From owner-freebsd-hackers@FreeBSD.ORG  Thu Jan 22 02:04:54 2015
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 2AAC42AB
 for <freebsd-hackers@freebsd.org>; Thu, 22 Jan 2015 02:04:54 +0000 (UTC)
Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com
 [IPv6:2a00:1450:4010:c04::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id CB864146
 for <freebsd-hackers@freebsd.org>; Thu, 22 Jan 2015 02:04:53 +0000 (UTC)
Received: by mail-lb0-f171.google.com with SMTP id u14so6001552lbd.2
 for <freebsd-hackers@freebsd.org>; Wed, 21 Jan 2015 18:04:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=6nyP3bPDElnUuE1szYTN+ZuREG43pdbaMH9yoApF+Ok=;
 b=wJnnsxmq3pE1BRHM5xUgX7cdjEf+Ht5yamEHiJAQeTudNg/ucmQtqYhNF4NprGEONG
 iuK5KTC5biYC/rt6sZLftc1C5LGTM3ClJ4TagFe1gmT3HiFA/hN5LB5ISqkqXa7Gf8p7
 D1vlfh635WOgKk1RG93JFpkEnX71rOkUcShbkI+fALzsT6EStMcVN/G3dt3S+vJAkVGT
 hry7/Sts1LlgKbdhA8hEgG0lNwRxd5VNCHrx5dnjf4kQfHtvEtbzGxSDwCAqpTbkteIH
 x+/z89JEb07YTjfK3K9ezzahZ1yhXsLJyZjkhaYkbPAwWe7PWnXIKrrhj7LiDOdxCHVk
 0kGw==
MIME-Version: 1.0
X-Received: by 10.112.160.33 with SMTP id xh1mr47869289lbb.60.1421892291591;
 Wed, 21 Jan 2015 18:04:51 -0800 (PST)
Received: by 10.114.78.131 with HTTP; Wed, 21 Jan 2015 18:04:51 -0800 (PST)
In-Reply-To: <20150120083212.GC42409@kib.kiev.ua>
References: <CAFMmRNxz252HMWWBmRf=Z69zh2_w9cD5e1AZGeizyagKezm2Hw@mail.gmail.com>
 <20150120083212.GC42409@kib.kiev.ua>
Date: Wed, 21 Jan 2015 21:04:51 -0500
Message-ID: <CAFMmRNz6Dof+95zyekUFEbmcqeFSqXr96Y7BUZpqJ9z0XoWVOA@mail.gmail.com>
Subject: Re: Sleeping thread held mutex in vm_pageout_oom()
From: Ryan Stone <rysto32@gmail.com>
To: Konstantin Belousov <kostikbel@gmail.com>
Content-Type: text/plain; charset=UTF-8
Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jan 2015 02:04:54 -0000

Thanks for the patch.  I tried it out this afternoon and got the
following panic:

panic: PHOLD of exiting process^M^M
cpuid = 9^M^M
curthread = pagedaemon/pagedaemon (8/100154)^M^M
cpu_ticks = 979566002403^M^M
KDB: stack backtrace:^M^M
db_trace_self_wrapper() at 0xffffffff801e672a = db_trace_self_wrapper+0x2a^M^M
panic() at 0xffffffff80480818 = panic+0x228^M^M
vm_pageout_oom() at 0xffffffff80669a9b = vm_pageout_oom+0x58b^M^M
vm_pageout() at 0xffffffff8066aa35 = vm_pageout+0x975^M^M
fork_exit() at 0xffffffff80454ada = fork_exit+0x12a^M^M
fork_trampoline() at 0xffffffff8067b37e = fork_trampoline+0xe^M^M


I believe that we need to check for P_WEXIT before considering p as a
candidate to be killed:

diff --git a/sys/vm/vm_pageout.c b/sys/vm/vm_pageout.c
index ca9d7f9..64d4277 100644
--- a/sys/vm/vm_pageout.c
+++ b/sys/vm/vm_pageout.c
@@ -1516,13 +1516,13 @@ vm_pageout_oom(int shortage)
        FOREACH_PROC_IN_SYSTEM(p) {
                int breakout;

-               if (PROC_TRYLOCK(p) == 0)
-                       continue;
+               PROC_LOCK(p);
                /*
                 * If this is a system, protected or killed process, skip it.
                 */
                if (p->p_state != PRS_NORMAL ||
-                   (p->p_flag & (P_INEXEC | P_PROTECTED | P_SYSTEM)) ||
+                   (p->p_flag &
+                     (P_INEXEC | P_PROTECTED | P_SYSTEM | P_WEXIT)) ||
                    (p->p_pid == 1) || P_KILLED(p) ||
                    ((p->p_pid < 48) && (swap_pager_avail != 0))) {
                        PROC_UNLOCK(p);
@@ -1557,11 +1557,14 @@ vm_pageout_oom(int shortage)
                        PROC_UNLOCK(p);
                        continue;
                }
+               _PHOLD(p);
                if (!vm_map_trylock_read(&vm->vm_map)) {
-                       vmspace_free(vm);
+                       _PRELE(p);
                        PROC_UNLOCK(p);
+                       vmspace_free(vm);
                        continue;
                }
+               PROC_UNLOCK(p);
                size = vmspace_swap_count(vm);
                vm_map_unlock_read(&vm->vm_map);
                if (shortage == VM_OOM_MEM)
@@ -1573,16 +1576,18 @@ vm_pageout_oom(int shortage)
                 */
                if (size > bigsize) {
                        if (bigproc != NULL)
-                               PROC_UNLOCK(bigproc);
+                               PRELE(bigproc);
                        bigproc = p;
                        bigsize = size;
                } else
-                       PROC_UNLOCK(p);
+                       PRELE(p);
        }
        sx_sunlock(&allproc_lock);
        if (bigproc != NULL) {
+               PROC_LOCK(bigproc);
                killproc(bigproc, "out of swap space");
                sched_nice(bigproc, PRIO_MIN);
+               _PRELE(bigproc);
                PROC_UNLOCK(bigproc);
                wakeup(&vm_cnt.v_free_count);
        }