Created attachment 1972173 [details] full dmesg log I have this while just booting kernel 6.3.8-200.fc38.x86_64+debug Reproducible always. All 6.3.x are affected, I think. kernel-debug-6.2.16-300.fc38.x86_64 does not have this, as far as I remember (can recheck it if necessary). Might be related (but happens on my another PC): bug# 2212779 ================================================================== BUG: KASAN: global-out-of-bounds in nct6775_update_device+0x352f/0x3700 [nct6775_core] Read of size 1 at addr ffffffffc114fe86 by task sensors/1542 CPU: 4 PID: 1542 Comm: sensors Not tainted 6.3.8-200.fc38.x86_64+debug #1 Hardware name: ASUS System Product Name/TUF GAMING B550M-PLUS, BIOS 2423 08/10/2021 Call Trace: <TASK> dump_stack_lvl+0x76/0xd0 print_report+0xcf/0x670 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] ? nct6775_update_device+0x352f/0x3700 [nct6775_core] kasan_report+0xa8/0xe0 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] nct6775_update_device+0x352f/0x3700 [nct6775_core] ? lock_acquire+0x1a4/0x4f0 ? __pfx_nct6775_update_device+0x10/0x10 [nct6775_core] show_temp_label+0x1c/0x130 [nct6775_core] dev_attr_show+0x43/0xc0 ? sysfs_file_ops+0x11b/0x170 sysfs_kf_seq_show+0x1f1/0x3b0 seq_read_iter+0x40d/0x11c0 ? fsnotify_perm.part.0+0x146/0x4e0 vfs_read+0x5c0/0x860 ? __pfx_vfs_read+0x10/0x10 ? kmem_cache_free+0x164/0x470 ? __fget_light+0x51/0x230 ksys_read+0x10a/0x1e0 ? __pfx_ksys_read+0x10/0x10 ? syscall_enter_from_user_mode+0x26/0x90 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7ff7bf6850c1 Code: d5 fe ff ff 55 48 8d 3d 15 47 0a 00 48 89 e5 e8 b5 18 02 00 0f 1f 44 00 00 f3 0f 1e fa 80 3d 1d b5 0d 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007fff3c0a3318 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000560cc59e12c0 RCX: 00007ff7bf6850c1 RDX: 0000000000001000 RSI: 00007fff3c0a33e0 RDI: 0000000000000003 RBP: 00007fff3c0a3370 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000003 R11: 0000000000000246 R12: 00007fff3c0a33e0 R13: 0000000000001000 R14: 0000000000000a68 R15: 00007ff7bf754d60 </TASK> The buggy address belongs to the variable: NCT6776_REG_PWM_MODE+0x6/0xffffffffffffa180 [nct6775_core] Memory state around the buggy address: ffffffffc114fd80: 00 04 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ffffffffc114fe00: 00 06 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 >ffffffffc114fe80: 06 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ^ ffffffffc114ff00: 00 00 00 00 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 ffffffffc114ff80: 00 00 00 00 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 ================================================================== Disabling lock debugging due to kernel taint
6.3.12-200.fc38.x86_64+debug still affected: BUG: KASAN: global-out-of-bounds in nct6775_update_device+0x352f/0x3700 [nct6775_core] Read of size 1 at addr ffffffffc1128e86 by task sensors/1322 CPU: 7 PID: 1322 Comm: sensors Not tainted 6.3.12-200.fc38.x86_64+debug #1 Hardware name: ASUS System Product Name/TUF GAMING B550M-PLUS, BIOS 2423 08/10/2021 Call Trace: <TASK> dump_stack_lvl+0x76/0xd0 print_report+0xcf/0x670 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] ? nct6775_update_device+0x352f/0x3700 [nct6775_core] kasan_report+0xa8/0xe0 ? nct6775_update_device+0x352f/0x3700 [nct6775_core] nct6775_update_device+0x352f/0x3700 [nct6775_core] ? lock_acquire+0x1a4/0x4f0 ? __pfx_nct6775_update_device+0x10/0x10 [nct6775_core] show_temp_label+0x1c/0x130 [nct6775_core] dev_attr_show+0x43/0xc0 ? sysfs_file_ops+0x11b/0x170 sysfs_kf_seq_show+0x1f1/0x3b0 seq_read_iter+0x40d/0x11c0 ? fsnotify_perm.part.0+0x146/0x4e0 vfs_read+0x5c0/0x860 ? __pfx_vfs_read+0x10/0x10 ? __pfx___do_sys_newfstatat+0x10/0x10 ? __fget_light+0x51/0x230 ksys_read+0x10a/0x1e0 ? __pfx_ksys_read+0x10/0x10 ? syscall_enter_from_user_mode+0x26/0x90 do_syscall_64+0x5d/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 ? do_syscall_64+0x6c/0x90 ? lockdep_hardirqs_on+0x81/0x110 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f7add6b30c1 Code: d5 fe ff ff 55 48 8d 3d 15 47 0a 00 48 89 e5 e8 b5 18 02 00 0f 1f 44 00 00 f3 0f 1e fa 80 3d 1d b5 0d 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007ffc93ea5428 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 000055e1eb22f2c0 RCX: 00007f7add6b30c1 RDX: 0000000000001000 RSI: 00007ffc93ea54f0 RDI: 0000000000000003 RBP: 00007ffc93ea5480 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000003 R11: 0000000000000246 R12: 00007ffc93ea54f0 R13: 0000000000001000 R14: 0000000000000a68 R15: 00007f7add782d60 </TASK> The buggy address belongs to the variable: NCT6776_REG_PWM_MODE+0x6/0xffffffffffffa180 [nct6775_core] Memory state around the buggy address: ffffffffc1128d80: 00 04 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ffffffffc1128e00: 00 06 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9 >ffffffffc1128e80: 06 f9 f9 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 ^ ffffffffc1128f00: 00 00 00 00 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 ffffffffc1128f80: 00 00 00 00 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 ================================================================== Disabling lock debugging due to kernel taint
Might be related somehow: bug# 2223090 bug# 2212779