[android-common:android16-6.12-2025-12 20/20] mm/kasan/kasan_test_c.c:1378 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13

All of lore.kernel.org
 help / color / mirror / Atom feed

* [android-common:android16-6.12-2025-12 20/20] mm/kasan/kasan_test_c.c:1378 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13
@ 2026-04-23 12:10 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2026-04-23 12:10 UTC (permalink / raw)
  To: oe-kbuild; +Cc: lkp, Dan Carpenter

BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: cros-kernel-buildreports@googlegroups.com

Hi Matthew,

First bad commit (maybe != root cause):

tree:   https://android.googlesource.com/kernel/common android16-6.12-2025-12
head:   a61750fee7131b5fb5322f83e63828f1481ebb84
commit: a2f11547052001bd448ccec81dd1e68409078fbb [20/20] kasan: rust: Add KASAN smoke test via UAF
:::::: branch date: 16 hours ago
:::::: commit date: 1 year, 7 months ago
config: x86_64-randconfig-161-20260423 (https://download.01.org/0day-ci/archive/20260423/202604231936.dJmosAx9-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
smatch: v0.5.0-9007-gcf3ea02b

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Fixes: a2f115470520 ("kasan: rust: Add KASAN smoke test via UAF")
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202604231936.dJmosAx9-lkp@intel.com/

smatch warnings:
mm/kasan/kasan_test_c.c:1378 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13

vim +/array +1378 mm/kasan/kasan_test_c.c

3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin     2015-02-13  1362  
e5f4728767d2ec9 lib/test_kasan.c Marco Elver         2022-01-14  1363  static void kasan_global_oob_right(struct kunit *test)
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin     2015-02-13  1364  {
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1365  	/*
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1366  	 * Deliberate out-of-bounds access. To prevent CONFIG_UBSAN_LOCAL_BOUNDS
53b0fe36ab7c6eb lib/test_kasan.c Zhen Lei            2021-07-07  1367  	 * from failing here and panicking the kernel, access the array via a
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1368  	 * volatile pointer, which will prevent the compiler from being able to
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1369  	 * determine the array bounds.
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1370  	 *
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1371  	 * This access uses a volatile pointer to char (char *volatile) rather
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1372  	 * than the more conventional pointer to volatile char (volatile char *)
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1373  	 * because we want to prevent the compiler from making inferences about
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1374  	 * the pointer itself (i.e. its array bounds), not the data that it
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1375  	 * refers to.
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1376  	 */
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14  1377  	char *volatile array = global_array;
f649dc0e0d7b509 lib/test_kasan.c Peter Collingbourne 2021-05-14 @1378  	char *p = &array[ARRAY_SIZE(global_array) + 3];
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin     2015-02-13  1379  
58b999d7a22c593 lib/test_kasan.c Andrey Konovalov    2020-11-01  1380  	/* Only generic mode instruments globals. */
da17e377723f50c lib/test_kasan.c Andrey Konovalov    2021-02-24  1381  	KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);
58b999d7a22c593 lib/test_kasan.c Andrey Konovalov    2020-11-01  1382  
73228c7ecc5e40c lib/test_kasan.c Patricia Alfonso    2020-10-13  1383  	KUNIT_EXPECT_KASAN_FAIL(test, *(volatile char *)p);
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin     2015-02-13  1384  }
3f15801cdc2379c lib/test_kasan.c Andrey Ryabinin     2015-02-13  1385  

:::::: The code at line 1378 was first introduced by commit
:::::: f649dc0e0d7b509c75570ee403723660f5b72ec7 kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled

:::::: TO: Peter Collingbourne <pcc@google.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-04-23 12:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-23 12:10 [android-common:android16-6.12-2025-12 20/20] mm/kasan/kasan_test_c.c:1378 kasan_global_oob_right() error: buffer overflow 'array' 10 <= 13 kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.