From owner-freebsd-stable@FreeBSD.ORG Tue May 22 16:04:20 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0847A1065674 for ; Tue, 22 May 2012 16:04:20 +0000 (UTC) (envelope-from etnapierala@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 87F898FC17 for ; Tue, 22 May 2012 16:04:19 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so6359029wgb.31 for ; Tue, 22 May 2012 09:04:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=FTpZ2yWPTFZtkSTI46SnQoBuQvC/fBONCZyON/cIhxk=; b=iDHnoY/K+XTxWf7jFh0hnXb12PKk4wTviqXJkJipXSmd53pkZUtfqW7D+XYdipnQ27 CUwmOGXj+YelZ68NFYGXvyQN+euplJEt8E44sSnbNefgCZn1DttuUNAWfqlvUusApUFY mNTvrPu5kqgO97RHK5sGo1wjiTl5KMkuj43EGbD3GXtTgcKWV+rKQcOOckF9yMSM4HiF ujpGTB9qTx88rS478/tpInK02atLhu91tLkLGwe8EIDHws8K5CC0xejeNRbWUpuDwqsy XiZNGr2hQpUmZRx9mzDaDII2eX2B2p0rtDoyu3rW3oGnhsCtKDzZc7BmZw4sr6vBfYGD Moeg== Received: by 10.180.78.233 with SMTP id e9mr36526214wix.5.1337702658469; Tue, 22 May 2012 09:04:18 -0700 (PDT) Received: from [192.168.1.104] (45.81.datacomsa.pl. [195.34.81.45]) by mx.google.com with ESMTPS id f19sm53083926wiw.11.2012.05.22.09.04.15 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 22 May 2012 09:04:16 -0700 (PDT) Sender: =?UTF-8?Q?Edward_Tomasz_Napiera=C5=82a?= Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=iso-8859-2 From: =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= In-Reply-To: <4FB8F055.9080700@zonov.org> Date: Tue, 22 May 2012 18:04:13 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <09BCC731-0060-400D-8A25-4FB5268FA00D@freebsd.org> References: <4FAFEEEF.3040706@zonov.org> <20120513202920.GA18238@dft-labs.eu> <4FB177EE.7030808@zonov.org> <4FB8F055.9080700@zonov.org> To: Andrey Zonov X-Mailer: Apple Mail (2.1278) Cc: Mateusz Guzik , freebsd-stable Subject: Re: panic with overcommit and RACCT X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 16:04:20 -0000 Wiadomo=B6=E6 napisana przez Andrey Zonov w dniu 20 maj 2012, o godz. = 15:23: > On 5/15/12 1:23 AM, Andrey Zonov wrote: >> On 5/14/12 12:29 AM, Mateusz Guzik wrote: >>> On Sun, May 13, 2012 at 09:27:11PM +0400, Andrey Zonov wrote: >>>> Hi, >>>>=20 >>>> I've got a repeatable panic on latest 9.0-STABLE and HEAD with >>>> turned on overcommit (vm.overcommit=3D1) and RACCT. >>>>=20 >>>> kgdb trace on today's HEAD: >>>>=20 >>>> #10 0xffffffff80bc3513 in calltrap () >>>> at /usr/src/sys/amd64/amd64/exception.S:228 >>>> #11 0xffffffff808aab71 in racct_set_locked (p=3D0xfffffe0005d684a0, >>>> resource=3D0, >>>> amount=3D2680) at /usr/src/sys/kern/kern_racct.c:372 >>>> #12 0xffffffff808ab645 in racct_proc_exit (p=3D0xfffffe0005d684a0) >>>> at /usr/src/sys/kern/kern_racct.c:615 >>>> #13 0xffffffff80880d69 in fork1 (td=3D0xfffffe0005b2c460, flags=3D20,= >>>> pages=3D4, >>>> procp=3D0xffffff811a36bb00, procdescp=3DVariable "procdescp" is not >>>> available. >>>> ) at /usr/src/sys/kern/kern_fork.c:943 >>>> #14 0xffffffff80882362 in sys_fork (td=3D0xfffffe0005b2c460, >>>> uap=3DVariable "uap" is not available. >>>> ) >>>> at /usr/src/sys/kern/kern_fork.c:110 >>>> #15 0xffffffff80bd7a89 in amd64_syscall (td=3D0xfffffe0005b2c460, >>>> traced=3D0) >>>> at subr_syscall.c:135 >>>> #16 0xffffffff80bc37f7 in Xfast_syscall () >>>> at /usr/src/sys/amd64/amd64/exception.S:387 >>>> #17 0x00000008024729fc in ?? () >>>> Previous frame inner to this frame (corrupt stack?) >>>> (kgdb) >>>>=20 >>>> Unread portion of the kernel message buffer: >>>> Kernel page fault with the following non-sleepable locks held: >>>> exclusive sleep mutex racct lock (racct lock) r =3D 0 >>>> (0xffffffff8128a7c0) locked @ /usr/src/sys/kern/kern_racct.c:614 >>>> exclusive sleep mutex process lock (process lock) r =3D 0 >>>> (0xfffffe0005d68598) locked @ /usr/src/sys/kern/kern_racct.c:603 >>>>=20 >>>=20 >>> It looks like racct_proc_exit can be called for processes without >>> properly initialized racct structure, which in turn results in this >>> panic. >>>=20 >>> Can you please test this patch: >>> http://student.agh.edu.pl/~mjguzik/patches/racct-fork.patch >>>=20 >>> ? >>>=20 >>> I was unable to reproduce panic you describe, so it was tested only = by >>> manually injecting error. Nevertheless I think you should try it. :) >>>=20 >>=20 >> Thanks, your patch fixes the panic. >=20 > Can anyone commit this fix? I've committed a slightly different fix (previous one would leak RCTL structures) in 235787; it's also attached below. Could you please test = it? I plan to MFC it in two weeks from now. Index: kern_racct.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- kern_racct.c (revision 235699) +++ kern_racct.c (working copy) @@ -594,6 +594,9 @@ out: PROC_UNLOCK(child); PROC_UNLOCK(parent); =20 + if (error !=3D 0) + racct_proc_exit(child); + return (error); } =20 Index: kern_fork.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- kern_fork.c (revision 235699) +++ kern_fork.c (working copy) @@ -939,8 +939,8 @@ fail: #ifdef MAC mac_proc_destroy(newproc); #endif + racct_proc_exit(newproc); fail1: - racct_proc_exit(newproc); if (vm2 !=3D NULL) vmspace_free(vm2); uma_zfree(proc_zone, newproc); --=20 If you cut off my head, what would I say? Me and my head, or me and my = body?