From rwsys!sneaky.lerctr.org!gordon@lerami.lerctr.org  Fri Oct 27 18:45:25 1995
Received: from lerami.lerctr.org (lerami.lerctr.org [206.85.10.1])
          by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id SAA03951
          for <FreeBSD-gnats-submit@freebsd.org>; Fri, 27 Oct 1995 18:45:23 -0700
Received: from rwsys by lerami.lerctr.org with uucp
	(Smail3.1.29.1 #4 /\oo/\) id <m0t90Kn-0000waC@lerami.lerctr.org>; Fri, 27 Oct 95 20:45    
Received: by rwsys.lonestar.org (Smail3.1.27.1 #1)
	id m0t8rCb-00002uC; Fri, 27 Oct 95 11:00 CDT
Received: by hammy.lerctr.org (Smail3.1.29.1 #1)
	id m0t8ktz-0000FzC; Fri, 27 Oct 95 04:16 CDT
Message-Id: <m0t8ktz-0000FzC@hammy.lerctr.org>
Date: Fri, 27 Oct 95 04:16 CDT
From: gordon@sneaky.lerctr.org
Reply-To: gordon@sneaky.lerctr.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: sysctl lets ordinary users lock up system
X-Send-Pr-Version: 3.2

>Number:         795
>Category:       kern
>Synopsis:       sysctl lets ordinary users lock up system
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 27 18:50:00 PDT 1995
>Closed-Date:    Sat Oct 28 01:50:25 PDT 1995
>Last-Modified:  Sat Oct 28 01:53:49 PDT 1995
>Originator:     Gordon Burditt
>Release:        FreeBSD 2.0-BUILT-19950603 i386
>Organization:
>Environment:
	FreeBSD 2.0.5R
	syscons console driver
	486DX/33 CPU
	

>Description:
	Attempting to retrieve the sysctl() information from 
	kern.vnode locks up the system some of the time.
	The lock is probably on the vnode table (ps won't run), and 
	you cannot log in on another terminal/virtual console, 
	execute ps on any terminal/virtual console already logged 
	in, ^C or ^Z out of the program, or much of anything else.  
	Some UUCP conversations continue, but they may not last past 
	the point of needing to switch files.
	
	

>How-To-Repeat:

	
	Run the following program several times as an unprivileged user.  
	I always had it lock up the system within 3 tries, usually 1 or 2.  
	If it makes a difference, I always ran it from a syscons virtual
	console.  When it's locked up, you cannot interrupt the program 
	with ^C or ^Z, you cannot log in on another virtual terminal or 
	serial port (You never get the password: prompt), ps never 
	finishes, and to get anything useful done, you have to reboot.
	Don't run this program unless you are prepared to reboot.

/* sysctlcrash.c */
# include <stdio.h>
# include <errno.h>
# include <sys/param.h>
# include <sys/sysctl.h>

int main(int argc, char **argv)
{
	int	ret;
	int	mib[6];
	int	len;
	char	buffer[8192];

	mib[0] = CTL_KERN;
	mib[1] = KERN_VNODE;
	len = 8192;
	ret = sysctl(mib, 2, buffer, &len, NULL, 0);
	exit(0);
}

>Fix:
	
	
	This code section was derived from a piece of code intended
	to treewalk the MIB, uh, "filesystem", and find all the stuff
	sysctl -A misses, so I set it up to avoid this particular combination, 
	but I don't have a fix.  I also find it interesting that both EISDIR 
	and ENOTDIR indicate that the name I have chosen is not terminal and 
	I should lengthen it.

					Gordon L. Burditt
					sneaky.lerctr.org!gordon
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: bde 
State-Changed-When: Sat Oct 28 01:50:25 PDT 1995 
State-Changed-Why:  
Fixed in revision 1.36 of vfs_subr.c by cleaning up properly 
before the error returns. 
>Unformatted:
