[Nut-upsuser] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0
Greg Troxel
gdt at lexort.com
Sat Dec 9 15:54:42 GMT 2023
Dirk Schneider via Nut-upsuser <nut-upsuser at alioth-lists.debian.net>
writes:
> Hi,
>
> i run NUT on a Raspberry Pi 3 Model B and after the latest OS Update i get
> the following Error from KFENCE, the current OS Version is the first with
> KFENCE so it possible that this Problem has was always existing.
You didn't say what operating system you are running or what nut
version.
However, based on:
> [21963.079554]
> ==================================================================
> [21963.079580] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0
> [21963.079580]
> [21963.079604] Corrupted memory at 0x0000000025448a9e [ ! ! ! . . . . . . .
> . . . . . . ] (in kfence-#183):
> [21963.079711] free_async+0x1d8/0x1e0
> [21963.079728] usbdev_ioctl+0x138/0x1c40
> [21963.079744] __arm64_sys_ioctl+0xd0/0x130
> [21963.079769] invoke_syscall+0x7c/0x130
> [21963.079793] el0_svc_common.constprop.0+0x6c/0x160
> [21963.079815] do_el0_svc+0x38/0x120
> [21963.079835] el0_svc+0x34/0xc0
> [21963.079856] el0t_64_sync_handler+0x11c/0x150
> [21963.079876] el0t_64_sync+0x198/0x19c
it looks like this is a kernel memory validator of some kind, and it is
objecting to memory handling within the kernel. I would therefore guess
this is not a nut or device bug, and would suggest reading the
usbdev_ioctl proc_do_submiturb source code. Guessing wildly, there
might be an out-of-bounds write.
More information about the Nut-upsuser
mailing list