Date: Fri, 05 Nov 2010 17:06:22 +0300 From: sdfsdf rwerwer <freebsd-tracker-int0dh@mail.ru> To: freebsd-current <freebsd-current@freebsd.org> Subject: ngctl can crash the kernel Message-ID: <E1PEMvu-0006UK-00.freebsd-tracker-int0dh-mail-ru@f231.mail.ru>
next in thread | raw e-mail | index | archive | help
Hi everybody,
The following commands lead the 9.0-CURRENT kernel to crash:
[root@freebsd /usr/home/int0dh]# ngctl
Available commands:
config get or set configuration of node at <path>
connect Connects hook <peerhook> of the node at <relpath> to <hook>
debug Get/set debugging verbosity level
dot Produce a GraphViz (.dot) of the entire netgraph.
help Show command summary or get more help on a specific command
list Show information about all nodes
mkpeer Create and connect a new node to the node at "path"
msg Send a netgraph control message to the node at "path"
name Assign name <name> to the node at <path>
read Read and execute commands from a file
rmhook Disconnect hook "hook" of the node at "path"
show Show information about the node at <path>
shutdown Shutdown the node at <path>
status Get human readable status information from the node at <path>
types Show information about all installed node types
write Send a data packet down the hook named by "hook".
quit Exit program
+ mkpeer ksocket myhook inet/stream/tcp
+ msg .:myhook connect inet/127.0.0.1:22
After last command the kernel panics.
Any listening TCP port can be used instead of 22.
The panic occurs here (sys/kern/uipc_sockbuf.c):
int
sbappendaddr_locked(struct sockbuf *sb, const struct sockaddr *asa,
struct mbuf *m0, struct mbuf *control)
{
struct mbuf *m, *n, *nlast;
int space = asa->sa_len;
SOCKBUF_LOCK_ASSERT(sb);
if (m0 && (m0->m_flags & M_PKTHDR) == 0)
{
panic("sbappendaddr_locked" ;
}
I`ve tried with the custom kernel only, but I think that issue can be reproduced with GENERIC too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1PEMvu-0006UK-00.freebsd-tracker-int0dh-mail-ru>