From owner-freebsd-current@FreeBSD.ORG Sat Jan 24 10:18:27 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 886831065686; Sat, 24 Jan 2009 10:18:27 +0000 (UTC) (envelope-from hselasky@c2i.net) Received: from swip.net (mailfe06.swip.net [212.247.154.161]) by mx1.freebsd.org (Postfix) with ESMTP id B41E98FC13; Sat, 24 Jan 2009 10:18:26 +0000 (UTC) (envelope-from hselasky@c2i.net) X-Cloudmark-Score: 0.000000 [] X-Cloudmark-Analysis: v=1.0 c=1 a=nTib0wbUE7AA:10 a=J2nnhgZB8JEA:10 a=6I5d2MoRAAAA:8 a=mdiO7SZdCJiK1SL9sm0A:9 a=kvW1Cs6bN2n2dYFjjsYA:7 a=dr3kDhPgbP65kStAx--lJPdw-NAA:4 a=50e4U0PicR4A:10 Received: from [85.19.218.115] (account mc467741@c2i.net HELO [10.37.1.92]) by mailfe06.swip.net (CommuniGate Pro SMTP 5.2.6) with ESMTPA id 1185899451; Sat, 24 Jan 2009 11:18:25 +0100 From: Hans Petter Selasky To: freebsd-current@freebsd.org Date: Sat, 24 Jan 2009 11:20:43 +0100 User-Agent: KMail/1.9.7 References: <20090123154336.GJ60948@e.0x20.net> <200901240952.21670.hselasky@c2i.net> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901241120.46889.hselasky@c2i.net> Cc: Alfred Perlstein , current@freebsd.org, Maksim Yevmenkin Subject: Re: panic: mutex Giant not owned at /usr/src/sys/kern/tty_ttydisc.c:1127 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Jan 2009 10:18:28 -0000 Hi Maksim, On Saturday 24 January 2009, Maksim Yevmenkin wrote: > >> > I have a question. What is the following doing at the middle of the > >> > ubt_detach(): > >> > > >> > if (node != NULL) > >> > NG_NODE_UNREF(node); > >> > > >> > If you say that: > >> > > >> > ng_rmnode_self(node); > >> > > >> > Cleans up the last reference? > >> > >> the complete code is > >> > >> node_p node = sc->sc_node; > >> > >> if (node != NULL) { > >> sc->sc_node = NULL; <-- clear sc_node > >> > >> NG_NODE_SET_PRIVATE(node, NULL); > >> NG_NODE_REALLY_DIE(node); > >> > >> NG_NODE_REF(node); <--- grab +1 reference > >> ng_rmnode_self(node); <--- mark node as "dead", but not ensure its > >> not free()d > >> } > >> > >> /* bla, bla */ > >> > >> if (node != NULL) > >> NG_NODE_UNREF(node); <--- drop 1 reference and possibly free() node > > > > Yes, but you are already dropping an extra reference in ubt_shutdown(). > > What about that? > > shutdown method is called as part of ng_rmnode_self() and drop the > reference that node was born with. the extra reference before > ng_rmnode_self() is to ensure that node pointer is still valid after > ng_rmnode_self() returns. otherwise there is a change that node > pointer becomes invalid while after ng_rmnode_self() calls shutdown > method. I've now explicitly tested this and found that if I drop the node reference in shutdown I end up with a zero node reference in detach! So the NG_NODE_UNREF() should not be in the ubt_shutdown !!! This is maybe the reason why Lars was getting a panic! http://perforce.freebsd.org/chv.cgi?CH=156600 --HPS