From owner-freebsd-bugs@FreeBSD.ORG Mon Feb 2 11:10:10 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A61E6106592A for ; Mon, 2 Feb 2009 11:10:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6E32A8FC29 for ; Mon, 2 Feb 2009 11:10:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n12BAAZE097120 for ; Mon, 2 Feb 2009 11:10:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n12BAAwg097113; Mon, 2 Feb 2009 11:10:10 GMT (envelope-from gnats) Resent-Date: Mon, 2 Feb 2009 11:10:10 GMT Resent-Message-Id: <200902021110.n12BAAwg097113@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Sergey Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 220ED1065822 for ; Mon, 2 Feb 2009 11:09:01 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 07D4D8FC19 for ; Mon, 2 Feb 2009 11:09:01 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n12B90iE099971 for ; Mon, 2 Feb 2009 11:09:00 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n12B90rU099963; Mon, 2 Feb 2009 11:09:00 GMT (envelope-from nobody) Message-Id: <200902021109.n12B90rU099963@www.freebsd.org> Date: Mon, 2 Feb 2009 11:09:00 GMT From: Sergey To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/131290: How to completely freeze FreeBSD 7.1 under a non-privileged user X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Feb 2009 11:10:25 -0000 >Number: 131290 >Category: misc >Synopsis: How to completely freeze FreeBSD 7.1 under a non-privileged user >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 02 11:10:09 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Sergey >Release: 7.0, 7.1 >Organization: >Environment: FreeBSD begemot.somehost.lan 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #4: Mon Jan 26 10:14:36 MSK 2009 root@begemot.somehost.lan:/usr/obj/usr/src/sys/GENERICULE amd64 >Description: Hello. I think I've came across a way to completely freeze FreeBSD under a non-privileged user. The problem was reproduced on two different computers running FreeBSD 7.0. Here is what you need to do in order to reproduce the bug: 1. Install Erlang R12B5 using ports system 3. Download loop.sh and escript.erl from http://gist.github.com/56879 (they are also listed at the end of this letter) 2. Run loop.sh (which in fact just starts escript.erl periodically) 3. Wait until your system freezes WARNING: after that you won't be able to restart your system in a consistent manner using current login session or even connect via SSH. There is only one way to get back into the working system - hard reset. I've found that such a freeze is a result of the following Erlang call in the escript.erl: net_kernel:start([test_node, shortnames]) This call make it possible to do RPC's to another Erlang nodes from escript. This bug never happens under Linux to me (I used Archlinux for testing). I didn't write bug reports neither to Erlang public maillist nor to FreeBSD public maillist because of security purposes. Please let me know if it won't be harmful for FreeBSD to post such a bug report to public Erlang maillist. Contact me if necessary. Thanks for your work. ----------------------- #!/usr/bin/env bash # loop.sh TIME=${1-5} while true; do echo 'Running escript...' ./escript.erl echo "Timeout ($TIME s.)..." sleep $TIME done ------------------------ #!/usr/bin/env escript % escript.erl main(_) -> os:cmd("epmd -daemon"), io:format(" #1~n"), net_kernel:start([test_node, shortnames]), % <--- WARNING: This call causes the system freeze. But for this to heppen the escript.erl needs to be started a several times, so use loop.sh io:format(" #2~n"), erlang:set_cookie(node(), somecookie), io:format(" #3~n"). >How-To-Repeat: 1. Install Erlang R12B5 using ports system 3. Download loop.sh and escript.erl from http://gist.github.com/56879 (they are also listed at the end of "Full description section") 2. Run loop.sh (which in fact just starts escript.erl periodically) 3. Wait until your system freezes >Fix: >Release-Note: >Audit-Trail: >Unformatted: