From nobody@FreeBSD.org  Tue Mar 14 13:30:17 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0AE116A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 14 Mar 2006 13:30:17 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6515543D45
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 14 Mar 2006 13:30:08 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k2EDU7hi001711
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 14 Mar 2006 13:30:07 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k2EDU72B001710;
	Tue, 14 Mar 2006 13:30:07 GMT
	(envelope-from nobody)
Message-Id: <200603141330.k2EDU72B001710@www.freebsd.org>
Date: Tue, 14 Mar 2006 13:30:07 GMT
From: Bernd Ueberbacher <bernd@uebi.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: FreeBSD 6.0 crash with forkbomb
X-Send-Pr-Version: www-2.3

>Number:         94446
>Category:       kern
>Synopsis:       [em]: FreeBSD 6.0 crash with forkbomb (regression)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    remko
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 14 13:40:18 GMT 2006
>Closed-Date:    Sun Mar 18 15:26:22 GMT 2007
>Last-Modified:  Sun Mar 18 15:26:22 GMT 2007
>Originator:     Bernd Ueberbacher
>Release:        6.0-RELEASE
>Organization:
Private
>Environment:
FreeBSD uebi.mynet.at 6.0-RELEASE-p4 FreeBSD 6.0-RELEASE-p4 #0: Fri Feb 17 14:33:41 CET 2006     root@uebi.mynet.at:/usr/obj/usr/src/sys/UEBI  i386
>Description:
Hi there!

I am using 2 Tyan Transport GS-10 as router with FreeBSD 5.4 and
quagga-0.98.5. Everything worked fine, but when I changed the Hardware
(now Dell PowerEdge SC1425, XEON 3.0 GHz) I installed FreeBSD 6.0 and
quagga-0.99. It seemed to work fine, too, but on the FIRST day i had 2
crashes! The box has completelly forzen both times. I checked the logfiles
but there where only a few  "em0: RX overrun" messages, nothing else. I
changed back to the Tyan router and investigated a bit more. I read that
the em0 errors shouldn't be responsible for the crash and thought I could
make some stress tests. I installed the forkbomb tool and when I start it
with "forkbomb -f --runasroot" I crash the machine within a couple of
seconds. The warning "maxproc limit exceeded by uid 0" shows up and the
box freezes.

I tried it with 6.0, 6.1-BETA3 and 5.4. It seems that it only affects
RELENG_6. When i try the same on 5.4 (same hardware) the machine gets
unusable (also reports "maxproc limit exceeded by uid 0"), but as soon
as I hit ctrl+c everything goes back to normal.

I was wondering if I made a mistake, but no matter what hardware, what
kernel (GENERIC or custom), ... it happens all the time on RELENG_6.
Today I tried it on a Sun Enterprise 220 (sparc64) and the same thing
happened.

As Goldmember would say: Isn't this weird? ;-)

Please try it on one of your 6.0 boxes and see if the same problem occurs.
Excuse my poor english and please don't flame me if I'm not right with what
I write, but it just seems odd to me that this happens with a fresh install
of 6.0 but not with 5.4


Have a nice day,
greets from Austria

Bernd





>How-To-Repeat:
pkg_add -r forkbomb; rehash; forkbomb -f --runasroot *GG*
>Fix:

>Release-Note:
>Audit-Trail:

From: Bernd <bernd@uebi.net>
To: bernd@uebi.net, bug-followup@FreeBSD.org
Cc:  
Subject: Re: i386/94446: FreeBSD 6.0 crash with forkbomb
Date: Tue, 14 Mar 2006 14:51:44 +0100

 PS: I just tried it again on 6.1-BETA3 and I get a "Fault Trap 12, page
 fault..." :-(
 
 
 
 
Responsible-Changed-From-To: freebsd-i386->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Mar 21 00:20:31 UTC 2006 
Responsible-Changed-Why:  
This does not sound i386-specific. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94446 

From: Frank de Bot <ppi@searchy.net>
To: bug-followup@FreeBSD.org,  bernd@uebi.net
Cc:  
Subject: Re: kern/94446: FreeBSD 6.0 crash with forkbomb (regression)
Date: Wed, 09 Aug 2006 20:36:34 +0200

 Hi,
 
 Just installed a new fresh 6.1, rebuild world and kernel (Generic kernel 
   plus options SMP and MAC). Exact same result as Bernd's
 My hardware configuration was: VMware server build 28343 running on a 
 Pentium D830, 2Gig rams. 512Mb configured for virtual machine.
 
 Regards,
 
 
 Frank de Bot
 
State-Changed-From-To: open->feedback 
State-Changed-By: bms 
State-Changed-When: Sun Sep 24 18:42:43 UTC 2006 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=94446 
State-Changed-From-To: feedback->open 
State-Changed-By: bms 
State-Changed-When: Sun Sep 24 18:46:33 UTC 2006 
State-Changed-Why:  
Snafu 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94446 
State-Changed-From-To: open->feedback 
State-Changed-By: bms 
State-Changed-When: Sun Sep 24 18:47:04 UTC 2006 
State-Changed-Why:  
This report is quite confusing -- without more evidence it's difficult 
to have something to go on. I can reproduce a panic in -CURRENT with 
forkbomb as the submitter describes, but it looks like a diagnostic; 
running forkbomb as a non-root user doesn't panic the machine due to 
the proces limit. 

The panic is pretty much as I'd expect. It would be good to harden things 
a bit more along this path, but from reading CVS history for these files it 
looks as though the behaviour was changed to avoid a lock-order reversal. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=94446 
Responsible-Changed-From-To: freebsd-bugs->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Mon Dec 25 15:23:22 UTC 2006 
Responsible-Changed-Why:  
I will grab this PR, also some feedback request: can you tell me 
whether the more recent if_em driver in 6-STABLE resolved the 
problem you are seeing? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94446 
State-Changed-From-To: feedback->closed 
State-Changed-By: remko 
State-Changed-When: Sun Mar 18 15:26:20 UTC 2007 
State-Changed-Why:  
feedback timeout 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94446 
>Unformatted:
