Hi,
Yesterday, after booting fresh kernel feacb1774bd5,
I spotted a new error message in the kernel log with the following stack trace:
[ 3.032828] ==================================================================
[ 3.032832] BUG: KASAN: global-out-of-bounds in
acpi_ut_safe_strncpy+0x1b/0x60
[ 3.032839] Read of size 16 at addr ffffffffa9d32760 by task swapper/0/1
[ 3.032846] CPU: 16 UID: 0 PID: 1 Comm: swapper/0 Not tainted
6.15.0-feacb1774bd5+ #2 PREEMPT(lazy)
[ 3.032849] Hardware name: ASUS System Product Name/ROG STRIX
B650E-I GAMING WIFI, BIOS 3222 03/05/2025
[ 3.032850] Call Trace:
[ 3.032851] <TASK>
[ 3.032852] dump_stack_lvl+0x84/0xd0
[ 3.032855] ? acpi_ut_safe_strncpy+0x1b/0x60
[ 3.032857] print_address_description.constprop.0+0x88/0x380
[ 3.032859] ? acpi_ut_safe_strncpy+0x1b/0x60
[ 3.032861] print_report+0xfc/0x1ff
[ 3.032862] ? __virt_addr_valid+0x267/0x500
[ 3.032864] ? acpi_ut_safe_strncpy+0x1b/0x60
[ 3.032866] kasan_report+0xb1/0x170
[ 3.032867] ? acpi_ut_safe_strncpy+0x1b/0x60
[ 3.032870] kasan_check_range+0x125/0x200
[ 3.032872] __asan_memcpy+0x23/0x60
[ 3.032874] acpi_ut_safe_strncpy+0x1b/0x60
[ 3.032876] acpi_ps_alloc_op+0x151/0x2f0
[ 3.032878] ? acpi_ns_get_normalized_pathname+0x76/0x1f0
[ 3.032880] acpi_ps_create_scope_op+0x1a/0x70
[ 3.032882] acpi_ps_execute_table+0x82/0x4a0
[ 3.032884] acpi_ns_execute_table+0x53b/0x8d0
[ 3.032885] ? __pfx_acpi_ns_execute_table+0x10/0x10
[ 3.032887] ? acpi_os_signal_semaphore+0xe7/0x140
[ 3.032889] ? acpi_ut_debug_dump_buffer+0x11/0x100
[ 3.032891] ? acpi_ut_release_mutex+0x1ce/0x3a0
[ 3.032893] ? __pfx_acpi_ut_trace+0x10/0x10
[ 3.032895] ? __pfx_acpi_init+0x10/0x10
[ 3.032898] acpi_ns_parse_table+0xa5/0x130
[ 3.032899] acpi_ns_load_table+0x9d/0x3e0
[ 3.032901] acpi_tb_load_namespace+0x25d/0x790
[ 3.032902] ? acpi_ev_install_region_handlers+0xfe/0x180
[ 3.032905] ? __pfx_acpi_init+0x10/0x10
[ 3.032906] acpi_load_tables+0x76/0x110
[ 3.032908] acpi_bus_init+0x83/0x5e0
[ 3.032909] ? __pfx_acpi_bus_init+0x10/0x10
[ 3.032911] ? __pfx_up+0x10/0x10
[ 3.032913] ? __pfx_acpi_pcc_address_space_handler+0x10/0x10
[ 3.032915] ? acpi_ev_install_space_handler+0x469/0x870
[ 3.032917] ? __pfx_acpi_pcc_address_space_setup+0x10/0x10
[ 3.032918] ? acpi_os_signal_semaphore+0xe7/0x140
[ 3.032920] ? acpi_ut_release_mutex+0x1ce/0x3a0
[ 3.032922] ? __pfx_acpi_pcc_address_space_setup+0x10/0x10
[ 3.032923] ? __pfx_acpi_pcc_address_space_handler+0x10/0x10
[ 3.032924] ? acpi_install_address_space_handler_internal+0xc3/0x140
[ 3.032927] acpi_init+0x105/0x290
[ 3.032929] ? __pfx_acpi_init+0x10/0x10
[ 3.032930] ? __pfx_fbmem_init+0x10/0x10
[ 3.032931] ? fbcon_output_notifier.cold+0x4a/0x63
[ 3.032933] do_one_initcall+0xd2/0x450
[ 3.032934] ? __pfx_do_one_initcall+0x10/0x10
[ 3.032936] ? do_initcalls+0x2c/0x240
[ 3.032939] do_initcalls+0x216/0x240
[ 3.032941] kernel_init_freeable+0x299/0x2d0
[ 3.032943] ? __pfx_kernel_init+0x10/0x10
[ 3.032945] kernel_init+0x1c/0x150
[ 3.032946] ? __pfx_kernel_init+0x10/0x10
[ 3.032947] ret_from_fork+0x3ef/0x510
[ 3.032949] ? __pfx_kernel_init+0x10/0x10
[ 3.032950] ? __pfx_kernel_init+0x10/0x10
[ 3.032951] ret_from_fork_asm+0x1a/0x30
[ 3.032954] </TASK>
[ 3.033047] The buggy address belongs to the variable:
[ 3.033049] _acpi_module_name+0x240/0x20c0
[ 3.033055] The buggy address belongs to the physical page:
[ 3.033058] page: refcount:1 mapcount:0 mapping:0000000000000000
index:0x0 pfn:0x67c132
[ 3.033063] flags:
0x17ffffc0002000(reserved|node=0|zone=2|lastcpupid=0x1fffff)
[ 3.033068] raw: 0017ffffc0002000 ffffea0019f04c88 ffffea0019f04c88
0000000000000000
[ 3.033072] raw: 0000000000000000 0000000000000000 00000001ffffffff
0000000000000000
[ 3.033075] page dumped because: kasan: bad access detected
[ 3.033080] Memory state around the buggy address:
[ 3.033082] ffffffffa9d32600: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
00 02 f9 f9
[ 3.033086] ffffffffa9d32680: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
00 03 f9 f9
[ 3.033089] >ffffffffa9d32700: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
06 f9 f9 f9
[ 3.033092] ^
[ 3.033095] ffffffffa9d32780: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
00 f9 f9 f9
[ 3.033098] ffffffffa9d32800: f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
07 f9 f9 f9
[ 3.033101] ==================================================================
git blame says the first bad commit is ebf27765421c:
commit ebf27765421c9238b7835d32a95e4a7fb8db26a4
Author: Ahmed Salem <x0rw3ll@xxxxxxxxx>
Date: Fri Apr 25 21:32:12 2025 +0200
ACPICA: Replace strncpy() with memcpy()
ACPICA commit 83019b471e1902151e67c588014ba2d09fa099a3
strncpy() is deprecated for NUL-terminated destination buffers[1].
Use memcpy() for length-bounded destinations.
Link: https://github.com/KSPP/linux/issues/90 [1]
Link: https://github.com/acpica/acpica/commit/83019b47
Signed-off-by: Ahmed Salem <x0rw3ll@xxxxxxxxx>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
Link: https://patch.msgid.link/1910878.atdPhlSkOF@xxxxxxxxxxxxx
drivers/acpi/acpica/exconvrt.c | 4 ++--
drivers/acpi/acpica/tbfind.c | 4 ++--
drivers/acpi/acpica/utnonansi.c | 2 +-
include/acpi/actypes.h | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
And yes, I can confirm this catch.
The kernel with ebf27765421c reverted no longer triggers this error message.
> sh /usr/src/kernels/6.16.0-0.rc0.250528gfeacb1774bd5.5.fc43.x86_64+debug/scripts/faddr2line /lib/debug/lib/modules/6.16.0-0.rc0.250528gfeacb1774bd5.5.fc43.x86_64+debug/vmlinux acpi_ut_safe_strncpy+0x1b
acpi_ut_safe_strncpy+0x1b/0x60:
acpi_ut_safe_strncpy at drivers/acpi/acpica/utnonansi.c:172
Ahmed, Let me know if you need further logs or help reproducing.
Full hardware specs are here:
https://linux-hardware.org/?probe=1244406425
I’m also attaching build config, full bisect logs, and kernel logs
from each bisect step in archives.
--
Best Regards,
Mike Gavrilov.
Attachment:
.config.zip
Description: Zip archive
Attachment:
bisect-log-kasan-global-out-of-bounds-in-acpi_ut_safe_strncpy.zip
Description: Zip archive
Attachment:
dmesg.zip
Description: Zip archive
