Date: Wed, 29 Jan 2014 17:05:00 -0500 (EST) From: Garrett Wollman <wollman@csail.mit.edu> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/186258: Heap overrun in mps(4) Message-ID: <201401292205.s0TM50IJ006019@nfs-backup-1.csail.mit.edu> Resent-Message-ID: <201401292210.s0TMA0dt076212@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 186258 >Category: kern >Synopsis: Heap overrun in mps(4) >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 29 22:10:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Garrett Wollman >Release: FreeBSD 9.2-STABLE amd64 >Organization: MIT Computer Science & Artificial Intelligence Laboratory >Environment: System: FreeBSD nfs-backup-1.csail.mit.edu 9.2-STABLE FreeBSD 9.2-STABLE #21 r261274M: Wed Jan 29 16:24:39 EST 2014 wollman@xyz.csail.mit.edu:/usr/obj/usr/src-9-stable/sys/CSAIL amd64 Problem occurs with all stable/9 after r254938. This machine is a Quanta QSSC-S99Q server with three mps(4) controllers connected via multiple paths to four 48-port Quanta DNS1700 disk shelves. >Description: If the kernel is not built with DEBUG_REDZONE, server crashes deterministically during boot. The buffer that is being overrun is never freed, so redzone(9) never gets a chance to dump a stack trace identifying where it was allocated. >How-To-Repeat: Try to boot 9-stable without DEBUG_REDZONE. >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401292205.s0TM50IJ006019>