From owner-freebsd-current@FreeBSD.ORG Fri Nov 5 15:18:23 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2005A106566B for ; Fri, 5 Nov 2010 15:18:23 +0000 (UTC) (envelope-from freebsd-tracker-int0dh@mail.ru) Received: from fallback1.mail.ru (fallback1.mail.ru [94.100.176.18]) by mx1.freebsd.org (Postfix) with ESMTP id 93FE18FC0C for ; Fri, 5 Nov 2010 15:18:22 +0000 (UTC) Received: from f231.mail.ru (f231.mail.ru [217.69.128.161]) by fallback1.mail.ru (mPOP.Fallback_MX) with ESMTP id 331A11309712 for ; Fri, 5 Nov 2010 17:06:24 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail; h=Message-Id:Content-Transfer-Encoding:Content-Type:Reply-To:Date:Mime-Version:Subject:To:From; bh=zQRdf49sM2JGqHTe92xk8cib5y/qaBZDfa5/qHtzxJA=; b=vXrv4BbRKlzSM37uykr81RhRyWC17v+VBdog6h5MUZJgdBcOhg3DVRLOdWOF8SuqeVQ0rBYIpfOgxKwoJ5/KwPY+VDrwuDBJytY7JRpduO9qrQ8UP5fMv+XU/hdBS1JD; Received: from mail by f231.mail.ru with local id 1PEMvu-0006UK-00 for freebsd-current@freebsd.org; Fri, 05 Nov 2010 17:06:22 +0300 Received: from [93.92.200.151] by win.mail.ru with HTTP; Fri, 05 Nov 2010 17:06:22 +0300 From: sdfsdf rwerwer To: freebsd-current Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [93.92.200.151] Date: Fri, 05 Nov 2010 17:06:22 +0300 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: X-Spam: Not detected X-Mras: Ok Subject: ngctl can crash the kernel X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sdfsdf rwerwer List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Nov 2010 15:18:23 -0000 Hi everybody, The following commands lead the 9.0-CURRENT kernel to crash: [root@freebsd /usr/home/int0dh]# ngctl Available commands: config get or set configuration of node at connect Connects hook of the node at to debug Get/set debugging verbosity level dot Produce a GraphViz (.dot) of the entire netgraph. help Show command summary or get more help on a specific command list Show information about all nodes mkpeer Create and connect a new node to the node at "path" msg Send a netgraph control message to the node at "path" name Assign name to the node at read Read and execute commands from a file rmhook Disconnect hook "hook" of the node at "path" show Show information about the node at shutdown Shutdown the node at status Get human readable status information from the node at types Show information about all installed node types write Send a data packet down the hook named by "hook". quit Exit program + mkpeer ksocket myhook inet/stream/tcp + msg .:myhook connect inet/127.0.0.1:22 After last command the kernel panics. Any listening TCP port can be used instead of 22. The panic occurs here (sys/kern/uipc_sockbuf.c): int sbappendaddr_locked(struct sockbuf *sb, const struct sockaddr *asa, struct mbuf *m0, struct mbuf *control) { struct mbuf *m, *n, *nlast; int space = asa->sa_len; SOCKBUF_LOCK_ASSERT(sb); if (m0 && (m0->m_flags & M_PKTHDR) == 0) { panic("sbappendaddr_locked" ; } I`ve tried with the custom kernel only, but I think that issue can be reproduced with GENERIC too.