DF-0181
sysctl_hostname leaks XLOCK on EPERM: jailed root deadlocks host sysctl subsystem
Summary
sysctl_hostname(:217-219) acquires SYSCTL_XLOCK (LK_EXCLUSIVE on ALL CPUs) for writes. Jail check at :224-226 returns EPERM WITHOUT calling SYSCTL_XUNLOCK(:234-237). Lock leaked permanently. Root in jail lacking PRISON_CAP_SYS_SET_HOSTNAME: sysctl -w kern.hostname=x -> host-wide sysctl deadlock. All sysctl reads/writes/kldload hang forever. Jail->host DoS.