Created attachment 306900 [details] dmesg + kasan Mainline kernel: 6.11.0-2004cef11ea0+ Enable KASAN in the kernel config and found the KASAN error messages It looks like the issue happens while parsing the ACPI tables. [ 2.147393] BUG: KASAN: slab-use-after-free in acpi_ps_parse_loop+0x1f40/0x26f0 [ 2.147403] Read of size 2 at addr ffff888107eac012 by task swapper/0/1 [ 2.147410] CPU: 16 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-2004cef11ea0+ #39 [ 2.147415] Hardware name: Dell Inc. Dell Tower E0T2250/, BIOS 0.6.19 07/12/2024 [ 2.147420] Call Trace: [ 2.147422] <TASK> [ 2.147426] dump_stack_lvl+0x72/0xa0 [ 2.147432] print_report+0xd1/0x670 [ 2.147437] ? _raw_read_unlock_irqrestore+0x60/0x60 [ 2.147441] ? ret_from_fork_asm+0x11/0x20 [ 2.147445] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 2.147449] kasan_report+0xd6/0x110 [ 2.147453] ? acpi_ps_parse_loop+0x1f40/0x26f0 [ 2.147456] ? acpi_ps_parse_loop+0x1f40/0x26f0 [ 2.147460] __asan_report_load2_noabort+0x14/0x20 [ 2.147464] acpi_ps_parse_loop+0x1f40/0x26f0 [ 2.147468] ? acpi_ps_get_next_arg+0x14e0/0x14e0 [ 2.147472] ? acpi_ds_delete_walk_state+0x22d/0x370 [ 2.147476] acpi_ps_parse_aml+0x616/0xf50 [ 2.147480] ? acpi_ut_create_internal_object_dbg+0x1a2/0x240 [ 2.147484] acpi_ps_execute_method+0x52e/0xde0 [ 2.147488] ? acpi_ut_acquire_mutex+0x1a7/0x490 [ 2.147492] acpi_ns_evaluate+0x530/0x14a0 [ 2.147496] acpi_evaluate_object+0x37d/0xca0 [ 2.147499] ? acpi_get_data_full+0xf0/0xf0 [ 2.147503] ? kobject_set_name_vargs+0xb3/0x120 [ 2.147507] acpi_get_physical_device_location+0x8b/0x250 [ 2.147512] ? acpi_handle_list_equal+0x120/0x120 [ 2.147516] acpi_device_add+0x389/0xa10 [ 2.147520] ? acpi_tie_acpi_dev+0x90/0x90 [ 2.147523] ? acpi_scan_check_and_detach+0x240/0x240 [ 2.147527] acpi_add_single_object+0x834/0x1ad0 [ 2.147531] ? acpi_ns_get_node+0x89/0xe0 [ 2.147535] ? acpi_get_handle+0xdf/0x220 [ 2.147538] ? acpi_get_data+0xb0/0xb0 [ 2.147541] ? acpi_init_device_object+0x1e40/0x1e40 [ 2.147545] ? acpi_mipi_check_crs_csi2+0xa6/0x310 [ 2.147549] ? up+0x75/0xc0 [ 2.147553] ? acpi_has_method+0x68/0xa0 [ 2.147557] ? acpi_get_physical_device_location+0x250/0x250 [ 2.147561] acpi_bus_check_add+0x206/0x6e0 [ 2.147565] ? arch_acpi_add_auto_dep+0x10/0x10 [ 2.147568] ? __kasan_check_write+0x14/0x20 [ 2.147572] ? _raw_spin_lock_irqsave+0x96/0x100 [ 2.147576] ? acpi_os_signal_semaphore+0xf4/0x150 [ 2.147580] acpi_bus_check_add_1+0x16/0x20 [ 2.147583] acpi_ns_walk_namespace+0x32a/0x560 [ 2.147587] ? acpi_bus_check_add+0x6e0/0x6e0 [ 2.147590] ? acpi_bus_check_add+0x6e0/0x6e0 [ 2.147594] acpi_walk_namespace+0x158/0x170 [ 2.147598] acpi_bus_scan+0x351/0x400 [ 2.147602] ? acpi_bus_check_add_1+0x20/0x20 [ 2.147605] ? __kasan_check_write+0x14/0x20 [ 2.147609] ? mutex_lock+0x8e/0xe0 [ 2.147612] ? __mutex_lock_slowpath+0x20/0x20 [ 2.147616] ? acpi_get_table+0x13b/0x1d0 [ 2.147619] acpi_scan_init+0x1e5/0x640 [ 2.147624] ? acpi_hest_init+0x9d/0x2d0 [ 2.147628] ? acpi_match_madt+0xa0/0xa0 [ 2.147631] ? acpi_viot_early_init+0x71/0xc0 [ 2.147634] ? viot_get_iommu+0x790/0x790 [ 2.147637] ? acpi_ffh_address_space_arch_handler+0x10/0x10 [ 2.147640] acpi_init+0x406/0xa20 [ 2.147644] ? acpi_sleep_proc_init+0x60/0x60 [ 2.147645] ? vprintk+0x7d/0x100 [ 2.147645] ? _printk+0xbc/0x100 [ 2.147645] ? rng_is_initialized+0x20/0x20 [ 2.147645] ? acpi_sleep_proc_init+0x60/0x60 [ 2.147645] ? acpi_sleep_proc_init+0x60/0x60 [ 2.147645] do_one_initcall+0xae/0x400 [ 2.147645] ? trace_event_raw_event_initcall_level+0x210/0x210 [ 2.147645] ? kernel_init_freeable+0x83c/0xe90 [ 2.147645] ? kasan_poison+0x3a/0x60 [ 2.147645] kernel_init_freeable+0x9aa/0xe90 [ 2.147645] ? rest_init+0x170/0x170 [ 2.147645] kernel_init+0x1f/0x210 [ 2.147645] ret_from_fork+0x40/0x90 [ 2.147645] ? rest_init+0x170/0x170 [ 2.147645] ret_from_fork_asm+0x11/0x20 [ 2.147645] </TASK> [ 2.147645] Allocated by task 1: [ 2.147645] kasan_save_stack+0x39/0x60 [ 2.147645] kasan_save_track+0x14/0x40 [ 2.147645] kasan_save_alloc_info+0x37/0x50 [ 2.147645] __kasan_slab_alloc+0x95/0xa0 [ 2.147645] kmem_cache_alloc_noprof+0x123/0x3d0 [ 2.147645] acpi_ps_alloc_op+0x220/0x2f0 [ 2.147645] acpi_ps_create_op+0x48f/0xcc0 [ 2.147645] acpi_ps_parse_loop+0x79e/0x26f0 [ 2.147645] acpi_ps_parse_aml+0x616/0xf50 [ 2.147645] acpi_ps_execute_method+0x52e/0xde0 [ 2.147645] acpi_ns_evaluate+0x530/0x14a0 [ 2.147645] acpi_evaluate_object+0x37d/0xca0 [ 2.147645] acpi_get_physical_device_location+0x8b/0x250 [ 2.147645] acpi_device_add+0x389/0xa10 [ 2.147645] acpi_add_single_object+0x834/0x1ad0 [ 2.147645] acpi_bus_check_add+0x206/0x6e0 [ 2.147645] acpi_bus_check_add_1+0x16/0x20 [ 2.147645] acpi_ns_walk_namespace+0x32a/0x560 [ 2.147645] acpi_walk_namespace+0x158/0x170 [ 2.147645] acpi_bus_scan+0x351/0x400 [ 2.147645] acpi_scan_init+0x1e5/0x640 [ 2.147645] acpi_init+0x406/0xa20 [ 2.147645] do_one_initcall+0xae/0x400 [ 2.147645] kernel_init_freeable+0x9aa/0xe90 [ 2.147645] kernel_init+0x1f/0x210 [ 2.147645] ret_from_fork+0x40/0x90 [ 2.147645] ret_from_fork_asm+0x11/0x20 [ 2.147645] Freed by task 1: [ 2.147645] kasan_save_stack+0x39/0x60 [ 2.147645] kasan_save_track+0x14/0x40 [ 2.147645] kasan_save_free_info+0x3b/0x60 [ 2.147645] __kasan_slab_free+0x52/0x70 [ 2.147645] kmem_cache_free+0x1a4/0x560 [ 2.147645] kmem_cache_free+0x1a4/0x560 [ 2.147645] acpi_os_release_object+0xe/0x20 [ 2.147645] acpi_ps_free_op+0xa5/0x200 [ 2.147645] acpi_ps_delete_parse_tree+0x190/0x430 [ 2.147645] acpi_ps_complete_this_op+0x5f3/0xb00 [ 2.147645] acpi_ps_complete_final_op+0x3b8/0x540 [ 2.147645] acpi_ps_parse_loop+0xa68/0x26f0 [ 2.147645] acpi_ps_parse_aml+0x616/0xf50 [ 2.147645] acpi_ps_execute_method+0x52e/0xde0 [ 2.147645] acpi_ns_evaluate+0x530/0x14a0 [ 2.147645] acpi_evaluate_object+0x37d/0xca0 [ 2.147645] acpi_get_physical_device_location+0x8b/0x250 [ 2.147645] acpi_device_add+0x389/0xa10 [ 2.147645] acpi_add_single_object+0x834/0x1ad0 [ 2.147645] acpi_bus_check_add+0x206/0x6e0 [ 2.147645] acpi_bus_check_add_1+0x16/0x20 [ 2.147645] acpi_ns_walk_namespace+0x32a/0x560 [ 2.147645] acpi_walk_namespace+0x158/0x170 [ 2.147645] acpi_bus_scan+0x351/0x400 [ 2.147645] acpi_scan_init+0x1e5/0x640 [ 2.147645] acpi_init+0x406/0xa20 [ 2.147645] do_one_initcall+0xae/0x400 [ 2.147645] kernel_init_freeable+0x9aa/0xe90 [ 2.147645] kernel_init+0x1f/0x210 [ 2.147645] ret_from_fork+0x40/0x90 [ 2.147645] ret_from_fork_asm+0x11/0x20 [ 2.147645] The buggy address belongs to the object at ffff888107eac008 which belongs to the cache Acpi-Parse of size 80 [ 2.147645] The buggy address is located 10 bytes inside of freed 80-byte region [ffff888107eac008, ffff888107eac058) [ 2.147645] The buggy address belongs to the physical page: [ 2.147645] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107eac [ 2.147645] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 2.147645] flags: 0x17ffffc0000040(head|node=0|zone=2|lastcpupid=0x1fffff) [ 2.147645] page_type: 0xfdffffff(slab) [ 2.147645] raw: 0017ffffc0000040 ffff888100053840 ffffea00041f9f10 ffffea00041fe310 [ 2.147645] raw: 0000000000000000 00000000002a002a 00000001fdffffff 0000000000000000 [ 2.147645] head: 0017ffffc0000040 ffff888100053840 ffffea00041f9f10 ffffea00041fe310 [ 2.147645] head: 0000000000000000 00000000002a002a 00000001fdffffff 0000000000000000 [ 2.147645] head: 0017ffffc0000001 ffffea00041fab01 ffffffffffffffff 0000000000000000 [ 2.147645] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 2.147645] page dumped because: kasan: bad access detected [ 2.147645] Memory state around the buggy address: [ 2.147645] ffff888107eabf00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 2.147645] ffff888107eabf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2.147645] >ffff888107eac000: fc fa fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 2.147645] ^ [ 2.147645] ffff888107eac080: fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 2.147645] ffff888107eac100: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
Created attachment 306901 [details] acpidump
Created attachment 306912 [details] dmesg with acpi.debug_level=0x4400 acpi.debug_layer=0x0038 It's parsing _SB.UBTC.RUCC before encountering KASAN error. I can't figure out where went wrong. [ 3.934757] localhost kernel: acpi_ns_get_normalized_pathname: Path "\_SB.UBTC.TPLD" [ 3.934760] localhost kernel: nssearch-0074 ns_search_one_scope : Searching \_SB.UBTC.TPLD (ffff888108bf26e8) For [HGT_] (Untyped) [ 3.934766] localhost kernel: nssearch-0107 ns_search_one_scope : Name [HGT_] (BufferField) ffff888107536e68 found in scope [TPLD] ffff888> [ 3.934773] localhost kernel: nsaccess-0399 ns_lookup : Searching relative to prefix scope [TPLD] (ffff888108bf26e8) [ 3.934778] localhost kernel: nsaccess-0522 ns_lookup : Simple Pathname (1 segment, Flags=3) [ 3.934782] localhost kernel: nsdump-0064 ns_print_pathname : [HGT_] [ 3.934790] localhost kernel: acpi_ns_get_normalized_pathname: Path "\_SB.UBTC.TPLD" [ 3.934793] localhost kernel: nssearch-0074 ns_search_one_scope : Searching \_SB.UBTC.TPLD (ffff888108bf26e8) For [HGT_] (Untyped) [ 3.934799] localhost kernel: nssearch-0107 ns_search_one_scope : Name [HGT_] (BufferField) ffff888107536e68 found in scope [TPLD] ffff888> [ 3.934818] localhost kernel: nsaccess-0399 ns_lookup : Searching relative to prefix scope [TPLD] (ffff888108bf26e8) [ 3.934823] localhost kernel: nsaccess-0522 ns_lookup : Simple Pathname (1 segment, Flags=3) [ 3.934827] localhost kernel: nsdump-0064 ns_print_pathname : [PCKG] [ 3.934835] localhost kernel: acpi_ns_get_normalized_pathname: Path "\_SB.UBTC.TPLD" [ 3.934838] localhost kernel: nssearch-0074 ns_search_one_scope : Searching \_SB.UBTC.TPLD (ffff888108bf26e8) For [PCKG] (Untyped) [ 3.934844] localhost kernel: nssearch-0107 ns_search_one_scope : Name [PCKG] (Package) ffff888107536008 found in scope [TPLD] ffff888108b> [ 3.934851] localhost kernel: nsaccess-0399 ns_lookup : Searching relative to prefix scope [TPLD] (ffff888108bf26e8) [ 3.934855] localhost kernel: nsaccess-0522 ns_lookup : Simple Pathname (1 segment, Flags=3) [ 3.934860] localhost kernel: nsdump-0064 ns_print_pathname : [PCKG] [ 3.934868] localhost kernel: acpi_ns_get_normalized_pathname: Path "\_SB.UBTC.TPLD" [ 3.934870] localhost kernel: nssearch-0074 ns_search_one_scope : Searching \_SB.UBTC.TPLD (ffff888108bf26e8) For [PCKG] (Untyped) [ 3.934876] localhost kernel: nssearch-0107 ns_search_one_scope : Name [PCKG] (Package) ffff888107536008 found in scope [TPLD] ffff888108b> [ 3.934891] localhost kernel: nsobject-0224 ns_detach_object : Node ffff8881087d5098 [__A0] Object ffff8881083ddb58 [ 3.934897] localhost kernel: nsobject-0224 ns_detach_object : Node ffff8881087d50c8 [__A1] Object ffff8881084f6c40 [ 3.934903] localhost kernel: nsobject-0224 ns_detach_object : Node ffff888107536008 [PCKG] Object ffff8881083dcdb0 [ 3.934908] localhost kernel: nsobject-0224 ns_detach_object : Node ffff8881075366e8 [REV_] Object ffff8881083dc178 [ 3.934915] localhost kernel: nsobject-0224 ns_detach_object : Node ffff888107536828 [VISI] Object ffff8881083ddaa0 [ 3.934921] localhost kernel: nsobject-0224 ns_detach_object : Node ffff888107536dc8 [GPOS] Object ffff8881083dc0c0 [ 3.934928] localhost kernel: nsobject-0224 ns_detach_object : Node ffff888107536a08 [SHAP] Object ffff8881083dd200 [ 3.934935] localhost kernel: nsobject-0224 ns_detach_object : Node ffff888107536328 [WID_] Object ffff888108307148 [ 3.934942] localhost kernel: nsobject-0224 ns_detach_object : Node ffff888107536e68 [HGT_] Object ffff888108307ef0 [ 3.934956] localhost kernel: acpi_ns_get_normalized_pathname: Path "\_SB.UBTC.TPLD" [ 3.934973] localhost kernel: nsobject-0224 ns_detach_object : Node ffff8881087d2098 [__A0] Object ffff8881075c4960 [ 3.934979] localhost kernel: nsobject-0224 ns_detach_object : Node ffff8881087d20c8 [__A1] Object ffff8881075c5b58 [ 3.934986] localhost kernel: acpi_ns_get_normalized_pathname: Path "\_SB.UBTC.RUCC" [ 3.934994] localhost kernel: ================================================================== [ 3.934998] localhost kernel: BUG: KASAN: slab-use-after-free in acpi_ps_parse_loop+0x1f40/0x26f0 [ 3.935009] localhost kernel: Read of size 2 at addr ffff88810757db12 by task swapper/0/1
It's a BIOS issue and has been fixed by BIOS.