panic: mutex Giant not owned at /usr/src/sys/kern/tty_ttydisc.c:1127

Hans Petter Selasky hselasky at c2i.net
Sat Jan 24 02:18:28 PST 2009


Hi Maksim,

On Saturday 24 January 2009, Maksim Yevmenkin wrote:
> >> > I have a question. What is the following doing at the middle of the
> >> > ubt_detach():
> >> >
> >> >        if (node != NULL)
> >> >                NG_NODE_UNREF(node);
> >> >
> >> > If you say that:
> >> >
> >> >                ng_rmnode_self(node);
> >> >
> >> > Cleans up the last reference?
> >>
> >> the complete code is
> >>
> >> node_p  node = sc->sc_node;
> >>
> >> if (node != NULL) {
> >>    sc->sc_node = NULL;  <-- clear sc_node
> >>
> >>    NG_NODE_SET_PRIVATE(node, NULL);
> >>    NG_NODE_REALLY_DIE(node);
> >>
> >>    NG_NODE_REF(node); <--- grab +1 reference
> >>    ng_rmnode_self(node); <--- mark node as "dead", but not ensure its
> >> not free()d
> >> }
> >>
> >> /* bla, bla */
> >>
> >> if (node != NULL)
> >>    NG_NODE_UNREF(node); <--- drop 1 reference and possibly free() node
> >
> > Yes, but you are already dropping an extra reference in ubt_shutdown().
> > What about that?
>
> shutdown method is called as part of ng_rmnode_self() and drop the
> reference that node was born with. the extra reference before
> ng_rmnode_self() is to ensure that node pointer is still valid after
> ng_rmnode_self() returns. otherwise there is a change that node
> pointer becomes invalid while after ng_rmnode_self() calls shutdown
> method.

I've now explicitly tested this and found that if I drop the node reference in 
shutdown I end up with a zero node reference in detach! So the 
NG_NODE_UNREF() should not be in the ubt_shutdown !!!

This is maybe the reason why Lars was getting a panic!

http://perforce.freebsd.org/chv.cgi?CH=156600

--HPS


More information about the freebsd-current mailing list