2bb1463f4f
Tokio's multi-thread scheduler has an unfixed vulnerability where all worker threads can end up parked on condvars with no worker driving the I/O reactor. Condvar-parked workers have no timeout and sleep indefinitely, so once in this state the runtime never recovers. This was observed on a box migrating from 0.3.5.1: after heavy task churn (package reinstalls, container operations, logging) all 16 workers ended up on futex_wait with no thread on epoll_wait. The web server listened on both HTTP and HTTPS but never replied. The box was stuck for 7+ hours with 0% CPU. Two mitigations: 1. Watchdog OS thread (startd.rs): a plain std::thread that every 30s injects a no-op task via Handle::spawn. This forces a condvar-parked worker to wake, cycle through park, and grab the driver TryLock — breaking the stall regardless of what triggered it. 2. block_in_place in the logger (logger.rs): the TeeWriter holds a std::sync::Mutex across blocking file + stderr writes on worker threads. Wrapping in block_in_place tells tokio to hand off driver duties before the worker blocks, reducing the window for starvation. Guarded by runtime_flavor() to avoid panicking on current-thread runtimes used by the CLI.
StartOS
What is StartOS?
StartOS is an open-source Linux distribution for running a personal server. It handles discovery, installation, network configuration, data backup, dependency management, and health monitoring of self-hosted services.
Tech stack: Rust backend (Tokio/Axum), Angular frontend, Node.js container runtime with LXC, and a custom diff-based database (Patch-DB) for reactive state synchronization.
Services run in isolated LXC containers, packaged as S9PKs — a signed, merkle-archived format that supports partial downloads and cryptographic verification.
What can you do with it?
StartOS lets you self-host services that would otherwise depend on third-party cloud providers — giving you full ownership of your data and infrastructure.
Browse available services on the Start9 Marketplace, including:
- Bitcoin & Lightning — Run a full Bitcoin node, Lightning node, BTCPay Server, and other payment infrastructure
- Communication — Self-host Matrix, SimpleX, or other messaging platforms
- Cloud Storage — Run Nextcloud, Vaultwarden, and other productivity tools
Services are added by the community. If a service you want isn't available, you can package it yourself.
Getting StartOS
Buy a Start9 server
The easiest path. Buy a server from Start9 and plug it in.
Build your own
Follow the install guide to install StartOS on your own hardware. . Reasons to go this route:
- You already have compatible hardware
- You want to save on shipping costs
- You prefer not to share your physical address
- You enjoy building things
Build from source
See CONTRIBUTING.md for environment setup, build instructions, and development workflow.
Contributing
There are multiple ways to contribute: work directly on StartOS, package a service for the marketplace, or help with documentation and guides. See CONTRIBUTING.md or visit start9.com/contribute.
To report security issues, email security@start9.com.