From archie@whistle.com  Mon May 22 16:59:20 2000
Return-Path: <archie@whistle.com>
Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7])
	by hub.freebsd.org (Postfix) with ESMTP id 0351137B5DC
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 May 2000 16:59:20 -0700 (PDT)
	(envelope-from archie@whistle.com)
Received: (from archie@localhost)
	by bubba.whistle.com (8.9.3/8.9.2) id QAA13514;
	Mon, 22 May 2000 16:59:19 -0700 (PDT)
Message-Id: <200005222359.QAA13514@bubba.whistle.com>
Date: Mon, 22 May 2000 16:59:19 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Reply-To: archie@whistle.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: kernel crashes when sysctl(3) is called
X-Send-Pr-Version: 3.2

>Number:         18763
>Category:       kern
>Synopsis:       kernel crashes when sysctl(3) is called
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 22 17:00:01 PDT 2000
>Closed-Date:    Sat Jun 9 18:22:55 PDT 2001
>Last-Modified:  Sat Jun 09 18:23:15 PDT 2001
>Originator:     Archie Cobbs
>Release:        FreeBSD 3.4-RELEASE i386
>Organization:
Whistle Communications, Inc.
>Environment:

	FreeBSD 3.4-REL

>Description:

	The kernel core dumps on the program given below:

	Program received signal SIGSEGV, Segmentation fault.
	0xc0130e12 in sysctl_sysctl_name (oidp=0xc02220b4, arg1=0xc3204f38, arg2=2, 
	    req=0xc3204ea8) at ../../kern/kern_sysctl.c:249
	249                                     error = SYSCTL_OUT(req, (*oidpp)->oid_name,
	(gdb) where
	#0  0xc0130e12 in sysctl_sysctl_name (oidp=0xc02220b4, arg1=0xc3204f38, 
	    arg2=2, req=0xc3204ea8) at ../../kern/kern_sysctl.c:249
	#1  0xc01317a9 in sysctl_root (oidp=0x0, arg1=0xc3204f30, arg2=4, 
	    req=0xc3204ea8) at ../../kern/kern_sysctl.c:795
	#2  0xc0131962 in userland_sysctl (p=0xc31d1200, name=0xc3204f30, namelen=4, 
	    old=0x0, oldlenp=0xbfbfd0fc, inkernel=0, new=0x0, newlen=0, 
	    retval=0xc3204f2c) at ../../kern/kern_sysctl.c:890
	#3  0xc0131814 in __sysctl (p=0xc31d1200, uap=0xc3204f94)
	    at ../../kern/kern_sysctl.c:826
	#4  0xc01af407 in syscall (frame={tf_es = 672137255, tf_ds = -1078001625, 
	      tf_edi = 4, tf_esi = 136637068, tf_ebp = -1077948272, 
	      tf_isp = -1021292572, tf_ebx = 672704864, tf_edx = 0, tf_ecx = 0, 
	      tf_eax = 202, tf_trapno = 7, tf_err = 2, tf_eip = 672454616, tf_cs = 31, 
	      tf_eflags = 659, tf_esp = -1077948312, tf_ss = 39})
	    at ../../i386/i386/trap.c:1100
	#5  0xc01a44dc in Xint0x80_syscall ()

>How-To-Repeat:

	#include <sys/types.h>
	#include <sys/sysctl.h>
	#include <stdio.h>
	#include <err.h>
	int
	main(int ac, char *av[])
	{
		int mib[4] = { 0, 1, 1, 0 };
		size_t estimate;
		if (sysctl(mib, 4, NULL, &estimate, NULL, 0) != 0)
			err(1, "sysctl");
		printf("estimate = %d\n", estimate);
		return (0);
	}

>Fix:

	Haven't investigated that yet.

	Note: not a problem on 5.0-CURRENT 2000-06-01 /phk

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dd 
State-Changed-When: Sat Jun 9 18:22:55 PDT 2001 
State-Changed-Why:  
Not a problem on 4-stable; 3-stable not supported. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=18763 
>Unformatted:
