Bug 253593 - Process hangs if nullfs mounted cwd moved out of chroot
Summary: Process hangs if nullfs mounted cwd moved out of chroot
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 12.2-STABLE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2021-02-17 18:24 UTC by Gregor Koscak
Modified: 2021-02-24 14:31 UTC (History)
2 users (show)

See Also:

screenshot of the VM console (20.42 KB, image/png)
2021-02-17 19:23 UTC, Gregor Koscak
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gregor Koscak 2021-02-17 18:24:56 UTC
Moving a current working directory of a chrooted/jailed process, which is accessed via nullfs mount, to the outside of chroot/jail will hang the process in R state with CPU maxed out. The process cannot be killed. Whether mount is rw or ro makes no difference.

Steps to reproduce:
Setup directories
/test/jail  <--- minimum chroot environment, or static shell

With nullfs mount:
host# mount
/test/inside on /test/jail/mnt (nullfs, local, soft-updates)

host# chroot /test/jail /bin/sh
jail# cd /mnt/subdir
host# mv /test/mounted/subdir /test/outside
! at this point we have:
! /test/mounted
! /test/outside/subdir
jail# pwd
jail# cd .

Actual result:
Shell process hangs w/ CPU utilization maxed and cannot be killed (R state). Nullfs mount cannot be unmounted, results in D state.
Return to normal operation requires reboot.

Expected result:
Graceful failure.

Tested on:
12.2-RELEASE-p1, 12.2-RELEASE-p3, physical and virtual (virtualbox).
14.0-CURRENT will panic the kernel.
Comment 1 Konstantin Belousov freebsd_committer 2021-02-17 19:08:12 UTC
Show the panic, at least.
Comment 2 Gregor Koscak 2021-02-17 19:23:19 UTC
Created attachment 222534 [details]
screenshot of the VM console