Index: sys/kern/kern_jail.c
===================================================================
--- sys/kern/kern_jail.c
+++ sys/kern/kern_jail.c
@@ -2402,10 +2402,10 @@
 	newcred->cr_prison = pr;
 	proc_set_cred(p, newcred);
 	setsugid(p);
-	PROC_UNLOCK(p);
 #ifdef RACCT
 	racct_proc_ucred_changed(p, oldcred, newcred);
 #endif
+	PROC_UNLOCK(p);
 	prison_deref(oldcred->cr_prison, PD_DEREF | PD_DEUREF);
 	crfree(oldcred);
 	return (0);
@@ -3967,8 +3967,8 @@
 	FOREACH_PROC_IN_SYSTEM(p) {
 		PROC_LOCK(p);
 		cred = crhold(p->p_ucred);
-		PROC_UNLOCK(p);
 		racct_proc_ucred_changed(p, cred, cred);
+		PROC_UNLOCK(p);
 		crfree(cred);
 	}
 
Index: sys/kern/kern_loginclass.c
===================================================================
--- sys/kern/kern_loginclass.c
+++ sys/kern/kern_loginclass.c
@@ -230,10 +230,10 @@
 	oldcred = crcopysafe(p, newcred);
 	newcred->cr_loginclass = newlc;
 	proc_set_cred(p, newcred);
-	PROC_UNLOCK(p);
 #ifdef RACCT
 	racct_proc_ucred_changed(p, oldcred, newcred);
 #endif
+	PROC_UNLOCK(p);
 	loginclass_free(oldcred->cr_loginclass);
 	crfree(oldcred);
 
Index: sys/kern/kern_prot.c
===================================================================
--- sys/kern/kern_prot.c
+++ sys/kern/kern_prot.c
@@ -576,10 +576,10 @@
 		setsugid(p);
 	}
 	proc_set_cred(p, newcred);
-	PROC_UNLOCK(p);
 #ifdef RACCT
 	racct_proc_ucred_changed(p, oldcred, newcred);
 #endif
+	PROC_UNLOCK(p);
 	uifree(uip);
 	crfree(oldcred);
 	return (0);
@@ -924,10 +924,10 @@
 		setsugid(p);
 	}
 	proc_set_cred(p, newcred);
-	PROC_UNLOCK(p);
 #ifdef RACCT
 	racct_proc_ucred_changed(p, oldcred, newcred);
 #endif
+	PROC_UNLOCK(p);
 	uifree(ruip);
 	uifree(euip);
 	crfree(oldcred);
@@ -1065,10 +1065,10 @@
 		setsugid(p);
 	}
 	proc_set_cred(p, newcred);
-	PROC_UNLOCK(p);
 #ifdef RACCT
 	racct_proc_ucred_changed(p, oldcred, newcred);
 #endif
+	PROC_UNLOCK(p);
 	uifree(ruip);
 	uifree(euip);
 	crfree(oldcred);
Index: sys/kern/kern_racct.c
===================================================================
--- sys/kern/kern_racct.c
+++ sys/kern/kern_racct.c
@@ -1046,7 +1046,7 @@
 	if (!racct_enable)
 		return;
 
-	PROC_LOCK_ASSERT(p, MA_NOTOWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 
 	newuip = newcred->cr_ruidinfo;
 	olduip = oldcred->cr_ruidinfo;
@@ -1075,7 +1075,13 @@
 	RACCT_UNLOCK();
 
 #ifdef RCTL
+	/*
+	 * rctl_proc_ucred_changed() performs waiting memory allocation,
+	 * so it should be called without any locks held.
+	 */
+	PROC_UNLOCK(p);
 	rctl_proc_ucred_changed(p, newcred);
+	PROC_LOCK(p);
 #endif
 }
 
Index: sys/kern/kern_rctl.c
===================================================================
--- sys/kern/kern_rctl.c
+++ sys/kern/kern_rctl.c
@@ -1957,11 +1957,12 @@
 	int rulecnt, i;
 
 	ASSERT_RACCT_ENABLED();
+	PROC_LOCK_ASSERT(p, MA_NOTOWNED);
 
 	newuip = newcred->cr_ruidinfo;
 	newlc = newcred->cr_loginclass;
 	newprr = newcred->cr_prison->pr_prison_racct;
-	
+
 	LIST_INIT(&newrules);
 
 again: