Created attachment 1972173 [details] full dmesg log I have this while just booting kernel 6.3.8-200.fc38.x86_64+debug Reproducible always. All 6.3.x are affected, I think. kernel-debug-6.2.16-300.fc38.x86_64 does not have this, as far as I remember (can recheck it if necessary). Might be related (but happens on my another PC): bug# 2212779 ================================================================== BUG: KASAN: global-out-of-bounds in nct6775_update_device+0x352f/0x3700 [nct6775_core] Read of size 1 at addr ffffffffc114fe86 by task sensors/1542 CPU: 4 PID: 1542 Comm: sensors Not tainted 6.3.8-200.fc38.x86_64+debug #1 Hardware name: ASUS System Product Name/TUF GAMING B550M-PLUS, BIOS 2423 08/10/2021 Call Trace: <TASK> dump_stack_lvl+0x76/0xd0 print_report+0xcf/0x670 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] ? nct6775_update_device+0x352f/0x3700 [nct6775_core] kasan_report+0xa8/0xe0 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] nct6775_update_device+0x352f/0x3700 [nct6775_core] ? lock_acquire+0x1a4/0x4f0 ? __pfx_nct6775_update_device+0x10/0x10 [nct6775_core] show_temp_label+0x1c/0x130 [nct6775_core] dev_attr_show+0x43/0xc0 ? sysfs_file_ops+0x11b/0x170 sysfs_kf_seq_show+0x1f1/0x3b0 seq_read_iter+0x40d/0x11c0 ? fsnotify_perm.part.0+0x146/0x4e0 vfs_read+0x5c0/0x860 ? __pfx_vfs_read+0x10/0x10 ? kmem_cache_free+0x164/0x470 ? __fget_light+0x51/0x230 ksys_read+0x10a/0x1e0 ? __pfx_ksys_read+0x10/0x10 ? syscall_enter_from_user_mode+0x26/0x90 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7ff7bf6850c1 Code: d5 fe ff ff 55 48 8d 3d 15 47 0a 00 48 89 e5 e8 b5 18 02 00 0f 1f 44 00 00 f3 0f 1e fa 80 3d 1d b5 0d 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007fff3c0a3318 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000560cc59e12c0 RCX: 00007ff7bf6850c1 RDX: 0000000000001000 RSI: 00007fff3c0a33e0 RDI: 0000000000000003 RBP: 00007fff3c0a3370 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000003 R11: 0000000000000246 R12: 00007fff3c0a33e0 R13: 0000000000001000 R14: 0000000000000a68 R15: 00007ff7bf754d60 </TASK> The buggy address belongs to the variable: NCT6776_REG_PWM_MODE+0x6/0xffffffffffffa180 [nct6775_core] Memory state around the buggy address: ffffffffc114fd80: 00 04 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ffffffffc114fe00: 00 06 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 >ffffffffc114fe80: 06 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ^ ffffffffc114ff00: 00 00 00 00 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 ffffffffc114ff80: 00 00 00 00 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 ================================================================== Disabling lock debugging due to kernel taint
6.3.12-200.fc38.x86_64+debug still affected: BUG: KASAN: global-out-of-bounds in nct6775_update_device+0x352f/0x3700 [nct6775_core] Read of size 1 at addr ffffffffc1128e86 by task sensors/1322 CPU: 7 PID: 1322 Comm: sensors Not tainted 6.3.12-200.fc38.x86_64+debug #1 Hardware name: ASUS System Product Name/TUF GAMING B550M-PLUS, BIOS 2423 08/10/2021 Call Trace: <TASK> dump_stack_lvl+0x76/0xd0 print_report+0xcf/0x670 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] ? nct6775_update_device+0x352f/0x3700 [nct6775_core] kasan_report+0xa8/0xe0 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] nct6775_update_device+0x352f/0x3700 [nct6775_core] ? lock_acquire+0x1a4/0x4f0 ? __pfx_nct6775_update_device+0x10/0x10 [nct6775_core] show_temp_label+0x1c/0x130 [nct6775_core] dev_attr_show+0x43/0xc0 ? sysfs_file_ops+0x11b/0x170 sysfs_kf_seq_show+0x1f1/0x3b0 seq_read_iter+0x40d/0x11c0 ? fsnotify_perm.part.0+0x146/0x4e0 vfs_read+0x5c0/0x860 ? __pfx_vfs_read+0x10/0x10 ? __pfx___do_sys_newfstatat+0x10/0x10 ? __fget_light+0x51/0x230 ksys_read+0x10a/0x1e0 ? __pfx_ksys_read+0x10/0x10 ? syscall_enter_from_user_mode+0x26/0x90 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f7add6b30c1 Code: d5 fe ff ff 55 48 8d 3d 15 47 0a 00 48 89 e5 e8 b5 18 02 00 0f 1f 44 00 00 f3 0f 1e fa 80 3d 1d b5 0d 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007ffc93ea5428 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 000055e1eb22f2c0 RCX: 00007f7add6b30c1 RDX: 0000000000001000 RSI: 00007ffc93ea54f0 RDI: 0000000000000003 RBP: 00007ffc93ea5480 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000003 R11: 0000000000000246 R12: 00007ffc93ea54f0 R13: 0000000000001000 R14: 0000000000000a68 R15: 00007f7add782d60 </TASK> The buggy address belongs to the variable: NCT6776_REG_PWM_MODE+0x6/0xffffffffffffa180 [nct6775_core] Memory state around the buggy address: ffffffffc1128d80: 00 04 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ffffffffc1128e00: 00 06 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 >ffffffffc1128e80: 06 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ^ ffffffffc1128f00: 00 00 00 00 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 ffffffffc1128f80: 00 00 00 00 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 ================================================================== Disabling lock debugging due to kernel taint
Might be related somehow: bug# 2223090 bug# 2212779
Still present on 6.4.15-200.fc38.x86_64+debug : ================================================================== BUG: KASAN: global-out-of-bounds in nct6775_update_device+0x352f/0x3700 [nct6775_core] Read of size 1 at addr ffffffffc16a8e86 by task sensors/1322 CPU: 6 PID: 1322 Comm: sensors Not tainted 6.4.15-200.fc38.x86_64+debug #1 Hardware name: ASUS System Product Name/TUF GAMING B550M-PLUS, BIOS 2423 08/10/2021 Call Trace: <TASK> dump_stack_lvl+0x76/0xd0 print_report+0xcf/0x670 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] ? nct6775_update_device+0x352f/0x3700 [nct6775_core] kasan_report+0xa8/0xe0 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] nct6775_update_device+0x352f/0x3700 [nct6775_core] ? __pfx_nct6775_update_device+0x10/0x10 [nct6775_core] show_temp_label+0x1c/0x130 [nct6775_core] dev_attr_show+0x43/0xc0 ? sysfs_file_ops+0x11b/0x170 sysfs_kf_seq_show+0x1f1/0x3b0 seq_read_iter+0x40d/0x11c0 ? fsnotify_perm.part.0+0x146/0x4e0 vfs_read+0x44e/0x850 ? __pfx_vfs_read+0x10/0x10 ? __fget_light+0x51/0x230 ksys_read+0x10a/0x1e0 ? __pfx_ksys_read+0x10/0x10 ? syscall_enter_from_user_mode+0x26/0x90 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? asm_exc_page_fault+0x26/0x30 ? lockdep_hardirqs_on+0x81/0x110 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f8ae701b0c1 Code: d5 fe ff ff 55 48 8d 3d 15 47 0a 00 48 89 e5 e8 b5 18 02 00 0f 1f 44 00 00 f3 0f 1e fa 80 3d 1d b5 0d 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007ffe91b1a688 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 000055f2ced342c0 RCX: 00007f8ae701b0c1 RDX: 0000000000001000 RSI: 00007ffe91b1a750 RDI: 0000000000000003 RBP: 00007ffe91b1a6e0 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000003 R11: 0000000000000246 R12: 00007ffe91b1a750 R13: 0000000000001000 R14: 0000000000000a68 R15: 00007f8ae70ead60 </TASK> The buggy address belongs to the variable: NCT6776_REG_PWM_MODE+0x6/0xfffffffffff69180 [nct6775_core] Memory state around the buggy address: ffffffffc16a8d80: 00 04 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ffffffffc16a8e00: 00 06 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 >ffffffffc16a8e80: 06 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ^ ffffffffc16a8f00: 00 00 00 00 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 ffffffffc16a8f80: 00 00 00 00 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 ================================================================== Disabling lock debugging due to kernel taint
Fedora Linux 38 entered end-of-life (EOL) status on 2024-05-21. Fedora Linux 38 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed.