Date: Sun, 14 Jun 2015 14:53:48 +0200 From: Jeremie Le Hen <jlh@FreeBSD.org> To: freebsd-current@freebsd.org Cc: trasz@freebsd.org, Konstantin Belousov <kib@freebsd.org>, alc@freebsd.org Subject: Re: panic when RACCT_RSS still > 0 when struct racct destroyed Message-ID: <CAGSa5y2%2Ba8CDvY4MiBcfzMKR62GNgrcKF%2B7suZ5_6kqYwRhH=w@mail.gmail.com> In-Reply-To: <CAGSa5y0p_tcDZ1twNVSR5yaL9q_yZY7aFWhCXUY_RC8oqVAQ8A@mail.gmail.com> References: <CAGSa5y0p_tcDZ1twNVSR5yaL9q_yZY7aFWhCXUY_RC8oqVAQ8A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for the early sending in the previous email. Hi all, I keep getting the following panic from time to time: % panic: destroying non-empty racct: 1142784 allocated for resource 4 % % cpuid = 1 % KDB: stack backtrace: % db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00e6240630 % vpanic() at vpanic+0x189/frame 0xfffffe00e62406b0 % kassert_panic() at kassert_panic+0x132/frame 0xfffffe00e6240720 % racct_destroy() at racct_destroy+0x96/frame 0xfffffe00e6240750 % uifree() at uifree+0x5e/frame 0xfffffe00e6240770 % crfree() at crfree+0x48/frame 0xfffffe00e6240790 % thread_wait() at thread_wait+0x8e/frame 0xfffffe00e62407b0 % proc_reap() at proc_reap+0x40e/frame 0xfffffe00e6240800 % proc_to_reap() at proc_to_reap+0x332/frame 0xfffffe00e6240850 % kern_wait6() at kern_wait6+0x1f7/frame 0xfffffe00e62408f0 % sys_wait4() at sys_wait4+0x73/frame 0xfffffe00e6240ae0 % amd64_syscall() at amd64_syscall+0x27f/frame 0xfffffe00e6240bf0 % Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe00e6240bf0 I had already reported this two years ago, but we couldn't find a solution: https://lists.freebsd.org/pipermail/freebsd-current/2013-June/042528.html Note that since then I spotted an instance of this which wasn't for a jailed process. I made a bit more research today on RACCT_RSS throughout the kernel source. It is only set using racct_set() from - vmspace_container_set() but it only zero a couple of resources - vm_daemon() The first question, do you guys (kib, alc) think there could be a bug, or rather a race, in there? The other solution where the RSS resource can be modified is through: - racct_proc_ucred_changed() - racct_move() - racct_proc_fork() I think this is pretty much the surface through which the bug can arise. In the thread pointed above, Edward advised me to create a rctl rule to cause the uidinfo to be held, but this can happen with various users (the last one with user 2 in the root jail). Any idea what I could do to narrow the issue? Cheers, -- Jeremie Le Hen jlh@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGSa5y2%2Ba8CDvY4MiBcfzMKR62GNgrcKF%2B7suZ5_6kqYwRhH=w>