FreeBSD-EN-20:22.callout : Race Condition in Callout CPU Migration
Versions Affected : All versions prior to TrueNAS 12.0-U1
Description
The bug may result in kernel panics under some workloads, typically in the softclock threads.
Callouts may be bound to a specific CPU, in which case that CPU is responsible for raising the timer interrupt which schedules execution of the callout. A kernel thread may attempt to stop a callout while it is actively executing, in which case the thread goes to sleep until execution has completed. In the meantime the callout may be re-scheduled and re-executed on a different CPU. In this scenario, when the sleeping thread finally completes removal of the callout from some internal data structures, it may modify the wrong CPU’s data structures and thus leave them in an invalid state.
Workaround
No workaround is available.
Mitigation
- Upgrade to TrueNAS 12.0-U1 or later.