From mwm@mired.org  Wed Feb 21 15:15:27 2001
Return-Path: <mwm@mired.org>
Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186])
	by hub.freebsd.org (Postfix) with SMTP id E462E37B65D
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Feb 2001 15:15:26 -0800 (PST)
	(envelope-from mwm@mired.org)
Received: (qmail 16435 invoked by uid 100); 21 Feb 2001 23:15:26 -0000
Message-Id: <20010221231526.16434.qmail@guru.mired.org>
Date: 21 Feb 2001 23:15:26 -0000
From: mwm@mired.org
Reply-To: mwm@mired.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: fdesc file system in -STABLE locks up during nightly builds
X-Send-Pr-Version: 3.2

>Number:         25266
>Category:       kern
>Synopsis:       fdesc file system in -STABLE locks up during nightly builds
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    chris
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 21 15:20:00 PST 2001
>Closed-Date:    Mon Oct 22 16:39:04 PDT 2001
>Last-Modified:  Mon Oct 22 16:39:40 PDT 2001
>Originator:     Mike Meyer
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
Meyer Consulting
>Environment:

fdesc in use on a 4.2-STABLE system, and daily_clean_disks_enable set
to yes in /etc/periodic.conf This lockup only happens if periodic is
run from cron; running it from the command line will not cause a
problem.


>Description:

The system locks up every night a few seconds into the daily periodic
run.

The stack trace from ddb starts in the debugger, back through sc &
atkbd, thence through the interrupt (presumably from my invoking DDB
at the console). From there, it's:

	fdesc_readdir+0xe6(<address>, <address>, 0, <address>, 4, 0)
	getdirentries+0xf4(5 <addresses>)
	Xint0x80_syscall+0x2b

According to gdb on the core dump, the fdesc_readdir is:

0xc019223e is in fdesc_readdir (../../miscfs/fdesc/fdesc_vnops.c:614).
609                     while (i < sizeof(rootent) / sizeof(rootent[0]) &&
610                         uio->uio_resid >= UIO_MX) {
611                             dt = &rootent[i];
612                             switch (dt->d_fileno) {
613                             case FD_CTTY:
614                                     if (cttyvp(uio->uio_procp) == NULL)
615                                             continue;
616                                     break;
617
618                             case FD_STDIN:

On the face of it, the while loop in fdesc_readdir is simply
broken. If you hit one of the continues in the loop (there are others
further down), you have missed anything in the loop that might change
either i or uip, meaning the loop doesn't terminate. It may be waiting
on other events to change it, but somehow I doubt it for the fdesc
code. Further, note that the code that is finding the continue in this
case is checking for a controlling terminal, which would explain the
difference in behavior between running periodic from cron vs from the
command line.

>How-To-Repeat:

set daily_clean_disks_enable to YES in /etc/make.conf on a 4.2 box,
mount fdesc, and watch it lock up.

>Fix:

It's not clear how to fix the code. I note that the last MFC of this
code is over a year old, and the very next commit simply removed this
code. Possibly MFC'ing a more recent version would solve the problem.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->chris 
Responsible-Changed-By: kris 
Responsible-Changed-When: Fri Feb 23 23:47:47 PST 2001 
Responsible-Changed-Why:  
chris is the fdescfs maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25266 
State-Changed-From-To: open->analyzed 
State-Changed-By: chris 
State-Changed-When: Mon Mar 19 14:16:32 PST 2001 
State-Changed-Why:  
Looking into MFCing the changes I made in -CURRENT after the release is 
over with.  A workaround for now would be not to use fdesc in its current 
state. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25266 

From: "D.Y.Kazarov" <kazarov@izmiran.rssi.ru>
To: <freebsd-gnats-submit@FreeBSD.org>, <mwm@mired.org>
Cc:  
Subject: Re: kern/25266: fdesc file system in -STABLE locks up during nightly builds
Date: Sat, 21 Apr 2001 00:27:40 +0400

 On my system (4.2-STABLE SMP) it does not locks up, but panic system on
 executing this code (I've extracted it from /etc/security that panic
 system):
 
 # mount | fgrep fdesc
 fdesc on /dev (fdesc, noatime, union)
 
 # cat > security
 echo 'Checking for uids of 0:'
 n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd |
     tee /dev/stderr |
     sed -e '/^root 0$/d' -e '/^toor 0$/d' |
     wc -l)
 # sh security 2>&1 | sendmail root
 
 A panic message with 'tee' reported as current process.
 
 BTW: I'm getting error: "ln: /dev/vga: Read-only file system" on system
 boot - IMHO mounting fdesc on /dev is not a best solution for other devices.
 
 Dmitry
 
State-Changed-From-To: analyzed->closed 
State-Changed-By: chris 
State-Changed-When: Mon Oct 22 16:39:04 PDT 2001 
State-Changed-Why:  
Merged the -CURRENT version into -STABLE. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25266 
>Unformatted:
