204643 – [msdosfs] [panic] Crash while accessing files with large, non-english names

Bug 204643 - [msdosfs] [panic] Crash while accessing files with large, non-english names

Summary: [msdosfs] [panic] Crash while accessing files with large, non-english names

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	9.3-RELEASE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Kristof Provost

URL:	https://reviews.freebsd.org/D5977
Keywords:	patch, security

Duplicates (1):	141897 (view as bug list)
Depends on:
Blocks:

Reported:	2015-11-17 20:49 UTC by Alexey
Modified:	2017-10-13 18:58 UTC (History)
CC List:	6 users (show)

See Also:	141897

Attachments
Kernel config file (14.03 KB, text/plain) 2015-11-17 20:49 UTC, Alexey	no flags	Details
msdosfs: Prevent buffer overflow when expanding win95 names (4.09 KB, patch) 2016-03-13 04:20 UTC, Kristof Provost	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey 2015-11-17 20:49:02 UTC

Created attachment 163261 [details]
Kernel config file

How-to-repeat:

1. Create file with large name, non-english (130 symbols 
	enough) on msdos fat disk. This must be done under ms windows 
	(FreeBSD does not allow shot in your leg and create file with 
	name > 127 non-english symbols on fat fs). Under the windows long non-english filenames 
	(127+ symbols) is correct and can be easily and accessed.
2. Mount disk on FreeBSD system like 
	"mount_msdosfs -o longnames -D cp1251 -L ru_RU.UTF-8 /dev/daX /mnt"
	(or use the your language settings in -D and -L)
3. Try "ls /mnt/directory-with-large-name"

You get "panic: stack overflow detected; backtrace may be corrupted"

I guess this is the same bug #141897
And, i guess this happening because locale uses multibyte encoding (UTF-8). But utf-8 the only way and this is the future.
Unfortunately fat file systems are widespread, and i from time to time encounter with this.

Kernel config in attachment.

Trace:
#0  doadump (textdump=<value optimized out>) at pcpu.h:235
#1  0xffffffff805e1b6f in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:454
#2  0xffffffff805e1fb7 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:642
#3  0xffffffff8060acc2 in __stack_chk_fail () at /usr/src/sys/kern/stack_protector.c:17
#4  0xffffffff804f3982 in msdosfs_readdir (ap=0xffffff81a3edfaa0) at /usr/src/sys/fs/msdosfs/msdosfs_vnops.c:1817
#5  0xffffffff80894c10 in VOP_READDIR_APV (vop=<value optimized out>, a=<value optimized out>) at vnode_if.c:1793
#6  0xffffffff80686ec7 in kern_getdirentries (td=0xfffffe001724d000, fd=<value optimized out>, buf=0x8010ab000 <Address 0x8010ab000 out of bounds>, 
    count=<value optimized out>, basep=0xffffff81a3edfb10) at vnode_if.h:758
#7  0xffffffff80686c1b in sys_getdirentries (td=0x0, uap=0xffffff81a3edfbc0) at /usr/src/sys/kern/vfs_syscalls.c:4145
#8  0xffffffff808401b9 in amd64_syscall (td=0xfffffe001724d000, traced=0) at subr_syscall.c:135
#9  0xffffffff8082978b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:391
#10 0x0000000800d032ec in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language:  auto; currently minimal

uname:
FreeBSD HP635 9.3-RELEASE FreeBSD 9.3-RELEASE #5: Tue Nov 17 20:24:39 MSK 2015     Freeman@thanatos:/usr/obj/usr/src/sys/E300  amd64

dmesg:
Copyright (c) 1992-2014 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 9.3-RELEASE #5: Tue Nov 17 20:24:39 MSK 2015
    Freeman@thanatos:/usr/obj/usr/src/sys/E300 amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
info: [drm] Initialized drm 1.1.0 20060810
CPU: AMD E-300 APU with Radeon(tm) HD Graphics (1297.26-MHz K8-class CPU)
  Origin = "AuthenticAMD"  Id = 0x500f20  Family = 0x14  Model = 0x2  Stepping = 0
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x802209<SSE3,MON,SSSE3,CX16,POPCNT>
  AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD Features2=0x35ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,IBS,SKINIT,WDT>
  TSC: P-state invariant, performance statistics
real memory  = 6442450944 (6144 MB)
avail memory = 5767602176 (5500 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <HP     INSYDE  >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
ioapic0: Changing APIC ID to 4
ioapic0 <Version 2.1> irqs 0-23 on motherboard
kbd1 at kbdmux0
acpi0: <HPQOEM SLIC-MPC> on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff irq 0,8 on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 450
atrtc0: <AT realtime clock> port 0x70-0x71 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_ec0: <Embedded Controller: GPE 0x3> port 0x62,0x66 on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0x4000-0x40ff mem 0xe0000000-0xefffffff,0xf0400000-0xf043ffff irq 18 at device 1.0 on pci0
acpi_video0: <ACPI video extension> on vgapci0
drmn0: <Wrestler [Radeon HD 6310]> on vgapci0
info: [drm] MSI enabled 1 message(s)
info: [drm] RADEON_IS_PCIE
info: [drm] initializing kernel modesetting (PALM 0x1002:0x9802 0x103C:0x3577).
info: [drm] register mmio base: 0xF0400000
info: [drm] register mmio size: 262144
info: [drm] radeon_atrm_get_bios: ===> Try ATRM...
info: [drm] radeon_atrm_get_bios: IGP card detected, skipping this method...
info: [drm] radeon_acpi_vfct_bios: ===> Try VFCT...
info: [drm] radeon_acpi_vfct_bios: Get "VFCT" ACPI table
info: [drm] radeon_acpi_vfct_bios: Failed to get "VFCT" table: AE_NOT_FOUND
info: [drm] igp_read_bios_from_vram: ===> Try IGP's VRAM...
info: [drm] igp_read_bios_from_vram: VRAM base address: 0xe0000000
info: [drm] igp_read_bios_from_vram: Map address: 0xfffffe00e0000000 (262144 bytes)
info: [drm] igp_read_bios_from_vram: Incorrect BIOS signature: 0x0000
info: [drm] radeon_read_bios: ===> Try PCI Expansion ROM...
info: [drm] radeon_read_bios: Map address: 0xfffffe00000c0000 (131072 bytes)
info: [drm] ATOM BIOS: HP
drmn0: info: VRAM: 384M 0x0000000000000000 - 0x0000000017FFFFFF (384M used)
drmn0: info: GTT: 512M 0x0000000018000000 - 0x0000000037FFFFFF
info: [drm] Detected VRAM RAM=384M, BAR=256M
info: [drm] RAM width 32bits DDR
[TTM] Zone  kernel: Available graphics memory: 2930450 kiB
[TTM] Zone   dma32: Available graphics memory: 2097152 kiB
[TTM] Initializing pool allocator
info: [drm] radeon: 384M of VRAM memory ready
info: [drm] radeon: 512M of GTT memory ready.
info: [drm] Supports vblank timestamp caching Rev 1 (10.10.2010).
info: [drm] Driver supports precise vblank timestamp query.
info: [drm] radeon: irq initialized.
info: [drm] GART: num cpu pages 131072, num gpu pages 131072
info: [drm] Loading PALM Microcode
info: [drm] PCIE GART of 512M enabled (table at 0x0000000000040000).
drmn0: info: WB enabled
drmn0: info: fence driver on ring 0 use gpu addr 0x0000000018000c00 and cpu addr 0x0xfffffe0002ec5c00
drmn0: info: fence driver on ring 3 use gpu addr 0x0000000018000c0c and cpu addr 0x0xfffffe0002ec5c0c
info: [drm] ring test on 0 succeeded in 1 usecs
info: [drm] ring test on 3 succeeded in 1 usecs
info: [drm] ib test on ring 0 succeeded in 0 usecs
info: [drm] ib test on ring 3 succeeded in 0 usecs
info: [drm] radeon_device_init: Taking over the fictitious range 0xe0000000-0xf0000000
iicbus0: <Philips I2C bus> on iicbb0 addr 0xff
iic0: <I2C generic I/O> on iicbus0
iicbus1: <Philips I2C bus> on iicbb1 addr 0x0
iic1: <I2C generic I/O> on iicbus1
iicbus2: <Philips I2C bus> on iicbb2 addr 0x0
iic2: <I2C generic I/O> on iicbus2
iicbus3: <Philips I2C bus> on iicbb3 addr 0x0
iic3: <I2C generic I/O> on iicbus3
iicbus4: <Philips I2C bus> on iicbb4 addr 0x0
iic4: <I2C generic I/O> on iicbus4
iicbus5: <Philips I2C bus> on iicbb5 addr 0x0
iic5: <I2C generic I/O> on iicbus5
iicbus6: <Philips I2C bus> on iicbb6 addr 0x0
iic6: <I2C generic I/O> on iicbus6
iicbus7: <Philips I2C bus> on iicbb7 addr 0x0
iic7: <I2C generic I/O> on iicbus7
info: [drm] Radeon Display Connectors
info: [drm] Connector 0:
info: [drm]   LVDS-1
info: [drm]   HPD1
info: [drm]   DDC: 0x6430 0x6430 0x6434 0x6434 0x6438 0x6438 0x643c 0x643c
info: [drm]   Encoders:
info: [drm]     LCD1: INTERNAL_UNIPHY
info: [drm] Connector 1:
info: [drm]   HDMI-A-1
info: [drm]   HPD2
info: [drm]   DDC: 0x6440 0x6440 0x6444 0x6444 0x6448 0x6448 0x644c 0x644c
info: [drm]   Encoders:
info: [drm]     DFP1: INTERNAL_UNIPHY
info: [drm] Connector 2:
info: [drm]   VGA-1
info: [drm]   DDC: 0x64d8 0x64d8 0x64dc 0x64dc 0x64e0 0x64e0 0x64e4 0x64e4
info: [drm]   Encoders:
info: [drm]     CRT1: INTERNAL_KLDSCP_DAC1
info: [drm] Internal thermal controller without fan control
info: [drm] radeon: power management initialized
info: [drm] fb mappable at 0xE0142000
info: [drm] vram apper at 0xE0000000
info: [drm] size 4325376
info: [drm] fb depth is 24
info: [drm]    pitch is 5632
fbd0 on drmn0
vt_allocate: Replace existing VT driver.
error: [drm:pid0:radeon_acpi_init] *ERROR* Cannot find a backlight controller
info: [drm] Initialized radeon 2.29.0 20080528
vgapci0: Boot video device
hdac0: <ATI (0x1314) HDA Controller> mem 0xf0444000-0xf0447fff irq 19 at device 1.1 on pci0
ahci0: <AMD SB7x0/SB8x0/SB9x0 AHCI SATA controller> port 0x4118-0x411f,0x4124-0x4127,0x4110-0x4117,0x4120-0x4123,0x4100-0x410f mem 0xf044d000-0xf044d3ff irq 19 at device 17.0 on pci0
ahci0: AHCI v1.20 with 2 6Gbps ports, Port Multiplier supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ohci0: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf044c000-0xf044cfff irq 18 at device 18.0 on pci0
usbus0 on ohci0
ehci0: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem 0xf044b000-0xf044b0ff irq 17 at device 18.2 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
hdac1: <ATI SB600 HDA Controller> mem 0xf0440000-0xf0443fff irq 16 at device 20.2 on pci0
isab0: <PCI-ISA bridge> at device 20.3 on pci0
isa0: <ISA bus> on isab0
pcib1: <ACPI PCI-PCI bridge> at device 20.4 on pci0
pci1: <ACPI PCI bus> on pcib1
ohci1: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf044a000-0xf044afff irq 18 at device 20.5 on pci0
usbus2 on ohci1
pcib2: <ACPI PCI-PCI bridge> at device 21.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pci2: <unknown> at device 0.0 (no driver attached)
pcib3: <ACPI PCI-PCI bridge> at device 21.1 on pci0
pci6: <ACPI PCI bus> on pcib3
re0: <RealTek 810xE PCIe 10/100baseTX> port 0x2000-0x20ff mem 0xf0104000-0xf0104fff,0xf0100000-0xf0103fff irq 21 at device 0.0 on pci6
re0: Using 1 MSI-X message
re0: ASPM disabled
re0: Chip rev. 0x40800000
re0: MAC rev. 0x00200000
miibus0: <MII bus> on re0
rlphy0: <RTL8201E 10/100 media interface> PHY 1 on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
re0: Ethernet address: ac:16:2d:53:99:72
pcib4: <ACPI PCI-PCI bridge> at device 21.3 on pci0
pci7: <ACPI PCI bus> on pcib4
ath0: <Atheros 9285> mem 0xf0200000-0xf020ffff irq 23 at device 0.0 on pci7
[ath] AR9285E_20 detected; using XE TX gain tables
ath0: AR9285 mac 192.2 RF5133 phy 14.0
ohci2: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf0449000-0xf0449fff irq 18 at device 22.0 on pci0
usbus3 on ohci2
ehci1: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem 0xf0448000-0xf04480ff irq 17 at device 22.2 on pci0
usbus4: EHCI version 1.0
usbus4 on ehci1
acpi_wmi0: <ACPI-WMI mapping> on acpi0
acpi_hp0: <HP ACPI-WMI Mapping> on acpi_wmi0
acpi_hp0: HP event GUID detected, installing event handler
acpi_acad0: <AC Adapter> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 0
battery0: <ACPI Control Method Battery> on acpi0
amdsbwd0: <AMD SB8xx Watchdog Timer> at iomem 0xfec000f0-0xfec000f3,0xfec000f4-0xfec000f7 on isa0
ctl: CAM Target Layer loaded
acpi_throttle0: <ACPI CPU Throttling> on cpu0
hwpstate0: <Cool`n'Quiet 2.0> on cpu0
Timecounters tick every 1.000 msec
ipfw2 initialized, divert loadable, nat loadable, default to deny, logging disabled
hdacc0: <ATI R6xx HDA CODEC> at cad 0 on hdac0
hdaa0: <ATI R6xx Audio Function Group> at nid 1 on hdacc0
pcm0: <ATI R6xx (HDMI)> at nid 3 on hdaa0
hdacc1: <Realtek ALC270 HDA CODEC> at cad 0 on hdac1
hdaa1: <Realtek ALC270 Audio Function Group> at nid 1 on hdacc1
pcm1: <Realtek ALC270 (Analog 2.0+HP/2.0)> at nid 20,33 and 24 on hdaa1
pcm2: <Realtek ALC270 (Onboard Analog Mic)> at nid 18 on hdaa1
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 480Mbps High Speed USB v2.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ugen0.1: <ATI> at usbus0
uhub0: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
ugen1.1: <ATI> at usbus1
uhub1: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
ugen2.1: <ATI> at usbus2
uhub2: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen3.1: <ATI> at usbus3
uhub3: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen4.1: <ATI> at usbus4
uhub4: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <TOSHIBA MK3276GSX GS001C> ATA-8 SATA 2.x device
ada0: Serial Number Y1J9C50MT
ada0: 300.000MB/s transfers (SATA 2.x, UDMA5, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 305245MB (625142448 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad4
SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 1297262167 Hz quality 800
cd0 at ahcich1 bus 0 scbus1 target 0 lun 0
cd0: <hp DVD A  DS8A8SH KH61> Removable CD-ROM SCSI-0 device 
cd0: Serial Number 696212041341
cd0: 150.000MB/s transfers (SATA 1.x, UDMA5, ATAPI 12bytes, PIO 8192bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed
uhub2: 2 ports with 2 removable, self powered
uhub3: 4 ports with 4 removable, self powered
uhub0: 5 ports with 5 removable, self powered
GEOM_JOURNAL: Journal 4122145597: ada0s1a contains data.
GEOM_JOURNAL: Journal 4122145597: ada0s1a contains journal.
GEOM_JOURNAL: Journal ada0s1a consistent.
GEOM_JOURNAL: Journal 3177482727: ada0s1d contains data.
GEOM_JOURNAL: Journal 3177482727: ada0s1d contains journal.
GEOM_JOURNAL: Journal 1284059668: ada0s1e contains data.
GEOM_JOURNAL: Journal 1284059668: ada0s1e contains journal.
GEOM_JOURNAL: Journal 3655574912: ada0s1f contains data.
GEOM_JOURNAL: Journal 3655574912: ada0s1f contains journal.
GEOM_JOURNAL: Journal ada0s1e consistent.
GEOM_JOURNAL: Journal ada0s1d consistent.
GEOM_JOURNAL: Journal ada0s1f consistent.
ugen2.2: <vendor 0x03f0> at usbus2
Trying to mount root from ufs:/dev/ada0s1a.journal [rw,async]...
WARNING: / was not properly dismounted
uhub4: 4 ports with 4 removable, self powered
uhub1: 5 ports with 5 removable, self powered
ugen4.2: <HP Webcam-101> at usbus4
ugen0.2: <Microsoft> at usbus0
ums0: <Microsoft Basic Optical Mouse, class 0/0, rev 1.10/0.00, addr 2> on usbus0
ums0: 3 buttons and [XYZ] coordinates ID=0
wlan0: Ethernet address: 9c:b7:0d:f7:0e:2e
ubt0: <vendor 0x03f0 product 0x311d, class 224/1, rev 1.10/0.01, addr 2> on usbus2
WARNING: attempt to domain_add(bluetooth) after domainfinalize()
WARNING: attempt to domain_add(netgraph) after domainfinalize()
ubt0: ubt_bulk_read_callback:934: bulk-in transfer failed: USB_ERR_IOERROR
ubt0: ubt_intr_read_callback:834: interrupt transfer failed: USB_ERR_IOERROR
--cut off lot of the same errors--
ubt0: ubt_bulk_read_callback:934: bulk-in transfer failed: USB_ERR_IOERROR
ubt0: ubt_intr_read_callback:834: interrupt transfer failed: USB_ERR_IOERROR
ng_hci_process_command_timeout: ubt0hci - unable to complete HCI command OGF=0x3, OCF=0x3. Timeout
ubt0: ubt_bulk_read_callback:934: bulk-in transfer failed: USB_ERR_IOERROR
ubt0: ubt_intr_read_callback:834: interrupt transfer failed: USB_ERR_IOERROR
--cut off lot of the same errors--
ubt0: ubt_bulk_read_callback:934: bulk-in transfer failed: USB_ERR_IOERROR
ubt0: ubt_intr_read_callback:834: interrupt transfer failed: USB_ERR_IOERROR
fuse-freebsd: version 0.4.4, FUSE ABI 7.8


Thank you.

Comment 1 Alexey 2016-03-12 01:58:39 UTC

This bug is reproducible on FreeBSD 10.2-RELEASE (and others i guess):
KDB: stack backtrace:
#0 0xffffffff80984e30 at kdb_backtrace+0x60
#1 0xffffffff809489e6 at vpanic+0x126
#2 0xffffffff809488b3 at panic+0x43
#3 0xffffffff80976462 at __stack_chk_fail+0x12
#4 0xffffffff8083c652 at msdosfs_readdir+0x782
#5 0xffffffff80e731c7 at VOP_READDIR_APV+0xa7
#6 0xffffffff809f72bc at kern_getdirentries+0x21c
#7 0xffffffff809f7078 at sys_getdirentries+0x28
#8 0xffffffff80d4b3a7 at amd64_syscall+0x357

uname:
FreeBSD HP635 10.2-RELEASE-p7 FreeBSD 10.2-RELEASE-p7 #0: Mon Nov  2 14:19:39 UTC 2015     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

dmesg:
Copyright (c) 1992-2015 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.2-RELEASE-p7 #0: Mon Nov  2 14:19:39 UTC 2015
    root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
VT: running with driver "vga".
info: [drm] Initialized drm 1.1.0 20060810
CPU: AMD E-300 APU with Radeon(tm) HD Graphics (1297.27-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x500f20  Family=0x14  Model=0x2  Stepping=0
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x802209<SSE3,MON,SSSE3,CX16,POPCNT>
  AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD Features2=0x35ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,IBS,SKINIT,WDT>
  SVM: (disabled in BIOS) NP,NRIP,NAsids=8
  TSC: P-state invariant, performance statistics
real memory  = 6442450944 (6144 MB)
avail memory = 5782937600 (5515 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <HP     INSYDE  >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
ioapic0: Changing APIC ID to 4
ioapic0 <Version 2.1> irqs 0-23 on motherboard
random: <Software, Yarrow> initialized
module_register_init: MOD_LOAD (vesa, 0xffffffff80db8e60, 0) error 19
kbd1 at kbdmux0
acpi0: <HPQOEM SLIC-MPC> on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff irq 0,8 on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 450
atrtc0: <AT realtime clock> port 0x70-0x71 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_ec0: <Embedded Controller: GPE 0x3> port 0x62,0x66 on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0x4000-0x40ff mem 0xe0000000-0xefffffff,0xf0400000-0xf043ffff irq 18 at device 1.0 on pci0
acpi_video0: <ACPI video extension> on vgapci0
drmn0: <Wrestler [Radeon HD 6310]> on vgapci0
info: [drm] RADEON_IS_PCIE
info: [drm] initializing kernel modesetting (PALM 0x1002:0x9802 0x103C:0x3577).
info: [drm] register mmio base: 0xF0400000
info: [drm] register mmio size: 262144
info: [drm] radeon_atrm_get_bios: ===> Try ATRM...
info: [drm] radeon_atrm_get_bios: IGP card detected, skipping this method...
info: [drm] radeon_acpi_vfct_bios: ===> Try VFCT...
info: [drm] radeon_acpi_vfct_bios: Get "VFCT" ACPI table
info: [drm] radeon_acpi_vfct_bios: Failed to get "VFCT" table: AE_NOT_FOUND
info: [drm] igp_read_bios_from_vram: ===> Try IGP's VRAM...
info: [drm] igp_read_bios_from_vram: VRAM base address: 0xe0000000
info: [drm] igp_read_bios_from_vram: Map address: 0xfffff800e0000000 (262144 bytes)
info: [drm] igp_read_bios_from_vram: Incorrect BIOS signature: 0x0000
info: [drm] radeon_read_bios: ===> Try PCI Expansion ROM...
info: [drm] radeon_read_bios: Map address: 0xfffff800000c0000 (131072 bytes)
info: [drm] ATOM BIOS: HP
drmn0: info: VRAM: 384M 0x0000000000000000 - 0x0000000017FFFFFF (384M used)
drmn0: info: GTT: 512M 0x0000000018000000 - 0x0000000037FFFFFF
info: [drm] Detected VRAM RAM=384M, BAR=256M
info: [drm] RAM width 32bits DDR
[TTM] Zone  kernel: Available graphics memory: 2924656 kiB
[TTM] Zone   dma32: Available graphics memory: 2097152 kiB
[TTM] Initializing pool allocator
info: [drm] radeon: 384M of VRAM memory ready
info: [drm] radeon: 512M of GTT memory ready.
info: [drm] Supports vblank timestamp caching Rev 1 (10.10.2010).
info: [drm] Driver supports precise vblank timestamp query.
info: [drm] MSI enabled 1 message(s)
drmn0: info: radeon: using MSI.
info: [drm] radeon: irq initialized.
info: [drm] GART: num cpu pages 131072, num gpu pages 131072
info: [drm] Loading PALM Microcode
info: [drm] PCIE GART of 512M enabled (table at 0x0000000000040000).
drmn0: info: WB enabled
drmn0: info: fence driver on ring 0 use gpu addr 0x0000000018000c00 and cpu addr 0x0xfffff80002f61c00
drmn0: info: fence driver on ring 3 use gpu addr 0x0000000018000c0c and cpu addr 0x0xfffff80002f61c0c
info: [drm] ring test on 0 succeeded in 1 usecs
info: [drm] ring test on 3 succeeded in 1 usecs
info: [drm] ib test on ring 0 succeeded in 0 usecs
info: [drm] ib test on ring 3 succeeded in 0 usecs
info: [drm] radeon_device_init: Taking over the fictitious range 0xe0000000-0xf0000000
iicbus0: <Philips I2C bus> on iicbb0 addr 0xff
iic0: <I2C generic I/O> on iicbus0
iicbus1: <Philips I2C bus> on iicbb1 addr 0x0
iic1: <I2C generic I/O> on iicbus1
iicbus2: <Philips I2C bus> on iicbb2 addr 0x0
iic2: <I2C generic I/O> on iicbus2
iicbus3: <Philips I2C bus> on iicbb3 addr 0x0
iic3: <I2C generic I/O> on iicbus3
iicbus4: <Philips I2C bus> on iicbb4 addr 0x0
iic4: <I2C generic I/O> on iicbus4
iicbus5: <Philips I2C bus> on iicbb5 addr 0x0
iic5: <I2C generic I/O> on iicbus5
iicbus6: <Philips I2C bus> on iicbb6 addr 0x0
iic6: <I2C generic I/O> on iicbus6
iicbus7: <Philips I2C bus> on iicbb7 addr 0x0
iic7: <I2C generic I/O> on iicbus7
info: [drm] Radeon Display Connectors
info: [drm] Connector 0:
info: [drm]   LVDS-1
info: [drm]   HPD1
info: [drm]   DDC: 0x6430 0x6430 0x6434 0x6434 0x6438 0x6438 0x643c 0x643c
info: [drm]   Encoders:
info: [drm]     LCD1: INTERNAL_UNIPHY
info: [drm] Connector 1:
info: [drm]   HDMI-A-1
info: [drm]   HPD2
info: [drm]   DDC: 0x6440 0x6440 0x6444 0x6444 0x6448 0x6448 0x644c 0x644c
info: [drm]   Encoders:
info: [drm]     DFP1: INTERNAL_UNIPHY
info: [drm] Connector 2:
info: [drm]   VGA-1
info: [drm]   DDC: 0x64d8 0x64d8 0x64dc 0x64dc 0x64e0 0x64e0 0x64e4 0x64e4
info: [drm]   Encoders:
info: [drm]     CRT1: INTERNAL_KLDSCP_DAC1
info: [drm] Internal thermal controller without fan control
info: [drm] radeon: power management initialized
info: [drm] Connector LVDS-1: get mode from tunables:
info: [drm]   - kern.vt.fb.modes.LVDS-1
info: [drm]   - kern.vt.fb.default_mode
info: [drm] Connector HDMI-A-1: get mode from tunables:
info: [drm]   - kern.vt.fb.modes.HDMI-A-1
info: [drm]   - kern.vt.fb.default_mode
info: [drm] Connector VGA-1: get mode from tunables:
info: [drm]   - kern.vt.fb.modes.VGA-1
info: [drm]   - kern.vt.fb.default_mode
info: [drm] fb mappable at 0xE0142000
info: [drm] vram apper at 0xE0000000
info: [drm] size 4325376
info: [drm] fb depth is 24
info: [drm]    pitch is 5632
fbd0 on drmn0
VT: Replacing driver "vga" with new "fb".
error: [drm:pid0:radeon_acpi_init] *ERROR* Cannot find a backlight controller
info: [drm] Initialized radeon 2.29.0 20080528 for drmn0 on minor 0
vgapci0: Boot video device
hdac0: <ATI (0x1314) HDA Controller> mem 0xf0444000-0xf0447fff irq 19 at device 1.1 on pci0
ahci0: <AMD SB7x0/SB8x0/SB9x0 AHCI SATA controller> port 0x4118-0x411f,0x4124-0x4127,0x4110-0x4117,0x4120-0x4123,0x4100-0x410f mem 0xf044d000-0xf044d3ff irq 19 at device 17.0 on pci0
ahci0: AHCI v1.20 with 2 6Gbps ports, Port Multiplier supported
ahci0: quirks=0x22000<ATI_PMP_BUG,1MSI>
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ohci0: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf044c000-0xf044cfff irq 18 at device 18.0 on pci0
usbus0 on ohci0
ehci0: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem 0xf044b000-0xf044b0ff irq 17 at device 18.2 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
hdac1: <ATI SB600 HDA Controller> mem 0xf0440000-0xf0443fff irq 16 at device 20.2 on pci0
isab0: <PCI-ISA bridge> at device 20.3 on pci0
isa0: <ISA bus> on isab0
pcib1: <ACPI PCI-PCI bridge> at device 20.4 on pci0
pci1: <ACPI PCI bus> on pcib1
ohci1: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf044a000-0xf044afff irq 18 at device 20.5 on pci0
usbus2 on ohci1
pcib2: <ACPI PCI-PCI bridge> at device 21.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pci2: <unknown> at device 0.0 (no driver attached)
pcib3: <ACPI PCI-PCI bridge> at device 21.1 on pci0
pci6: <ACPI PCI bus> on pcib3
re0: <RealTek 810xE PCIe 10/100baseTX> port 0x2000-0x20ff mem 0xf0104000-0xf0104fff,0xf0100000-0xf0103fff irq 21 at device 0.0 on pci6
re0: Using 1 MSI-X message
re0: ASPM disabled
re0: Chip rev. 0x40800000
re0: MAC rev. 0x00200000
miibus0: <MII bus> on re0
rlphy0: <RTL8201E 10/100 media interface> PHY 1 on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: ac:16:2d:53:99:72
pcib4: <ACPI PCI-PCI bridge> at device 21.3 on pci0
pci7: <ACPI PCI bus> on pcib4
ath0: <Atheros 9285> mem 0xf0200000-0xf020ffff irq 23 at device 0.0 on pci7
[ath] AR9285E_20 detected; using XE TX gain tables
[ath] AR9285 Main LNA config: LNA1
[ath] AR9285 Alt LNA config: LNA2
[ath] LNA diversity disabled, Diversity disabled
ath0: [HT] enabling HT modes
ath0: [HT] 1 stream STBC receive enabled
ath0: [HT] 1 RX streams; 1 TX streams
ath0: AR9285 mac 192.2 RF5133 phy 14.0
ath0: 2GHz radio: 0x0000; 5GHz radio: 0x00c0
ohci2: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf0449000-0xf0449fff irq 18 at device 22.0 on pci0
usbus3 on ohci2
ehci1: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem 0xf0448000-0xf04480ff irq 17 at device 22.2 on pci0
usbus4: EHCI version 1.0
usbus4 on ehci1
acpi_wmi0: <ACPI-WMI mapping> on acpi0
acpi_hp0: <HP ACPI-WMI Mapping> on acpi_wmi0
acpi_hp0: HP event GUID detected, installing event handler
acpi_acad0: <AC Adapter> on acpi0
acpi_lid0: <Control Method Lid Switch> on acpi0
acpi_button0: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model Generic PS/2 mouse, device ID 0
battery0: <ACPI Control Method Battery> on acpi0
amdsbwd0: <AMD SB8xx Watchdog Timer> at iomem 0xfec000f0-0xfec000f3,0xfec000f4-0xfec000f7 on isa0
ppc0: cannot reserve I/O port range
hwpstate0: <Cool`n'Quiet 2.0> on cpu0
random: unblocking device.
usbus0: 12Mbps Full Speed USB v1.0
fuse-freebsd: version 0.4.4, FUSE ABI 7.8
Timecounters tick every 1.000 msec
ipfw2 (+ipv6) initialized, divert loadable, nat loadable, default to deny, logging disabled
hdacc0: <ATI R6xx HDA CODEC> at cad 0 on hdac0
hdaa0: <ATI R6xx Audio Function Group> at nid 1 on hdacc0
pcm0: <ATI R6xx (HDMI)> at nid 3 on hdaa0
hdacc1: <Realtek ALC270 HDA CODEC> at cad 0 on hdac1
hdaa1: <Realtek ALC270 Audio Function Group> at nid 1 on hdacc1
pcm1: <Realtek ALC270 (Analog 2.0+HP/2.0)> at nid 20,33 and 24 on hdaa1
pcm2: <Realtek ALC270 (Onboard Analog Mic)> at nid 18 on hdaa1
ugen0.1: <ATI> at usbus0
uhub0: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
usbus1: 480Mbps High Speed USB v2.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 12Mbps Full Speed USB v1.0
usbus4: 480Mbps High Speed USB v2.0
ugen4.1: <ATI> at usbus4
uhub1: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4
ugen3.1: <ATI> at usbus3
uhub2: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3
ugen2.1: <ATI> at usbus2
uhub3: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen1.1: <ATI> at usbus1
uhub4: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <TOSHIBA MK3276GSX GS001C> ATA8-ACS SATA 2.x device
ada0: Serial Number Y1J9C50MT
ada0: 300.000MB/s transfers (SATA 2.x, UDMA5, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 305245MB (625142448 512 byte sectors: 16H 18S/T 16383C)
ada0: Previously was known as ad4
cd0 at ahcich1 bus 0 scbus1 target 0 lun 0
cd0: <hp DVD A  DS8A8SH KH61> Removable CD-ROM SCSI device
cd0: Serial Number 696212041341
cd0: 150.000MB/s transfers (SATA 1.x, UDMA5, ATAPI 12bytes, PIO 8192bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed
SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 1297265685 Hz quality 800
uhub3: 2 ports with 2 removable, self powered
uhub2: 4 ports with 4 removable, self powered
uhub0: 5 ports with 5 removable, self powered
GEOM_JOURNAL: Journal 4122145597: ada0s1a contains data.
GEOM_JOURNAL: Journal 4122145597: ada0s1a contains journal.
GEOM_JOURNAL: Journal ada0s1a clean.
GEOM_JOURNAL: Journal 3177482727: ada0s1d contains data.
GEOM_JOURNAL: Journal 3177482727: ada0s1d contains journal.
GEOM_JOURNAL: Journal ada0s1d clean.
GEOM_JOURNAL: Journal 1284059668: ada0s1e contains data.
GEOM_JOURNAL: Journal 1284059668: ada0s1e contains journal.
GEOM_JOURNAL: Journal ada0s1e clean.
GEOM_JOURNAL: Journal 3655574912: ada0s1f contains data.
GEOM_JOURNAL: Journal 3655574912: ada0s1f contains journal.
GEOM_JOURNAL: Journal ada0s1f clean.
Trying to mount root from ufs:/dev/ada0s1a.journal [rw,async]...
ugen2.2: <vendor 0x03f0> at usbus2
uhub1: 4 ports with 4 removable, self powered
uhub4: 5 ports with 5 removable, self powered
ugen4.2: <HP Webcam-101> at usbus4
ugen0.2: <Microsoft> at usbus0
wlan0: Ethernet address: 9c:b7:0d:f7:0e:2e
ums0: <Microsoft Basic Optical Mouse, class 0/0, rev 1.10/0.00, addr 2> on usbus0
ums0: 3 buttons and [XYZ] coordinates ID=0
re0: link state changed to DOWN
re0: link state changed to UP
pid 1102 (firefox), uid 1001: exited on signal 10 (core dumped)
ugen1.2: <SEMC> at usbus1
umass0: <SEMC SEMC HSUSB Device, class 0/0, rev 2.00/2.26, addr 2> on usbus1
umass0:  SCSI over Bulk-Only; quirks = 0x4100
umass0:2:0:-1: Attached to scbus2
da0 at umass-sim0 bus 0 scbus2 target 0 lun 0
da0: <SEMC Mass Storage 0100> Removable Direct Access SPC-2 SCSI device
da0: Serial Number 425839303336594C5433
da0: 40.000MB/s transfers
da0: Attempt to query device size failed: NOT READY, Medium not present
da0: quirks=0x2<NO_6_BYTE>
panic: stack overflow detected; backtrace may be corrupted
cpuid = 0
KDB: stack backtrace:
#0 0xffffffff80984e30 at kdb_backtrace+0x60
#1 0xffffffff809489e6 at vpanic+0x126
#2 0xffffffff809488b3 at panic+0x43
#3 0xffffffff80976462 at __stack_chk_fail+0x12
#4 0xffffffff8083c652 at msdosfs_readdir+0x782
#5 0xffffffff80e731c7 at VOP_READDIR_APV+0xa7
#6 0xffffffff809f72bc at kern_getdirentries+0x21c
#7 0xffffffff809f7078 at sys_getdirentries+0x28
#8 0xffffffff80d4b3a7 at amd64_syscall+0x357

Comment 2 Kristof Provost freebsd_committer

2016-03-12 02:29:47 UTC

The cause is fairly obvious. In msdosfs_readdir() we use dos2unixfn() to translate the file name. The translation can increase the length of the filename, presumably this happened with the non-english name in this case.

The output is stored in a (stored on the stack) struct dirent, where the d_name has a maximum length of 255 bytes. dos2unixfn() has no length limit, so it can overflow the d_name. This triggers the stack corruption protection. Fortunately, or this might be an exploitable bug.

Fixing it is a little annoying, because it could conceivably lead to two directory names being translated into the same string.

Comment 3 Kristof Provost freebsd_committer

2016-03-13 04:20:43 UTC

Created attachment 168071 [details]
msdosfs: Prevent buffer overflow when expanding win95 names

My initial analysis seems to have missed a different overflow, in win2unixfn(). It looks like dos2unixfn() is probably safe, because it's unlikely that an expansion of 8 or 12 bytes will take more than 255 bytes.

Can you test the attached patch? It should fix the panic you're seeing.

Comment 4 Alexey 2016-03-13 16:00:25 UTC

Yes, panic is gone, listing of directory is works. 
File is inaccessible (i guess that encoding problems). 8.3 filenames can use non-english encodings (usually non-dos (for example - not cp866 but cp1251 in russian locale)).

$ls /media/da0s1/Superlongname/
‘…ђѓ…‰~1.MP3

Comment 5 Kristof Provost freebsd_committer

2016-04-16 10:40:24 UTC

I've posted the patch for review in https://reviews.freebsd.org/D5977

I've also seen the problem you report in comment #4, but I'm afraid I don't know enough about how encodings work for fat to do anything about it.

Comment 6 commit-hook freebsd_committer

2016-04-26 20:36:51 UTC

A commit references this bug:

Author: kp
Date: Tue Apr 26 20:36:32 UTC 2016
New revision: 298664
URL: https://svnweb.freebsd.org/changeset/base/298664

Log:
  msdosfs: Prevent buffer overflow when expanding win95 names

  In win2unixfn() we expand Windows 95 style long names. In some cases that
  requires moving the data in the nbp->nb_buf buffer backwards to make room. That
  code failed to check for overflows, leading to a stack overflow in win2unixfn().

  We now check for this event, and mark the entire conversion as failed in that
  case. This means we present the 8 character, dos style, name instead.

  PR: 204643
  Differential Revision:	https://reviews.freebsd.org/D6015

Changes:
  head/sys/fs/msdosfs/direntry.h
  head/sys/fs/msdosfs/msdosfs_conv.c

Comment 7 commit-hook freebsd_committer

2016-04-29 20:20:41 UTC

A commit references this bug:

Author: kp
Date: Fri Apr 29 20:19:41 UTC 2016
New revision: 298799
URL: https://svnweb.freebsd.org/changeset/base/298799

Log:
  MFC r298664

  msdosfs: Prevent buffer overflow when expanding win95 names

  In win2unixfn() we expand Windows 95 style long names. In some cases that
  requires moving the data in the nbp->nb_buf buffer backwards to make room. That
  code failed to check for overflows, leading to a stack overflow in win2unixfn().

  We now check for this event, and mark the entire conversion as failed in that
  case. This means we present the 8 character, dos style, name instead.

  PR: 204643
  Differential Revision:      https://reviews.freebsd.org/D6015

Changes:
_U  stable/10/
  stable/10/sys/fs/msdosfs/direntry.h
  stable/10/sys/fs/msdosfs/msdosfs_conv.c

Comment 8 Jilles Tjoelker freebsd_committer

2016-12-27 23:42:21 UTC

*** Bug 141897 has been marked as a duplicate of this bug. ***

Comment 9 Ed Maste freebsd_committer

2017-10-13 17:46:53 UTC

A change has been committed to HEAD and merged to stable/10 -- is this now resolved?

Comment 10 Kristof Provost freebsd_committer

2017-10-13 17:49:29 UTC

(In reply to Ed Maste from comment #9)
The panic is resolved, yes. I think this can be closed.