt_timerexpire(void *knx)
{
        struct knote *kn = knx;
        struct callout *calloutp;

+        if (! knx) {
+               printf("knx is NULL. cannot expire the timer\n");
+               return;
+       }
        kn->kn_data++;
        KNOTE_ACTIVATE(kn, 0);  /* XXX - handle locking */

        if ((kn->kn_flags & EV_ONESHOT) != EV_ONESHOT) {
                calloutp = (struct callout *)kn->kn_hook;
+               if (calloutp)
+                       callout_reset(calloutp, timertoticks(kn->kn_sdata),
+                           filt_timerexpire, kn);
+               else
+                       printf("warning: calloutp is already freed, aborting\n");
        }
}

I don't know if this patch correct the problem completly, I have patched
my systems and see if the race condition happen again.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->jmg 
Responsible-Changed-By: kris 
Responsible-Changed-When: Thu Jan 10 20:47:10 UTC 2008 
Responsible-Changed-Why:  
Assign to maintainer for evaluation 

http://www.freebsd.org/cgi/query-pr.cgi?pr=119530 

From: Sebastien Petit <sebastien.petit@kewego.com>
To: bug-followup@FreeBSD.org,  sebastien.petit@kewego.com
Cc: Network Operation Center <noc@kewego.com>
Subject: Re: kern/119530: [kqueue] [patch] kqueue/kevent causes fatal trap
 12
Date: Fri, 11 Jan 2008 11:23:10 +0100

 Hi,
 
 Just a follow up on this problem:
 I've patch some of my servers (with the patch attached to PR) and this 
 morning, the race condition appears:
 
 [spe@proxy2 ~]$ dmesg
 Copyright (c) 1992-2007 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
         The Regents of the University of California. All rights reserved.
 FreeBSD is a registered trademark of The FreeBSD Foundation.
 FreeBSD 6.3-PRERELEASE #1: Thu Jan 10 12:54:22 CET 2008
     root@build0.XXXXXXXXX:/usr/src/sys/i386/compile/PE2950-i386
 Timecounter "i8254" frequency 1193182 Hz quality 0
 CPU: Intel(R) Xeon(R) CPU            5130  @ 2.00GHz (1997.02-MHz 
 686-class CPU)
   Origin = "GenuineIntel"  Id = 0x6f6  Stepping = 6
   
 Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
   Features2=0x4e33d<SSE3,RSVD2,MON,DS_CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA>
   AMD Features=0x20100000<NX,LM>
   AMD Features2=0x1<LAHF>
   Cores per package: 2
 real memory  = 3489300480 (3327 MB)
 avail memory = 3414556672 (3256 MB)
 ACPI APIC Table: <DELL   PE_SC3  >
 FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
  cpu0 (BSP): APIC ID:  0
  cpu1 (AP): APIC ID:  1
  cpu2 (AP): APIC ID:  6
  cpu3 (AP): APIC ID:  7
 ioapic0: Changing APIC ID to 8
 ioapic1: Changing APIC ID to 9
 ioapic0 <Version 2.0> irqs 0-23 on motherboard
 ioapic1 <Version 2.0> irqs 64-87 on motherboard
 kbd1 at kbdmux0
 acpi0: <DELL PE_SC3> on motherboard
 acpi0: Power Button (fixed)
 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
 acpi_hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on 
 acpi0
 Timecounter "HPET" frequency 14318180 Hz quality 900
 cpu0: <ACPI CPU> on acpi0
 cpu1: <ACPI CPU> on acpi0
 cpu2: <ACPI CPU> on acpi0
 cpu3: <ACPI CPU> on acpi0
 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
 pci0: <ACPI PCI bus> on pcib0
 pcib1: <ACPI PCI-PCI bridge> at device 2.0 on pci0
 pci6: <ACPI PCI bus> on pcib1
 pcib2: <ACPI PCI-PCI bridge> at device 0.0 on pci6
 pci7: <ACPI PCI bus> on pcib2
 pcib3: <ACPI PCI-PCI bridge> at device 0.0 on pci7
 pci8: <ACPI PCI bus> on pcib3
 pcib4: <PCI-PCI bridge> at device 0.0 on pci8
 pci9: <PCI bus> on pcib4
 bce0: <Broadcom NetXtreme II BCM5708 1000Base-T (B2)> mem 
 0xf4000000-0xf5ffffff irq 16 at device 0.0 on pci9
 miibus0: <MII bus> on bce0
 brgphy0: <BCM5708C 10/100/1000baseTX PHY> on miibus0
 brgphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 
 1000baseT-FDX, auto
 bce0: Ethernet address: 00:18:8b:87:be:59
 bce0: ASIC (0x57081020); Rev (B2); Bus (PCI-X, 64-bit, 133MHz); F/W 
 (0x02090105); Flags( MFW )
 pcib5: <ACPI PCI-PCI bridge> at device 1.0 on pci7
 pci10: <ACPI PCI bus> on pcib5
 pcib6: <PCI-PCI bridge> at device 0.3 on pci6
 pci11: <PCI bus> on pcib6
 pcib7: <ACPI PCI-PCI bridge> at device 3.0 on pci0
 pci1: <ACPI PCI bus> on pcib7
 pcib8: <ACPI PCI-PCI bridge> at device 0.0 on pci1
 pci2: <ACPI PCI bus> on pcib8
 mfi0: <Dell PERC 5/i> mem 0xd80f0000-0xd80fffff,0xfc4e0000-0xfc4fffff 
 irq 78 at device 14.0 on pci2
 mfi0: Megaraid SAS driver Ver 2.00
 mfi0: 5087 (253310051s/0x0020/0) - Shutdown command received from host
 mfi0: 5088 (4278190080s/0x0020/0) - PCI 0x041028 0x0415 0x041028 
 0x041f03: Firmware initialization started (PCI ID 0015/1028/1f03/1028)
 mfi0: 5089 (4278190080s/0x0020/0) - Type 18: Firmware version 1.00.02-0157
 mfi0: 5090 (4278190100s/0x0008/0) - Battery Present
 mfi0: 5091 (4278190128s/0x0004/0) - PD 08(e1/s255) event: Enclosure 
 (SES) discovered on PD 08(e1/s255)
 mfi0: 5092 (4278190128s/0x0002/0) - PD 08(e1/s255) event: Inserted: PD 
 08(e1/s255)
 mfi0: 5093 (4278190128s/0x0002/0) - Type 29: Inserted: PD 08(e1/s255) 
 Info: enclPd=08, scsiType=d, portMap=00, 
 sasAddr=500180b04c8e2500,0000000000000000
 mfi0: 5094 (4278190128s/0x0002/0) - PD 00(e0/s0) event: Inserted: PD 
 00(e0/s0)
 mfi0: 5095 (4278190128s/0x0002/0) - Type 29: Inserted: PD 00(e0/s0) 
 Info: enclPd=ffff, scsiType=0, portMap=01, 
 sasAddr=5000c50001652599,0000000000000000
 mfi0: 5096 (4278190128s/0x0002/0) - PD 01(e1/s1) event: Inserted: PD 
 01(e1/s1)
 mfi0: 5097 (4278190128s/0x0002/0) - Type 29: Inserted: PD 01(e1/s1) 
 Info: enclPd=08, scsiType=0, portMap=02, 
 sasAddr=5000c50001652509,0000000000000000
 mfi0: 5098 (4278190128s/0x0002/0) - PD 02(e1/s2) event: Inserted: PD 
 02(e1/s2)
 mfi0: 5099 (4278190128s/0x0002/0) - Type 29: Inserted: PD 02(e1/s2) 
 Info: enclPd=08, scsiType=0, portMap=04, 
 sasAddr=5000c500016521f9,0000000000000000
 mfi0: 5100 (4278190128s/0x0002/0) - PD 03(e1/s3) event: Inserted: PD 
 03(e1/s3)
 mfi0: 5101 (4278190128s/0x0002/0) - Type 29: Inserted: PD 03(e1/s3) 
 Info: enclPd=08, scsiType=0, portMap=08, 
 sasAddr=5000c50001652495,0000000000000000
 mfi0: 5102 (4278190128s/0x0002/0) - PD 04(e1/s4) event: Inserted: PD 
 04(e1/s4)
 mfi0: 5103 (4278190128s/0x0002/0) - Type 29: Inserted: PD 04(e1/s4) 
 Info: enclPd=08, scsiType=0, portMap=10, 
 sasAddr=5000c50001651915,0000000000000000
 mfi0: 5104 (4278190128s/0x0002/0) - PD 05(e1/s5) event: Inserted: PD 
 05(e1/s5)
 mfi0: 5105 (4278190128s/0x0002/0) - Type 29: Inserted: PD 05(e1/s5) 
 Info: enclPd=08, scsiType=0, portMap=20, 
 sasAddr=5000c50001652afd,0000000000000000
 mfi0: 5106 (253311286s/0x0020/0) - Adapter ticks 253311286 elapsed 49s: 
 Time established as 01/10/08 20:14:46; (49 seconds since power on)
 pcib9: <PCI-PCI bridge> at device 0.2 on pci1
 pci3: <PCI bus> on pcib9
 pcib10: <ACPI PCI-PCI bridge> at device 4.0 on pci0
 pci12: <ACPI PCI bus> on pcib10
 pcib11: <PCI-PCI bridge> at device 5.0 on pci0
 pci13: <PCI bus> on pcib11
 pcib12: <ACPI PCI-PCI bridge> at device 6.0 on pci0
 pci14: <ACPI PCI bus> on pcib12
 pcib13: <PCI-PCI bridge> at device 7.0 on pci0
 pci15: <PCI bus> on pcib13
 pcib14: <ACPI PCI-PCI bridge> at device 28.0 on pci0
 pci4: <ACPI PCI bus> on pcib14
 pcib15: <PCI-PCI bridge> at device 0.0 on pci4
 pci5: <PCI bus> on pcib15
 bce1: <Broadcom NetXtreme II BCM5708 1000Base-T (B2)> mem 
 0xf8000000-0xf9ffffff irq 16 at device 0.0 on pci5
 miibus1: <MII bus> on bce1
 brgphy1: <BCM5708C 10/100/1000baseTX PHY> on miibus1
 brgphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 
 1000baseT-FDX, auto
 bce1: Ethernet address: 00:18:8b:87:be:57
 bce1: ASIC (0x57081020); Rev (B2); Bus (PCI-X, 64-bit, 133MHz); F/W 
 (0x02090105); Flags( MFW )
 uhci0: <UHCI (generic) USB controller> port 0xdce0-0xdcff irq 21 at 
 device 29.0 on pci0
 uhci0: [GIANT-LOCKED]
 usb0: <UHCI (generic) USB controller> on uhci0
 usb0: USB revision 1.0
 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 uhci1: <UHCI (generic) USB controller> port 0xdcc0-0xdcdf irq 20 at 
 device 29.1 on pci0
 uhci1: [GIANT-LOCKED]
 usb1: <UHCI (generic) USB controller> on uhci1
 usb1: USB revision 1.0
 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub1: 2 ports with 2 removable, self powered
 uhci2: <UHCI (generic) USB controller> port 0xdca0-0xdcbf irq 21 at 
 device 29.2 on pci0
 uhci2: [GIANT-LOCKED]
 usb2: <UHCI (generic) USB controller> on uhci2
 usb2: USB revision 1.0
 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub2: 2 ports with 2 removable, self powered
 ehci0: <EHCI (generic) USB 2.0 controller> mem 0xfc600400-0xfc6007ff irq 
 21 at device 29.7 on pci0
 ehci0: [GIANT-LOCKED]
 usb3: EHCI version 1.0
 usb3: companion controllers, 2 ports each: usb0 usb1 usb2
 usb3: <EHCI (generic) USB 2.0 controller> on ehci0
 usb3: USB revision 2.0
 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
 uhub3: 6 ports with 6 removable, self powered
 uhub4: vendor 0x413c product 0xa001, class 9/0, rev 2.00/0.00, addr 2
 uhub4: multiple transaction translators
 uhub4: 2 ports with 2 removable, self powered
 ukbd0: Dell DRAC5, rev 1.10/0.00, addr 3, iclass 3/1
 kbd2 at ukbd0
 ums0: Dell DRAC5, rev 1.10/0.00, addr 3, iclass 3/1
 ums0: X report 0x0002 not supported
 device_attach: ums0 attach returned 6
 umass0: DELL  INC. DRAC5 VIRTUAL  MEDIA, rev 2.00/0.00, addr 4
 umass1: DELL  INC. DRAC5 VIRTUAL  MEDIA, rev 2.00/0.00, addr 4
 uhub5: vendor 0x04b4 product 0x6560, class 9/0, rev 2.00/0.0b, addr 5
 uhub5: multiple transaction translators
 uhub5: 4 ports with 4 removable, self powered
 pcib16: <ACPI PCI-PCI bridge> at device 30.0 on pci0
 pci16: <ACPI PCI bus> on pcib16
 pci16: <display, VGA> at device 13.0 (no driver attached)
 isab0: <PCI-ISA bridge> at device 31.0 on pci0
 isa0: <ISA bus> on isab0
 atapci0: <Intel 63XXESB2 UDMA100 controller> port 
 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfc00-0xfc0f at device 31.1 on pci0
 ata0: <ATA channel 0> on atapci0
 ata1: <ATA channel 1> on atapci0
 fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
 fdc0: does not respond
 device_attach: fdc0 attach returned 6
 fdc0: <floppy drive controller> port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
 fdc0: does not respond
 device_attach: fdc0 attach returned 6
 orm0: <ISA Option ROMs> at iomem 
 0xc0000-0xc8fff,0xc9000-0xc9fff,0xca000-0xcb7ff,0xec000-0xeffff on isa0
 atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
 atkbd0: <AT Keyboard> irq 1 on atkbdc0
 kbd0 at atkbd0
 atkbd0: [GIANT-LOCKED]
 sc0: <System console> at flags 0x100 on isa0
 sc0: VGA <16 virtual consoles, flags=0x300>
 vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
 Timecounters tick every 1.000 msec
 acd0: CDROM <HL-DT-ST GCR-8240N/1.10> at ata0-master UDMA33
 mfi0: 5107 (253311342s/0x0008/0) - Battery temperature is normal
 mfi0: 5108 (253311342s/0x0008/0) - Current capacity of the battery is 
 above threshold
 mfid0: <MFI Logical Disk> on mfi0
 mfid0: 1427840MB (2924216320 sectors) RAID volume '' is optimal
 SMP: AP CPU #1 Launched!
 SMP: AP CPU #2 Launched!
 SMP: AP CPU #3 Launched!
 da0 at umass-sim1 bus 1 target 0 lun 0
 da0: <Dell Virtual  Floppy 123> Removable Direct Access SCSI-0 device
 da0: 40.000MB/s transfers
 da0: Attempt to query device size failed: NOT READY, Medium not present
 cd0 at umass-sim0 bus 0 target 0 lun 0
 cd0: <Dell Virtual  CDROM 123> Removable CD-ROM SCSI-0 device
 cd0: 40.000MB/s transfers
 cd0: Attempt to query device size failed: NOT READY, Medium not present
 Trying to mount root from ufs:/dev/mfid0s1a
 bce0: link state changed to UP
 warning: calloutp is already freed, aborting
 
 No kernel crash with the patch, because we don't transmit the NULL 
 struct calloutp * to callout_reset and just return.
 Can you please check that and confirm my observations ?
 
 Thank you,
 Regards,
 Sebastien Petit
 -- 
 sebastien.petit@kewego.com

From: Sebastien Petit <sebastien.petit@kewego.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/119530: [kqueue] [patch] kqueue/kevent causes fatal trap
 12
Date: Sun, 13 Jan 2008 23:47:23 +0100

 I've patch all my server with this patch and I'm having some warnings 
 because struct callout_p* is == NULL:
 
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 warning: calloutp is already freed, aborting
 
 I've voluntary not patched one server to see if it crash with the last 
 kern (6-STABLE)
 After one day, this server has crashed with the trace reported on this 
 PR, all other servers don't crash and just report sometimes the warning 
 that I've added on filt_timerexpire.
 My patch can skip the crash, but there is definitly something wrong on 
 filt_timerexpire function call.
 
 I hope that a core team expert can resolve this issue correctly because 
 this bug can impact other FreeBSD-6-STABLE users.
 
 Sebastien Petit
 
State-Changed-From-To: open->feedback 
State-Changed-By: emaste 
State-Changed-When: Tue Aug 12 14:00:54 UTC 2008 
State-Changed-Why:  
Asked submitter to see if the problem still happens after MFC of jhb's 
callout_drain fixes. 


Responsible-Changed-From-To: jmg->emaste 
Responsible-Changed-By: emaste 
Responsible-Changed-When: Tue Aug 12 14:00:54 UTC 2008 
Responsible-Changed-Why:  
Submitter has been asked for feedback - assign to me for tracking. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=119530 

From: Ed Maste <emaste@freebsd.org>
To: bug-followup@FreeBSD.org, sebastien.petit@kewego.com
Cc:  
Subject: Re: kern/119530: [kqueue] [patch] kqueue/kevent causes fatal trap 12
Date: Tue, 12 Aug 2008 09:59:15 -0400

 John Baldwin improved and simplified the callout_drain logic in
 kern_timeout.c and I've since MFC'd it[1] to 6.  Could you try updating
 your 6-STABLE kernel and see if the problem still happens for you?
 
 [1] http://svn.freebsd.org/viewvc/base?view=revision&revision=181012
 
 -Ed
State-Changed-From-To: feedback->closed 
State-Changed-By: emaste 
State-Changed-When: Mon Nov 24 14:16:17 UTC 2008 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=119530 
>Unformatted:
