[Nut-upsuser] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0

Greg Troxel gdt at lexort.com
Sat Dec 9 15:54:42 GMT 2023


Dirk Schneider via Nut-upsuser <nut-upsuser at alioth-lists.debian.net>
writes:

> Hi,
>
> i run NUT on a Raspberry Pi 3 Model B and after the latest OS Update i get
> the following Error from KFENCE, the current OS Version is the first with
> KFENCE so it possible that this Problem has was always existing.

You didn't say what operating system you are running or what nut
version.
However, based on:

> [21963.079554]
> ==================================================================
> [21963.079580] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0
> [21963.079580]
> [21963.079604] Corrupted memory at 0x0000000025448a9e [ ! ! ! . . . . . . .
> . . . . . . ] (in kfence-#183):
> [21963.079711]  free_async+0x1d8/0x1e0
> [21963.079728]  usbdev_ioctl+0x138/0x1c40
> [21963.079744]  __arm64_sys_ioctl+0xd0/0x130
> [21963.079769]  invoke_syscall+0x7c/0x130
> [21963.079793]  el0_svc_common.constprop.0+0x6c/0x160
> [21963.079815]  do_el0_svc+0x38/0x120
> [21963.079835]  el0_svc+0x34/0xc0
> [21963.079856]  el0t_64_sync_handler+0x11c/0x150
> [21963.079876]  el0t_64_sync+0x198/0x19c

it looks like this is a kernel memory validator of some kind, and it is
objecting to memory handling within the kernel.  I would therefore guess
this is not a nut or device bug, and would suggest reading the
usbdev_ioctl proc_do_submiturb source code.  Guessing wildly, there
might be an out-of-bounds write.



More information about the Nut-upsuser mailing list