From owner-freebsd-net Mon Jan 29 8:43:34 2001 Delivered-To: freebsd-net@freebsd.org Received: from mailhub.fokus.gmd.de (mailhub.fokus.gmd.de [193.174.154.14]) by hub.freebsd.org (Postfix) with ESMTP id 97D2B37B69C; Mon, 29 Jan 2001 08:43:12 -0800 (PST) Received: from beagle (beagle [193.175.132.100]) by mailhub.fokus.gmd.de (8.8.8/8.8.8) with ESMTP id RAA24916; Mon, 29 Jan 2001 17:43:11 +0100 (MET) Date: Mon, 29 Jan 2001 17:43:11 +0100 (CET) From: Harti Brandt To: julian@freebsd.org Cc: freebsd-net@freebsd.org Subject: netgraph: problem in ng_base Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, it seems like there is a problem with node reference counts. I have a test program, that instantiates a chain of nodes like this: ng_atm -----------> ng_sscop --------------> ng_sscf ---------> ng_socket | ^ +--------------------------------------+ the ng_sscf and ng_sscop node's disconnect procedures call ng_rmnode_self() in the case that the hook count drops to zero and the node is still valid. The shutdown methods free private memory and call NG_NODE_UNREF. When destroying the above graph I first send a shutdown to the ng_sscf node and then to the ng_sscop node. The sscf node disappears as expected leaving the sscop node with two hooks. The shutdown of that node first disconnects those two hooks and then calls the shutdown method of ng_sscop. Everything is fine, except that I find the following lines in /var/log/messages: Jan 29 17:26:21 beagle /boot/kernel/kernel: disconnect 0xc2c54980 from 0xc2c94d00 (invalid) refs=3 flags=9 Jan 29 17:26:21 beagle /boot/kernel/kernel: ng_sscop_shutdown: 0xc2c94d00 refs=2 flags=9 Jan 29 17:26:21 beagle /boot/kernel/kernel: Accessing freed node node: ID [7]: type 'sscop', 0 hooks, flags 0x9, 0 refs, : Jan 29 17:26:21 beagle /boot/kernel/kernel: Last active @ /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c, line 735 Jan 29 17:26:21 beagle /boot/kernel/kernel: problem discovered at file /usr/src/sys/modules/netgraph/netgraph/../../../netgraph/ng_base.c, line 2436 The first two lines come from the sscop node, the other from ng_base. I have put a couple of printf()s into ng_base to understand what happens but could not find the problem. I have the feeling, that the reference count when entering ng_sscop_shutdown should be rather 3 than 2: one held by the item from which the shutdown is executed and which is UNREFed in line 2436. One extra reference from the ng_rmnode function and the reference, that is UNREFed in the ng_sscop_shutdown method. But I may be wrong. So what is the problem? harti -- harti brandt, http://www.fokus.gmd.de/research/cc/cats/employees/hartmut.brandt/private brandt@fokus.gmd.de, harti@begemot.org, lhbrandt@mail.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message