REDZONE: Buffer overflow detected

0

I updated my laptop running FreeBSD current yesterday. For the first time I saw kernel messages about redzone violations.

Here’s a sample.

REDZONE: Buffer overflow detected. 4 bytes corrupted after 0xfffff8002e593b84 (4 bytes allocated).
Allocation backtrace:
#0 0xffffffff80cd3a70 at redzone_setup+0xc0
#1 0xffffffff84f0a98f at drm_client_modeset_probe+0x19f
#2 0xffffffff84f4c9db at __drm_fb_helper_initial_config_and_unlock+0x2b
#3 0xffffffff850b5cd0 at intel_fbdev_initial_config_async+0x20
#4 0xffffffff84f84fdb at i915_driver_register+0x6b
#5 0xffffffff84f84e9b at i915_driver_probe+0xeeb
#6 0xffffffff84f97400 at i915_pci_probe+0x40
#7 0xffffffff80c2051b at linux_pci_attach_device+0x43b
#8 0xffffffff8096068f at device_attach+0x3ef
#9 0xffffffff80962421 at bus_generic_driver_added+0xa1
#10 0xffffffff8095dc49 at devclass_driver_added+0x39
#11 0xffffffff8095dbcd at devclass_add_driver+0x13d
VT: Replacing driver "efifb" with new "fb".
#12 0xffffffff80c20d8c at _linux_pci_register_driver+0xcc
#13 0xffffffff84f97379 at i915kms_evh+0x39
#14 0xffffffff808fbea4 at module_register_init+0x84
#15 0xffffffff808ecbfa at linker_load_module+0xb9a
#16 0xffffffff808ee789 at kern_kldload+0x169
#17 0xffffffff808ee8ab at sys_kldload+0x5b
Free backtrace:
#0 0xffffffff80cd3da0 at redzone_check+0x2e0
#1 0xffffffff808f7372 at free+0x22
#2 0xffffffff80c28de2 at linux_kfree_async_fn+0x12
#3 0xffffffff809878a1 at taskqueue_run_locked+0x181
#4 0xffffffff80988b63 at taskqueue_thread_loop+0xc3
#5 0xffffffff808da84d at fork_exit+0x7d
#6 0xffffffff80d7134e at fork_trampoline+0xe

Luckily, I always recompile my kernel modules originating from the ports collection when I do my other ports. This time I simply had to forcefully reinstall graphics/drm-510-kmod, i.e. pkg install -fy drm-510-kmod, and reboot my laptop.

Usually when the DRM module and kernel disagree, the module refuses to load due to a different kernel ABI number. Well, not this time. X11 continued to function despite the 3777 buffer overflow reports.

The majority of the remaining buffer overflow reports looked like this one.

REDZONE: Buffer overflow detected. 4 bytes corrupted after 0xfffff805824e6884 (4 bytes allocated).
Allocation backtrace:
#0 0xffffffff80cd3a70 at redzone_setup+0xc0
#1 0xffffffff84f44a4a at drm_syncobj_array_find+0x3a
#2 0xffffffff84f44939 at drm_syncobj_wait_ioctl+0x59
#3 0xffffffff84f3238a at drm_ioctl_kernel+0xca
#4 0xffffffff84f32737 at drm_ioctl+0x2a7
#5 0xffffffff80c15cc2 at linux_file_ioctl+0x312
#6 0xffffffff80994877 at kern_ioctl+0x257
#7 0xffffffff809945ab at sys_ioctl+0x12b
#8 0xffffffff80d99ba0 at amd64_syscall+0x770
#9 0xffffffff80d70bfb at fast_syscall_common+0xf8
Free backtrace:
#0 0xffffffff80cd3da0 at redzone_check+0x2e0
#1 0xffffffff808f7372 at free+0x22
#2 0xffffffff80c28de2 at linux_kfree_async_fn+0x12
#3 0xffffffff809878a1 at taskqueue_run_locked+0x181
#4 0xffffffff80988b63 at taskqueue_thread_loop+0xc3
#5 0xffffffff808da84d at fork_exit+0x7d
#6 0xffffffff80d7134e at fork_trampoline+0xe

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>