Dirk Schneider
2023-Dec-09 14:43 UTC
[Nut-upsuser] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0
Hi, i run NUT on a Raspberry Pi 3 Model B and after the latest OS Update i get the following Error from KFENCE, the current OS Version is the first with KFENCE so it possible that this Problem has was always existing. [21963.079554] =================================================================[21963.079580] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0 [21963.079580] [21963.079604] Corrupted memory at 0x0000000025448a9e [ ! ! ! . . . . . . . . . . . . . ] (in kfence-#183): [21963.079711] free_async+0x1d8/0x1e0 [21963.079728] usbdev_ioctl+0x138/0x1c40 [21963.079744] __arm64_sys_ioctl+0xd0/0x130 [21963.079769] invoke_syscall+0x7c/0x130 [21963.079793] el0_svc_common.constprop.0+0x6c/0x160 [21963.079815] do_el0_svc+0x38/0x120 [21963.079835] el0_svc+0x34/0xc0 [21963.079856] el0t_64_sync_handler+0x11c/0x150 [21963.079876] el0t_64_sync+0x198/0x19c [21963.079892] [21963.079899] kfence-#183: 0x0000000070088b17-0x00000000bed184b6, size=5, cache=kmalloc-128 [21963.079899] [21963.079916] allocated by task 1647 on cpu 2 at 21963.076359s: [21963.079946] proc_do_submiturb+0xdb0/0x1000 [21963.079962] usbdev_ioctl+0x12c0/0x1c40 [21963.079977] __arm64_sys_ioctl+0xd0/0x130 [21963.079999] invoke_syscall+0x7c/0x130 [21963.080019] el0_svc_common.constprop.0+0x6c/0x160 [21963.080040] do_el0_svc+0x38/0x120 [21963.080060] el0_svc+0x34/0xc0 [21963.080078] el0t_64_sync_handler+0x11c/0x150 [21963.080097] el0t_64_sync+0x198/0x19c [21963.080111] [21963.080117] freed by task 1647 on cpu 2 at 21963.079503s: [21963.080155] free_async+0x1d8/0x1e0 [21963.080170] usbdev_ioctl+0x138/0x1c40 [21963.080184] __arm64_sys_ioctl+0xd0/0x130 [21963.080206] invoke_syscall+0x7c/0x130 [21963.080226] el0_svc_common.constprop.0+0x6c/0x160 [21963.080247] do_el0_svc+0x38/0x120 [21963.080267] el0_svc+0x34/0xc0 [21963.080285] el0t_64_sync_handler+0x11c/0x150 [21963.080304] el0t_64_sync+0x198/0x19c [21963.080318] [21963.080327] CPU: 2 PID: 1647 Comm: usbhid-ups Tainted: G C O 6.1.63 #1 [21963.080345] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [21963.080354] ================================================================= The UPS is an Cyber Power Systems BR700ELCD with the following driver configuration driver = usbhid-ups port = /dev/ttyUSB0 desc = "BR700ELCD" pollinterval=10 pollfreq=15 Is that an Configuration ore Hardware issue? Kind regards Dirk -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20231209/d5881fe6/attachment.htm>
Greg Troxel
2023-Dec-09 15:54 UTC
[Nut-upsuser] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0
Dirk Schneider via Nut-upsuser <nut-upsuser at alioth-lists.debian.net> writes:> Hi, > > i run NUT on a Raspberry Pi 3 Model B and after the latest OS Update i get > the following Error from KFENCE, the current OS Version is the first with > KFENCE so it possible that this Problem has was always existing.You didn't say what operating system you are running or what nut version. However, based on:> [21963.079554] > =================================================================> [21963.079580] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0 > [21963.079580] > [21963.079604] Corrupted memory at 0x0000000025448a9e [ ! ! ! . . . . . . . > . . . . . . ] (in kfence-#183): > [21963.079711] free_async+0x1d8/0x1e0 > [21963.079728] usbdev_ioctl+0x138/0x1c40 > [21963.079744] __arm64_sys_ioctl+0xd0/0x130 > [21963.079769] invoke_syscall+0x7c/0x130 > [21963.079793] el0_svc_common.constprop.0+0x6c/0x160 > [21963.079815] do_el0_svc+0x38/0x120 > [21963.079835] el0_svc+0x34/0xc0 > [21963.079856] el0t_64_sync_handler+0x11c/0x150 > [21963.079876] el0t_64_sync+0x198/0x19cit looks like this is a kernel memory validator of some kind, and it is objecting to memory handling within the kernel. I would therefore guess this is not a nut or device bug, and would suggest reading the usbdev_ioctl proc_do_submiturb source code. Guessing wildly, there might be an out-of-bounds write.
gene heskett
2023-Dec-09 16:58 UTC
[Nut-upsuser] BUG: KFENCE: memory corruption infree_async+0x1d8/0x1e0
On 12/9/23 10:16, Dirk Schneider via Nut-upsuser wrote:> Hi, > > i run NUT on a?Raspberry Pi 3 Model B and after the latest OS Update i > get the following Error from KFENCE, the current OS Version is the first > with KFENCE so it possible that this Problem has was always existing. > > [21963.079554] > =================================================================> [21963.079580] BUG: KFENCE: memory corruption in free_async+0x1d8/0x1e0 > [21963.079580] > [21963.079604] Corrupted memory at 0x0000000025448a9e [ ! ! ! . . . . . > . . . . . . . . ] (in kfence-#183): > [21963.079711] ?free_async+0x1d8/0x1e0 > [21963.079728] ?usbdev_ioctl+0x138/0x1c40 > [21963.079744] ?__arm64_sys_ioctl+0xd0/0x130 > [21963.079769] ?invoke_syscall+0x7c/0x130 > [21963.079793] ?el0_svc_common.constprop.0+0x6c/0x160 > [21963.079815] ?do_el0_svc+0x38/0x120 > [21963.079835] ?el0_svc+0x34/0xc0 > [21963.079856] ?el0t_64_sync_handler+0x11c/0x150 > [21963.079876] ?el0t_64_sync+0x198/0x19c > [21963.079892] > [21963.079899] kfence-#183: 0x0000000070088b17-0x00000000bed184b6, > size=5, cache=kmalloc-128 > [21963.079899] > [21963.079916] allocated by task 1647 on cpu 2 at 21963.076359s: > [21963.079946] ?proc_do_submiturb+0xdb0/0x1000 > [21963.079962] ?usbdev_ioctl+0x12c0/0x1c40 > [21963.079977] ?__arm64_sys_ioctl+0xd0/0x130 > [21963.079999] ?invoke_syscall+0x7c/0x130 > [21963.080019] ?el0_svc_common.constprop.0+0x6c/0x160 > [21963.080040] ?do_el0_svc+0x38/0x120 > [21963.080060] ?el0_svc+0x34/0xc0 > [21963.080078] ?el0t_64_sync_handler+0x11c/0x150 > [21963.080097] ?el0t_64_sync+0x198/0x19c > [21963.080111] > [21963.080117] freed by task 1647 on cpu 2 at 21963.079503s: > [21963.080155] ?free_async+0x1d8/0x1e0 > [21963.080170] ?usbdev_ioctl+0x138/0x1c40 > [21963.080184] ?__arm64_sys_ioctl+0xd0/0x130 > [21963.080206] ?invoke_syscall+0x7c/0x130 > [21963.080226] ?el0_svc_common.constprop.0+0x6c/0x160 > [21963.080247] ?do_el0_svc+0x38/0x120 > [21963.080267] ?el0_svc+0x34/0xc0 > [21963.080285] ?el0t_64_sync_handler+0x11c/0x150 > [21963.080304] ?el0t_64_sync+0x198/0x19c > [21963.080318] > [21963.080327] CPU: 2 PID: 1647 Comm: usbhid-ups Tainted: G ? ? ? ? C O > ? ? ? 6.1.63 #1 > [21963.080345] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) > [21963.080354] > =================================================================> > The UPS is an Cyber Power Systems BR700ELCD with the following driver > configuration > > driver = usbhid-ups > port = /dev/ttyUSB0 > desc = "BR700ELCD" > pollinterval=10 > pollfreq=15 > > Is that an Configuration ore Hardware issue?That error I see above would prompt me to see if memtest86 would run on that system. It sure looks like a stuck bit someplace in the memory. Until proven otherwise, definitely a hardware problem in the memory.> > Kind regards > Dirk > > _______________________________________________ > Nut-upsuser mailing list > Nut-upsuser at alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuserCheers, Gene Heskett. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis