Rick Koshi's questions

I've run across a very odd behavior on SQL Server 2008R2.

I have a third-party application which acts as a SQL Server client. I have a subset of my users who should have access to this application. I created an Active Directory group, call it "DOM\appusers", with a couple of test users. I created a SQL Server login by the same name, created a database, call it "appdb", created a user on the appdb database, "DOM\appusers", associated with the login, and assigned the "db_owner" role to this user.

Most operations work. But "some" of them get errors. In particular, one query fails:

SELECT x,y,z
  INTO tmpTable
  FROM (table1 INNER JOIN table 2 on table1.col1 = table2.col1)
       INNER JOIN table3 ON table1.col2 = table3.col2
 GROUP BY x,y,a,b,c
HAVING (((table2.col4)=0) AND
        ((table3.col5)=0)) AND
       ((table3.col6)=0)

This was pulled out of SQL Profiler, where it flagged the query with an error, but there was no more detail about the error, and the application is unhelpful, so I can't tell you exactly what error was thrown.

I'm no SQL expert, so I don't know what's special about this query, or why it should require permissions beyond db_owner, but this isn't really a question about SQL queries.

What's really weird to me is that if I bypass the group, I get different results. If I delete the SQL server login and user detailed above, then create a new login and user referencing an Active Directory user directly, and assign it the same db_owner role, then the above query works. Indeed, all queries work as expected.

This was strange enough that I thought it had to be an error on my part. I did the same experiment three times, with the same result. I verified that the test users have no access to the database without one of the above setups. I tried assigning the server-wide "sysadmin" role to the AD group, and the query started working. Obviously, I can't leave it that way, but it was a data point. I also created a login using SQL Server authentication instead of Windows authentication, and that worked too.

So, the obvious question is this: What is different about permissions when a user gains them through a group vs "directly" (insofar as anything is "direct" with MSSQL's extra layers of login and database user)? Does db_owner not mean the same thing for a group as for a user? Is this just a bug? Is there a fix? I'd rather not have to add each and every app user to the SQL Server user/login list individually, but that's the only workaround I've thought of so far. Is there a different solution?

Thanks in advance for any help. :-)

I have a Dell R620 server, with an iDRAC7 Enterprise license. The "DNS DRAC Name" is set to "idrac-NNXXXXN", where "NNXXXXN" is the service tag of the machine. Every time I type something new into that field (In the web administration page, "Overview -> iDRAC Settings -> Network") and click on "Apply", the page refreshes after a few seconds, with the field changed back to its original setting. I have tried several different names, including some short and simple names, just in case there's a problem with the name, but the behavior is the same no matter what I type there.

I've done the exact same thing on other very similar servers (including another R620 with an iDRAC7), and it works on all of the others. I have tried clicking "Reset iDRAC" (which I presume reboots the instance of Linux running on the iDRAC), and that has no effect. Not that I expected it to, but it was worth a try.

Any suggestions? Am I doing something obviously wrong?

I'm having some DNS issues on a new box I'm installing with CentOS 6.2.

I am able to look up names using nslookup, dig, or host. I am able to ping machines by name or by IP address. However, when I try other tools, such as ssh, wget, or yum, they are unable to resolve names. For example:

# wget http://www.google.com
--2012-03-08 14:48:06--  http://www.google.com/
Resolving www.google.com... failed: Name or service not known.
wget: unable to resolve host address `www.google.com'
# ssh www.google.com
ssh: Could not resolve hostname www.google.com: Name or service not known
# ping -c 1 www.google.com
PING www.l.google.com (74.125.113.106) 56(84) bytes of data.
64 bytes from vw-in-f106.1e100.net (74.125.113.106): icmp_seq=1 ttl=46 time=43.6 ms

--- www.l.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 59ms
rtt min/avg/max/mdev = 43.665/43.665/43.665/0.000 ms
# host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 74.125.113.99
www.l.google.com has address 74.125.113.103
www.l.google.com has address 74.125.113.104
www.l.google.com has address 74.125.113.105
www.l.google.com has address 74.125.113.106
www.l.google.com has address 74.125.113.147

My /etc/nsswitch.conf file is the default, including this (standard) line:

hosts:      files dns

/etc/resolv.conf is as set up by DHCP:

; generated by /sbin/dhclient-script
nameserver 192.168.1.254

192.168.1.254 is a working DNS server (my DSL modem, working for years with other machines)

Anyone know why ping would work, but ssh/wget would fail?

Per NcA's suggestion, I tried changing /etc/resolv.conf to point to 8.8.8.8. Oddly enough, this does make it work. Obviously, my DSL modem is responding to DNS requests in some way that some parts of Linux's resolution system don't like. Looking at the tcpdump, I am unable to see what the difference is. Certainly, both servers are sending the same addresses.

Here's the output from tcpdump -nn -X with the server set to the DNS server on the DSL modem. It's clearly replying with the correct addresses, but ssh/wget don't seem happy with it for some reason:

15:53:52.133580 IP 192.168.1.254.53 > 192.168.1.2.54836: 33157 7/0/0 CNAME www.l.google.com., A 74.125.115.105, A 74.125.115.106, A 74.125.115.147, A 74.125.115.99, A 74.125.115.103, A 74.125.115.104 (148)
        0x0000:  4500 00b0 e33a 0000 ff11 53b1 c0a8 01fe  E....:....S.....
        0x0010:  c0a8 0102 0035 d634 009c 7528 8185 8180  .....5.4..u(....
        0x0020:  0001 0007 0000 0000 0377 7777 0667 6f6f  .........www.goo
        0x0030:  676c 6503 636f 6d00 0001 0001 c00c 0005  gle.com.........
        0x0040:  0001 0007 acd0 0008 0377 7777 016c c010  .........www.l..
        0x0050:  c02c 0001 0001 0000 0001 0004 4a7d 7369  .,..........J}si
        0x0060:  c02c 0001 0001 0000 0001 0004 4a7d 736a  .,..........J}sj
        0x0070:  c02c 0001 0001 0000 0001 0004 4a7d 7393  .,..........J}s.
        0x0080:  c02c 0001 0001 0000 0001 0004 4a7d 7363  .,..........J}sc
        0x0090:  c02c 0001 0001 0000 0001 0004 4a7d 7367  .,..........J}sg
        0x00a0:  c02c 0001 0001 0000 0001 0004 4a7d 7368  .,..........J}sh
15:53:52.135669 IP 192.168.1.254.53 > 192.168.1.2.54836: 65062- 0/0/0 (32)
        0x0000:  4500 003c e33b 0000 ff11 5424 c0a8 01fe  E..<.;....T$....
        0x0010:  c0a8 0102 0035 d634 0028 98f9 fe26 8000  .....5.4.(...&..
        0x0020:  0001 0000 0000 0000 0377 7777 0667 6f6f  .........www.goo
        0x0030:  676c 6503 636f 6d00 001c 0001            gle.com.....

I'm not enough of an expert to know if this is malformed in some way, but ping seems to do the right thing with it.

For comparison, here's the same thing when querying 8.8.8.8:

15:57:27.990270 IP 8.8.8.8.53 > 192.168.1.2.49028: 59114 7/0/0 CNAME www.l.google.com., A 74.125.113.105, A 74.125.113.103, A 74.125.113.106, A 74.125.113.147, A 74.125.113.104, A 74.125.113.99 (148)
        0x0000:  4500 00b0 5530 0000 2f11 6453 0808 0808  E...U0../.dS....
        0x0010:  c0a8 0102 0035 bf84 009c 39f8 e6ea 8180  .....5....9.....
        0x0020:  0001 0007 0000 0000 0377 7777 0667 6f6f  .........www.goo
        0x0030:  676c 6503 636f 6d00 0001 0001 c00c 0005  gle.com.........
        0x0040:  0001 0001 516a 0008 0377 7777 016c c010  ....Qj...www.l..
        0x0050:  c02c 0001 0001 0000 0116 0004 4a7d 7169  .,..........J}qi
        0x0060:  c02c 0001 0001 0000 0116 0004 4a7d 7167  .,..........J}qg
        0x0070:  c02c 0001 0001 0000 0116 0004 4a7d 716a  .,..........J}qj
        0x0080:  c02c 0001 0001 0000 0116 0004 4a7d 7193  .,..........J}q.
        0x0090:  c02c 0001 0001 0000 0116 0004 4a7d 7168  .,..........J}qh
        0x00a0:  c02c 0001 0001 0000 0116 0004 4a7d 7163  .,..........J}qc
15:57:28.018909 IP 8.8.8.8.53 > 192.168.1.2.49028: 31984 1/1/0 CNAME www.l.google.com. (102)
        0x0000:  4500 0082 7b1b 0000 2f11 3e96 0808 0808  E...{.../.>.....
        0x0010:  c0a8 0102 0035 bf84 006e c67e 7cf0 8180  .....5...n.~|...
        0x0020:  0001 0001 0001 0000 0377 7777 0667 6f6f  .........www.goo
        0x0030:  676c 6503 636f 6d00 001c 0001 c00c 0005  gle.com.........
        0x0040:  0001 0001 517f 0008 0377 7777 016c c010  ....Q....www.l..
        0x0050:  c030 0006 0001 0000 0258 0026 036e 7334  .0.......X.&.ns4
        0x0060:  c010 0964 6e73 2d61 646d 696e c010 0016  ...dns-admin....
        0x0070:  91f3 0000 0384 0000 0384 0000 0708 0000  ................
        0x0080:  003c                                     .<

I still don't know why the server's reply is adequate for ping but not for ssh/wget.

If anyone has ideas, I'd be happy to hear them. For now, though, I can either refer to an outside DNS server or set up my own server on the new box. It's a workaround that seems like it should be unnecessary, but will allow me to proceed.

I'm having a problem with my virtual machines, where the network will freeze under heavy load. I'm using CentOS 6.2 as both host and guest, not using libvirt, just running qemu-kvm directly as follows:

/usr/libexec/qemu-kvm \
   -drive file=/data2/vm/rb-dev2-www1-vm.img,index=0,media=disk,cache=none,if=virtio \
   -boot order=c \
   -m 2G \
   -smp cores=1,threads=2 \
   -vga std \
   -name rb-dev2-www1-vm \
   -vnc :84,password \
   -net nic,vlan=0,macaddr=52:54:20:00:00:54,model=virtio \
   -net tap,vlan=0,ifname=tap84,script=/etc/qemu-ifup \
   -monitor unix:/var/run/vm/rb-dev2-www1-vm.mon,server,nowait \
   -rtc base=utc \
   -device piix3-usb-uhci \
   -device usb-tablet

/etc/qemu-ifup (used by the above command) is a very simple script, containing the following:

#!/bin/sh

sudo /sbin/ifconfig $1 0.0.0.0 promisc up
sudo /usr/sbin/brctl addif br0 $1
sleep 2

And here's the info on br0 and other interfaces:

avl-host3 14# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.180373f5521a       no              bond0
                                                        tap84
virbr0          8000.525400858961       yes             virbr0-nic
avl-host3 15# ip addr show 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
    link/ether 18:03:73:f5:52:1a brd ff:ff:ff:ff:ff:ff
3: em2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
    link/ether 18:03:73:f5:52:1a brd ff:ff:ff:ff:ff:ff
4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 18:03:73:f5:52:1e brd ff:ff:ff:ff:ff:ff
5: em4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 18:03:73:f5:52:20 brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 18:03:73:f5:52:1a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::1a03:73ff:fef5:521a/64 scope link 
       valid_lft forever preferred_lft forever
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 18:03:73:f5:52:1a brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.46/24 brd 172.16.1.255 scope global br0
    inet6 fe80::1a03:73ff:fef5:521a/64 scope link 
       valid_lft forever preferred_lft forever
8: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 52:54:00:85:89:61 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
9: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
    link/ether 52:54:00:85:89:61 brd ff:ff:ff:ff:ff:ff
12: tap84: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether ba:e8:9b:2a:ff:48 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b8e8:9bff:fe2a:ff48/64 scope link 
       valid_lft forever preferred_lft forever

bond0 is a bond of em1 and em2.

virbr0 and virbr0-nic are vestigial interfaces left over from CentOS's default installation. They are unused (as far as I know).

The guest runs perfectly until I run a large 'rsync', when the network will freeze after some seemingly-random time (usually under a minute). When it freezes, there is no network activity in or out of the guest. I can still connect to the guest's console via vnc, but it is unable to speak out its network interface. Any attempt to 'ping' from the guest gives a "Destination Host Unreachable" error for 3/4 packets and no reply for every fourth packet.

Sometimes (perhaps two thirds of the time), I can bring the interface back to life by doing a "service network restart" from the guest's console. If this works (and if I do it before the rsync times out), the rsync will resume. Usually it will freeze again within a minute or two. If I repeat, the rsync will eventually finish, and I presume the machine goes back to waiting for another period of heavy load.

Throughout the whole process, there are no console errors or relevant (that I can see) syslog messages on either guest or host machine.

If the "service network restart" doesn't work the first time, trying again (and again and again) never seems to work. The command completes normally, with normal output, but the interface stays frozen. However, a soft reboot of the guest machine (without restarting qemu-kvm) always seems to bring it back.

I am aware of the "lowest mac address" assignment problem, where the bridge takes on the mac address of the slave interface with the lowest mac address. This causes temporary network freezes, but is definitely not what's happening for me. My freezes are permanent until manual intervention, and you can see from the 'ip addr show' output above that the mac address being used by br0 is that of the physical ethernet.

There are no other virtual machines running on the host. I've verified that each virtual machine on the subnet has its own unique mac address.

I have rebuilt the guest machine several times, and I have tried this on three different host machines (identical hardware, built identically). Oddly, I do have one virtual host (the second of this series) which never seemed to have a problem. It never had its network freeze when it was running the same rsync during its build. It's particularly odd because it was the second build. The first, on a different host, did have the freezing problem, but the second did not. I assumed at the time that I had done something wrong with the first build, and that the problem was resolved. Unfortunately, the problem reappeared when I built the third VM. Also unfortunately, I can't do many tests with the working VM, as it's now in production use, and I'm hoping I can find the cause of this issue before that machine starts having problems. It's possible that I just got really lucky while running the rsync on the working machine, and that one time it didn't freeze.

Of course it's possible that I somehow changed the build scripts without realizing it and re-broke something, but I can't find any such thing.

In any case, I'm hoping someone has some idea what could cause this.

Addendum: Preliminary tests suggest that I don't have the problem if I substitute e1000 for virtio in the first -net flag to qemu-kvm. I don't consider this a solution, but it is suitable for a stopgap. Has anyone else had (or better yet, solved) this problem with the virtio network driver?

I'm having a routing problem on CentOS 6.2 (kernel 2.6.32-220)

Here's the setup: One host is on my local network. It's talking to two nearly identical hosts at a remote location. The two remote hosts are on all the same networks, acting as redundant backups for each other.

I set up two GRE tunnels from the local host, one to each remote host:

ip tunnel add name tunnel1 mode gre local 10.2.1.2 remote 10.2.1.1
ip link set dev tunnel1 up
ip route add 172.16.1.0/24 dev tunnel1 metric 101

ip tunnel add name tunnel2 mode gre local 10.2.1.4 remote 10.2.1.3
ip link set dev tunnel2 up
ip route add 172.16.1.0/24 dev tunnel2 metric 102

Outgoing packets route properly, no problem. Incoming packets are weird. It appears that whichever tunnel has the route with the higher metric (tunnel2 in the example above) will ignore incoming packets. They come in all right, and can be seen on the local machine with 'tcpdump -i tunnel2', but they are not routed properly to the local networks. They're simply dropped. I can switch the two metrics, and then tunnel1 will drop all incoming packets. The tunnel with the lower route metric will route packets properly, both incoming and outgoing.

Is this "working as designed?" What I'd like to have happen, of course, is for all packets on both tunnels to be properly forwarded. Is this possible?

Quick update: One person suggested (I'm not sure why) adding 'key' parameters to the 'ip tunnel' commands. I tried this, both with different keys for each tunnel and with identical keys for both tunnels, but neither trial had no effect.

I started out trying to do some simple performance tests. "Which of these disks is faster, and by how much" kind of things. I didn't need much precision, I just wanted a rough idea. It's turned into a weird foray into the internals of How Things Work. Kind of fun, actually, but a little odd.

Before I go further, I'll say that everything in this article is done on an Arch Linux system, running a 3.0 kernel, with a Western Digital WD30EZRX 3TB SATA disk drive removed from a MyBook Essential USB3 enclosure (those enclosures do evil things to your data) and installed in a Sans Digital single-disk USB3 enclosure, connected via a Buffalo USB3 PCIe 1-lane card. The drive is the only device on that USB card, and the system is otherwise idle during the time of the tests.

I wrote a performance testing program, a simple C program to open a file, write four GiB of data into it, fsync(), and exit. I ran the test 9 times (an arbitrary number, because I wanted single digits, but forgot to start at zero) on an empty whole-disk ext4 filesystem, and got 58-59 seconds per run, about 73 MB/sec. Not the fastest disk in the world, but the results were fairly consistent.

For reasons I no longer remember, not expecting any trouble, I came back and did the exact same test a few hours later, after unplugging the disk to test another one, plugging the original disk back in, and re-doing the mkfs. Much to my surprise, I got very different results. This time, I got results in the 51-52 second (83 MB/sec) kind of range, with 2 closer to 48 seconds.

Hours later, after doing some research, including asking a question here about how to find out which disk blocks are used by a file, I ran another test on the same disk without reinitializing. I just created new files in the same directory (the root of the filesystem) as the previous test. This time, I got results in the 44-45 second (96 MB/sec) kind of range.

Later on, I ran three more tests (refining my test procedure, actually), again just putting the files next to the existing ones, and got 44-second, 45-second, and 50-second performance. Those three groups of runs were all right next to each other. Keep in mind, I'm still not talking about individual runs. I ran the test program 9 times, all with 44-second results, another 9 times, all with 45-second results, and 9 more times, all with 50-second results.

These are some pretty big differences, and very oddly grouped.

I used debugfs to check which blocks the files are using, and there's nothing "funny" going on there. Each file seems to get the next available blocks, in sequence, starting from the beginning of the disk.

The only thing I can think of that might explain this would be if the disk circuitry were somehow allocating blocks from different parts of the disk and presenting them to the host as contiguous. For the results I'm seeing, it would have to be noticing the delay between my test runs and using that as an opportunity to switch to a different part of the disk for allocation.

Frankly, this sounds like a bit of a stretch to me, but I don't have a lot of other ideas.

Can anyone shed light on this? Why am I getting such locally-consistent yet globally-variable results?

This is an obscure question, I know. I'm trying to do some performance testing of some disks on a Linux box. I'm getting some inconsistent results, running the same test on the same disk. I know that disks have different performance depending on which part of the disk is being accessed. In particular, reads and writes to the outside of the disk have much higher throughput than reads and writes to the inside part of the disk, due to near-constant data density and constant rotational speed.

I'd like to see if my inconsistencies can be attributed to this geometry-induced variance in throughput. Is it possible, using existing tools, to find out where on the disk a file has been placed?

If not, I suppose I can write something to directly seek, read, and write to the device file itself, bypassing (and destroying) the filesystem, but I'm hoping to avoid that. I'm currently using ext4 on a 3.0 kernel (Arch Linux, if it matters), but I'm interested in techniques for other filesystems as well.

I'm setting up a CentOS 5.6 server, using Kickstart. I have four disk drives, sda-sdd. These are the relevant Kickstart lines:

clearpart --linux --drives=sda,sdb,sdc,sdd --initlabel
part raid.11 --size 102400 --asprimary --ondrive=sda
part raid.21 --size 16384 --asprimary --ondrive=sda
part raid.31 --size 1024 --asprimary --grow --ondrive=sda
part raid.12 --size 102400 --asprimary --ondrive=sdb
part raid.22 --size 16384 --asprimary --ondrive=sdb
part raid.32 --size 1024 --asprimary --grow --ondrive=sdb
part raid.41 --size 1024 --asprimary --grow --ondrive=sdc
part raid.42 --size 1024 --asprimary --grow --ondrive=sdd
raid / --fstype ext3 --device md0 --level=RAID1 raid.11 raid.12
raid swap --device md1 --level=RAID1 raid.21 raid.22
raid /data1 --fstype ext3 --device md2 --level=RAID1 raid.31 raid.32
raid /data2 --fstype ext3 --device md3 --level=RAID1 raid.41 raid.42

Basically I partitioned the first two disks for root, swap, and a data partition. I partitioned the 3rd and 4th disk as one big data partition. I set up the first two disks to mirror each other, and the last two disks to mirror each other. Very straightforward.

The odd behavior I'm seeing is that when I boot up the newly-installed machine, it syncs some of the raids more than once. Here are the relevant /var/log/messages lines:

Sep  5 15:09:22 dsp-hw1 kernel: md: md3: raid array is not clean -- starting background reconstruction
Sep  5 15:09:24 dsp-hw1 kernel: md: syncing RAID array md3
Sep  5 15:09:39 dsp-hw1 kernel: md: md2: raid array is not clean -- starting background reconstruction
Sep  5 15:09:39 dsp-hw1 kernel: md: syncing RAID array md2
Sep  5 15:09:53 dsp-hw1 kernel: md: md0: raid array is not clean -- starting background reconstruction
Sep  5 15:09:53 dsp-hw1 kernel: md: delaying resync of md0 until md2 has finished resync (they share one or more physical units)
Sep  5 15:30:12 dsp-hw1 kernel: md: md2: sync done.
Sep  5 15:30:12 dsp-hw1 kernel: md: syncing RAID array md0
Sep  5 15:40:37 dsp-hw1 kernel: md: md3: sync done.
Sep  5 15:42:02 dsp-hw1 kernel: md: md0: sync done.
Sep  5 16:16:03 dsp-hw1 kernel: md: syncing RAID array md1
Sep  5 16:16:03 dsp-hw1 kernel: md: syncing RAID array md3
Sep  5 16:16:03 dsp-hw1 kernel: md: delaying resync of md2 until md1 has finished resync (they share one or more physical units)
Sep  5 16:18:10 dsp-hw1 kernel: md: md1: sync done.
Sep  5 16:18:10 dsp-hw1 kernel: md: syncing RAID array md2
Sep  5 16:43:31 dsp-hw1 kernel: md: md2: sync done.
Sep  5 16:54:57 dsp-hw1 kernel: md: md3: sync done.

So it starts a sync of md2 and md3 in parallel (pretty reasonable), then does md0 once md2 is done (again pretty reasonable), and md1 once md0 is done. So far so good. Then, for no reason I can see, it starts another sync of md3 at the same time as it starts md1. Then follows up with another sync of md2 once md1 is done. These are full syncs, taking just as long as the original. Longer, actually. md3's syncs run for 31 minutes and 37 minutes respectively, and md2's syncs run for 21 minutes and 25 minutes respectively.

So the question is, why does it need to sync anything more than once? I haven't seen it start a third one (yet), but I'm not sure whether to expect it. More importantly, I don't know if this indicates some kind of a problem that I should fix before putting the system into a production environment. I don't see anything looking like an error in any of the logs, nothing indicating a problem with the first sync, nothing looking abnormal at all, actually, except for the odd extra syncs.

Can anyone shed light on this?

Update: In trying to diagnose this, I've redone the kickstart a few times. I've noticed that it's not 100%. Once (only once) it never synced the swap partition (md1) at all. On that occasion, it only synced each of the other partitions once.

Perhaps it's some race condition exacerbated by multiple raid partitions set up simultaneously on the same physical disks?

I recently purchased a 4-bay enclosure (Mediasonic Probox -- maybe cheap junk, but should work) with 4 2TB disks. The enclosure has both USB3 and eSATA interfaces. I originally intended to use it on USB3, but I had some trouble with that, so now I'm trying to use it with eSATA. Note that this box has no internal RAID of any kind. It is supposed to present the installed disks as individual disks.

The problem I'm having is that the Linux kernel only sees one of the 4 disks. I'm connecting it to the onboard ports of an Intel DX58SO motherboard, whose manual claims that, "They can also be used for port replication, which allows the aggregation of multiple hard drives on each of the eSATA ports."

I'm running Arch Linux, with kernel version 2.6.39.3. I am able to access one of the disks as /dev/sda (which caused its own set of problems at boot time -- it displaced my internal disks upwards by one slot), but the other three are missing entirely.

Is there something special I need to do to make Linux see the multiplier?

I'm running two guest machines under KVM. The host is running Arch Linux (kernel version 2.6.38.2), the guests are both CentOS 5.5 (kernel version 2.6.18). I have the networking set up as a bridge, more-or-less as follows (I'm not doing it by hand, of course -- it's scattered through the system startup scripts)

# /usr/sbin/brctl addbr br0
# /usr/sbin/brctl addif br0 eth0
# /sbin/ifconfig br0 192.168.3.30 netmask 255.255.255.0 broadcast 192.168.3.255 up
# qemu-kvm -hda <disk-image1> -m 2048 -vga std -vnc :3 -net nic,vlan=0 -net tap,vlan=0,ifname=tap0,script=/etc/qemu-ifup
# qemu-kvm -hda <disk-image2> -m 2048 -vga std -vnc :4 -net nic,vlan=0 -net tap,vlan=0,ifname=tap1,script=/etc/qemu-ifup
# cat /etc/qemu-ifup
#!/bin/sh
sudo /sbin/ifconfig $1 0.0.0.0 promisc up
sudo /usr/sbin/brctl addif br0 $1

The configuration mostly works. What's odd is that I get frequent network "pauses". Most of my interactions with the virtual machines are through ssh or a web browser. Often, particularly after idle times, I'll go to type something in the session or access a web page, and nothing will happen. Eventually, after 10-15 seconds, normal activity will resume without error. ssh keystrokes from the dead time go through in a rush. Web requests seem to be lost, but a quick "reload page" gets the result without delay. The virtual machine as a whole continues to run the whole time, as I can see by watching the VNC session to the console. The two guests are independent in this way. Sometimes both will be frozen at the same time, but sometimes one will be working fine while the other is frozen. There are no errors in dmesg at the time of the freeze, on the host or guest.

Any ideas, for solution, cause, or further diagnosis?

(supplemental info, 7/27)

Here's the output from 'ifconfig -a' on the host:

hope 5$ sudo ifconfig -a
br0       Link encap:Ethernet  HWaddr 4A:F0:CA:32:F5:88  
          inet addr:192.168.3.30  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::7271:bcff:fea2:f4c4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:140947463 errors:0 dropped:0 overruns:0 frame:0
          TX packets:66981660 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:192776331275 (183845.8 Mb)  TX bytes:9469675717 (9030.9 Mb)

br0:1     Link encap:Ethernet  HWaddr 4A:F0:CA:32:F5:88  
          inet addr:192.168.3.31  Bcast:192.168.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

br0:2     Link encap:Ethernet  HWaddr 4A:F0:CA:32:F5:88  
          inet addr:192.168.3.32  Bcast:192.168.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 70:71:BC:A2:F4:C4  
          inet6 addr: fe80::7271:bcff:fea2:f4c4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:141848164 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68852413 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:195831275369 (186759.2 Mb)  TX bytes:9559920997 (9117.0 Mb)
          Interrupt:20 Memory:d0300000-d0320000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:27197534 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27197534 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:127242745992 (121348.1 Mb)  TX bytes:127242745992 (121348.1 Mb)

sit0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tap0      Link encap:Ethernet  HWaddr 4A:F0:CA:32:F5:88  
          inet6 addr: fe80::48f0:caff:fe32:f588/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:397512 errors:0 dropped:0 overruns:0 frame:0
          TX packets:668318 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:38045826 (36.2 Mb)  TX bytes:750358170 (715.5 Mb)

tap1      Link encap:Ethernet  HWaddr 56:92:5E:DE:93:67  
          inet6 addr: fe80::5492:5eff:fede:9367/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:25635 errors:0 dropped:0 overruns:0 frame:0
          TX packets:88846 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:1999805 (1.9 Mb)  TX bytes:17071986 (16.2 Mb)

the output from 'brctl show' on the host:

hope 6$ sudo brctl show
bridge name bridge id               STP enabled     interfaces
br0         8000.4af0ca32f588       no              eth0
                                                    tap0
                                                    tap1

the output from 'ifconfig -a' on one guest:

guest1# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 52:54:00:12:34:56  
          inet addr:192.168.3.35  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:323061 errors:0 dropped:0 overruns:0 frame:0
          TX packets:210150 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:298541685 (284.7 MiB)  TX bytes:25958962 (24.7 MiB)
          Interrupt:11 Base address:0x4000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2305 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2305 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:481780 (470.4 KiB)  TX bytes:481780 (470.4 KiB)

sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

and the same thing on the other guest:

guest2# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 52:54:00:12:34:56  
          inet addr:192.168.3.36  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:62641 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25718 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:10789140 (10.2 MiB)  TX bytes:2012261 (1.9 MiB)
          Interrupt:11 Base address:0x4000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:182 errors:0 dropped:0 overruns:0 frame:0
          TX packets:182 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:25798 (25.1 KiB)  TX bytes:25798 (25.1 KiB)

sit0      Link encap:IPv6-in-IPv4  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

My story starts out quite simply. I have a light-duty server, running Arch Linux, which stores most of its data on a RAID-1 composed of two SATA drives. It was working without any problems for about 4 months. Then, suddenly I started getting read errors on one of the drives. Always, the messages looked a lot like these:

Apr 18 00:20:15 hope kernel: [307085.582035] ata5.01: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
Apr 18 00:20:15 hope kernel: [307085.582040] ata5.01: failed command: READ DMA EXT
Apr 18 00:20:15 hope kernel: [307085.582048] ata5.01: cmd 25/00:08:08:6a:34/00:00:27:00:00/f0 tag 0 dma 4096 in
Apr 18 00:20:15 hope kernel: [307085.582050]          res 51/40:00:0c:6a:34/40:00:27:00:00/f0 Emask 0x9 (media error)
Apr 18 00:20:15 hope kernel: [307085.582053] ata5.01: status: { DRDY ERR }
Apr 18 00:20:15 hope kernel: [307085.582056] ata5.01: error: { UNC }
Apr 18 00:20:15 hope kernel: [307085.621301] ata5.00: configured for UDMA/133
Apr 18 00:20:15 hope kernel: [307085.640972] ata5.01: configured for UDMA/133
Apr 18 00:20:15 hope kernel: [307085.640986] sd 4:0:1:0: [sdd] Unhandled sense code
Apr 18 00:20:15 hope kernel: [307085.640989] sd 4:0:1:0: [sdd]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Apr 18 00:20:15 hope kernel: [307085.640993] sd 4:0:1:0: [sdd]  Sense Key : Medium Error [current] [descriptor]
Apr 18 00:20:15 hope kernel: [307085.640998] Descriptor sense data with sense descriptors (in hex):
Apr 18 00:20:15 hope kernel: [307085.641001]         72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00 
Apr 18 00:20:15 hope kernel: [307085.641010]         27 34 6a 0c 
Apr 18 00:20:15 hope kernel: [307085.641020] sd 4:0:1:0: [sdd]  Add. Sense: Unrecovered read error - auto reallocate failed
Apr 18 00:20:15 hope kernel: [307085.641023] sd 4:0:1:0: [sdd] CDB: Read(10): 28 00 27 34 6a 08 00 00 08 00
Apr 18 00:20:15 hope kernel: [307085.641027] end_request: I/O error, dev sdd, sector 657746444
Apr 18 00:20:15 hope kernel: [307085.641035] ata5: EH complete
Apr 18 00:20:15 hope kernel: [307085.641672] md/raid1:md16: read error corrected (8 sectors at 657744392 on sdd1)
Apr 18 00:20:17 hope kernel: [307087.505082] md/raid1:md16: redirecting sector 657742336 to other mirror: sdd1

Each error complained of a different sector number, and was accompanied by a several-second delay for the user (me) accessing the disk.

I checked the smartctl output, and saw the following output (irrelevant parts clipped):

ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   193   193   051    Pre-fail  Always       -       1606
  5 Reallocated_Sector_Ct   0x0033   194   194   140    Pre-fail  Always       -       0
196 Reallocated_Event_Count 0x0032   162   162   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       51

Looking back in the logs, I found that the errors had actually been happening for a few days, mostly during backups, but also frequently during very light use (meaning about every 5th time I tried to save a text file). I concluded that my disk was dying, that the RAID-1 was handling it appropriately, and that it was time to order a replacement disk. I ordered a new disk.

Much to my surprise, a day later, the errors... stopped. I had done nothing to fix them. I hadn't rebooted, hadn't taken the drive offline, nothing. But the errors just stopped.

At that point, curious to see whether the bad sectors were just in idle portions of the disk now, I took the disk out of the RAID, put it back in the RAID, and allowed it to complete the ensuing full resync. The resync completed without any errors, 9 hours later (2TB disks take a little while).

Also, the smartctl output has changed a bit, as follows:

ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   193   193   051    Pre-fail  Always       -       1606
  5 Reallocated_Sector_Ct   0x0033   194   194   140    Pre-fail  Always       -       43
196 Reallocated_Event_Count 0x0032   162   162   000    Old_age   Always       -       38
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0

So, the part of this that's weirding me out is, of course, "Since when do bad disks fix themselves?"

I suppose it's possible that a very small area of the drive spontaneously went bad, and that the drive simply took 3 days (!) before its sector reallocation code kicked in and it mapped some spare sectors over a bad area of the disk... But I can't say that I've ever seen that happen.

Has anyone else seen this kind of behavior? If so, what was your experience with the drive afterward? Did it happen again? Did the disk eventually fail completely? Or was it just an unexplained glitch that remained unexplained?

In my case, I already have the replacement drive (obtained under warranty), so I'll probably just replace the drive anyway. But I'd love to know if I misdiagnosed this somehow. If it helps, I have have complete 'smartctl -a' output from when the problem was happening. It's just a bit long, so I didn't post it here.

I'm running a Linux 2.6.36 kernel, and I'm seeing some random errors. Things like

ls: error while loading shared libraries: libpthread.so.0: cannot open shared object file: Error 23

Yes, my system can't consistently run an 'ls' command. :(

I note several errors in my dmesg output:

# dmesg | tail
[2808967.543203] EXT4-fs (sda3): re-mounted. Opts: (null)
[2837776.220605] xv[14450] general protection ip:7f20c20c6ac6 sp:7fff3641b368 error:0 in libpng14.so.14.4.0[7f20c20a9000+29000]
[4931344.685302] EXT4-fs (md16): re-mounted. Opts: (null)
[4982666.631444] VFS: file-max limit 1231582 reached
[4982666.764240] VFS: file-max limit 1231582 reached
[4982767.360574] VFS: file-max limit 1231582 reached
[4982901.904628] VFS: file-max limit 1231582 reached
[4982964.930556] VFS: file-max limit 1231582 reached
[4982966.352170] VFS: file-max limit 1231582 reached
[4982966.649195] top[31095]: segfault at 14 ip 00007fd6ace42700 sp 00007fff20746530 error 6 in libproc-3.2.8.so[7fd6ace3b000+e000]

Obviously, the file-max errors look suspicious, being clustered together and recent.

# cat /proc/sys/fs/file-max
1231582
# cat /proc/sys/fs/file-nr
1231712 0       1231582

That also looks a bit odd to me, but the thing is, there's no way I have 1.2 million files open on this system. I'm the only one using it, and it's not visible to anyone outside the local network.

# lsof | wc
  16046  148253 1882901
# ps -ef | wc 
    574    6104   44260

I saw some documentation saying:

file-max & file-nr:

The kernel allocates file handles dynamically, but as yet it doesn't free them again.

The value in file-max denotes the maximum number of file- handles that the Linux kernel will allocate. When you get lots of error messages about running out of file handles, you might want to increase this limit.

Historically, the three values in file-nr denoted the number of allocated file handles, the number of allocated but unused file handles, and the maximum number of file handles. Linux 2.6 always reports 0 as the number of free file handles -- this is not an error, it just means that the number of allocated file handles exactly matches the number of used file handles.

Attempts to allocate more file descriptors than file-max are reported with printk, look for "VFS: file-max limit reached".

My first reading of this is that the kernel basically has a built-in file descriptor leak, but I find that very hard to believe. It would imply that any system in active use needs to be rebooted every so often to free up the file descriptors. As I said, I can't believe this would be true, since it's normal to me to have Linux systems stay up for months (even years) at a time. On the other hand, I also can't believe that my nearly-idle system is holding over a million files open.

Does anyone have any ideas, either for fixes or further diagnosis? I could, of course, just reboot the system, but I don't want this to be a recurring problem every few weeks. As a stopgap measure, I've quit Firefox, which was accounting for almost 2000 lines of lsof output (!) even though I only had one window open, and now I can run 'ls' again, but I doubt that will fix the problem for long. (edit: Oops, spoke too soon. By the time I finished typing out this question, the symptom was/is back)

Thanks in advance for any help.

And another update: My system was basically unusable, so I decided I had no option but to reboot. But before I did, I carefully quit one process at a time, checking /proc/sys/fs/file-nr after each termination. I found that, predictably, the number of open files gradually went down as I closed things down. Unfortunately, it wasn't a large effect. Yes, I was able to clear up 5000-10000 open files, but there were still over 1.2 million left. I shut down just about everything. All interactive shells, except for the one ssh I left open to finish closing down, httpd, even nfs service. Basically everything in the process table that wasn't a kernel process, and there were still an appalling number of files apparently left open.

After the reboot, I found that /proc/sys/fs/file-nr showed about 2000 files open, which is much more reasonable. Starting up 2 Xvnc sessions as usual, along with the dozen or so monitoring windows I like to keep open, brought the total up to about 4000 files. I can see nothing wrong with that, of course, but I've obviously failed to identify the root cause.

I'm still looking for ideas, since I definitely expect it to happen again.

And another update, the next day:

I watched the system carefully, and discovered that /proc/sys/fs/file-nr showed a growth of about 900 open files per hour. I shut down the system's only NFS client for the night, and the growth stopped. Mind you, it didn't free up the resources, but it did at least stop consuming more. Is this a known bug with NFS? I'll be bringing the NFS client back online today, and I'll narrow it down further.

If anyone is familiar with this behavior, feel free to jump in with "Yeah, NFS4 has this problem, go back to NFS3" or something like that.