From wollman@nfs-backup-1.csail.mit.edu  Wed Jan 29 22:09:46 2014
Return-Path: <wollman@nfs-backup-1.csail.mit.edu>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 9E30522B
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Jan 2014 22:09:46 +0000 (UTC)
Received: from nfs-backup-1.csail.mit.edu (nfs-backup-1.csail.mit.edu [128.30.3.35])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 575441A86
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Jan 2014 22:09:45 +0000 (UTC)
Received: from nfs-backup-1.csail.mit.edu (localhost [127.0.0.1])
	by nfs-backup-1.csail.mit.edu (8.14.7/8.14.7) with ESMTP id s0TM50HG006020
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Jan 2014 17:05:00 -0500 (EST)
	(envelope-from wollman@nfs-backup-1.csail.mit.edu)
Received: (from wollman@localhost)
	by nfs-backup-1.csail.mit.edu (8.14.7/8.14.7/Submit) id s0TM50IJ006019;
	Wed, 29 Jan 2014 17:05:00 -0500 (EST)
	(envelope-from wollman)
Message-Id: <201401292205.s0TM50IJ006019@nfs-backup-1.csail.mit.edu>
Date: Wed, 29 Jan 2014 17:05:00 -0500 (EST)
From: Garrett Wollman <wollman@csail.mit.edu>
Reply-To: Garrett Wollman <wollman.mit.edu@csail.mit.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Heap overrun in mps(4)
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         186258
>Category:       kern
>Synopsis:       [mps] Heap overrun in mps(4)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-scsi
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 29 22:10:00 UTC 2014
>Closed-Date:    
>Last-Modified:  Tue Feb 04 01:28:34 UTC 2014
>Originator:     Garrett Wollman
>Release:        FreeBSD 9.2-STABLE amd64
>Organization:
MIT Computer Science & Artificial Intelligence Laboratory
>Environment:
System: FreeBSD nfs-backup-1.csail.mit.edu 9.2-STABLE FreeBSD 9.2-STABLE #21 r261274M: Wed Jan 29 16:24:39 EST 2014 wollman@xyz.csail.mit.edu:/usr/obj/usr/src-9-stable/sys/CSAIL amd64

Problem occurs with all stable/9 after r254938.

This machine is a Quanta QSSC-S99Q server with three mps(4)
controllers connected via multiple paths to four 48-port Quanta
DNS1700 disk shelves.

>Description:

If the kernel is not built with DEBUG_REDZONE, server crashes
deterministically during boot.  The buffer that is being overrun is
never freed, so redzone(9) never gets a chance to dump a stack trace
identifying where it was allocated.

>How-To-Repeat:

Try to boot 9-stable without DEBUG_REDZONE.

>Fix:

Unknown.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-scsi 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Feb 3 10:48:43 UTC 2014 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=186258 
>Unformatted:
