kern/186258: Heap overrun in mps(4)
Garrett Wollman
wollman at csail.mit.edu
Wed Jan 29 22:10:01 UTC 2014
>Number: 186258
>Category: kern
>Synopsis: Heap overrun in mps(4)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 29 22:10:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Garrett Wollman
>Release: FreeBSD 9.2-STABLE amd64
>Organization:
MIT Computer Science & Artificial Intelligence Laboratory
>Environment:
System: FreeBSD nfs-backup-1.csail.mit.edu 9.2-STABLE FreeBSD 9.2-STABLE #21 r261274M: Wed Jan 29 16:24:39 EST 2014 wollman at xyz.csail.mit.edu:/usr/obj/usr/src-9-stable/sys/CSAIL amd64
Problem occurs with all stable/9 after r254938.
This machine is a Quanta QSSC-S99Q server with three mps(4)
controllers connected via multiple paths to four 48-port Quanta
DNS1700 disk shelves.
>Description:
If the kernel is not built with DEBUG_REDZONE, server crashes
deterministically during boot. The buffer that is being overrun is
never freed, so redzone(9) never gets a chance to dump a stack trace
identifying where it was allocated.
>How-To-Repeat:
Try to boot 9-stable without DEBUG_REDZONE.
>Fix:
Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list