Ameer Hamza 36e4f18883 Fix taskq NULL pointer dereference on timer race ... Remove unsafe timer_pending() check in taskq_cancel_id() that created a race where: - Timer expires and timer_pending() returns FALSE - task_done() frees task with tqent_func = NULL - Timer callback executes and queues freed task - Worker thread crashes executing NULL function Always call timer_delete_sync() unconditionally to ensure timer callback completes before task is freed. Reliably reproducible by injecting mdelay(10) after setting CANCEL flag to widen the race window, combined with frequent task cancellations (e.g., snapshot automount expiry). Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ameer Hamza <ahamza@ixsystems.com> Closes #17942		2025-11-19 08:21:10 -08:00
..
freebsd	debug: move all of the debug bits out of the spl	2025-11-12 10:02:51 -08:00
linux	Fix taskq NULL pointer dereference on timer race	2025-11-19 08:21:10 -08:00