From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [android-common:android16-6.12-2025-12 20/20] mm/kasan/kasan_test_c.c:1378 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13
Date: Thu, 23 Apr 2026 20:10:18 +0800 [thread overview]
Message-ID: <202604231936.dJmosAx9-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: cros-kernel-buildreports@googlegroups.com
Hi Matthew,
First bad commit (maybe != root cause):
tree: https://android.googlesource.com/kernel/common android16-6.12-2025-12
head: a61750fee7131b5fb5322f83e63828f1481ebb84
commit: a2f11547052001bd448ccec81dd1e68409078fbb [20/20] kasan: rust: Add KASAN smoke test via UAF
:::::: branch date: 16 hours ago
:::::: commit date: 1 year, 7 months ago
config: x86_64-randconfig-161-20260423 (https://download.01.org/0day-ci/archive/20260423/202604231936.dJmosAx9-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
smatch: v0.5.0-9007-gcf3ea02b
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Fixes: a2f115470520 ("kasan: rust: Add KASAN smoke test via UAF")
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202604231936.dJmosAx9-lkp@intel.com/
smatch warnings:
mm/kasan/kasan_test_c.c:1378 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13
vim +/array +1378 mm/kasan/kasan_test_c.c
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin 2015-02-13 1362
e5f4728767d2ec9 lib/test_kasan.c Marco Elver 2022-01-14 1363 static void kasan_global_oob_right(struct kunit *test)
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin 2015-02-13 1364 {
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1365 /*
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1366 * Deliberate out-of-bounds access. To prevent CONFIG_UBSAN_LOCAL_BOUNDS
53b0fe36ab7c6eb lib/test_kasan.c Zhen Lei 2021-07-07 1367 * from failing here and panicking the kernel, access the array via a
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1368 * volatile pointer, which will prevent the compiler from being able to
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1369 * determine the array bounds.
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1370 *
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1371 * This access uses a volatile pointer to char (char *volatile) rather
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1372 * than the more conventional pointer to volatile char (volatile char *)
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1373 * because we want to prevent the compiler from making inferences about
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1374 * the pointer itself (i.e. its array bounds), not the data that it
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1375 * refers to.
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1376 */
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 1377 char *volatile array = global_array;
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 @1378 char *p = &array[ARRAY_SIZE(global_array) + 3];
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin 2015-02-13 1379
58b999d7a22c593 lib/test_kasan.c Andrey Konovalov 2020-11-01 1380 /* Only generic mode instruments globals. */
da17e377723f50c lib/test_kasan.c Andrey Konovalov 2021-02-24 1381 KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);
58b999d7a22c593 lib/test_kasan.c Andrey Konovalov 2020-11-01 1382
73228c7ecc5e40c lib/test_kasan.c Patricia Alfonso 2020-10-13 1383 KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin 2015-02-13 1384 }
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin 2015-02-13 1385
:::::: The code at line 1378 was first introduced by commit
:::::: f649dc0e0d7b509c75570ee403723660f5b72ec7 kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled
:::::: TO: Peter Collingbourne <pcc@google.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-04-23 12:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202604231936.dJmosAx9-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.