Hi Jiasheng, url: https://github.com/0day-ci/linux/commits/Jiasheng-Jiang/lkdtm-bugs-Check-... base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git d47c7407b4c88cf66098eba8893bc38279f301fc config: arm-randconfig-m031-20220113 (https://download.01.org/0day-ci/archive/20220115/202201150641.NvpCoUdU-lk...) compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp(a)intel.com&gt; Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com&gt; New smatch warnings: drivers/misc/lkdtm/bugs.c:331 lkdtm_ARRAY_BOUNDS() warn: possible memory leak of 'checked' drivers/misc/lkdtm/bugs.c:331 lkdtm_ARRAY_BOUNDS() warn: possible memory leak of 'not_checked' Old smatch warnings: drivers/misc/lkdtm/bugs.c:346 lkdtm_ARRAY_BOUNDS() error: buffer overflow 'checked->data' 8 <= 8 vim +/checked +331 drivers/misc/lkdtm/bugs.c ae2e1aad3e48e4 Kees Cook 2020-04-06 322 void lkdtm_ARRAY_BOUNDS(void) ae2e1aad3e48e4 Kees Cook 2020-04-06 323 { ae2e1aad3e48e4 Kees Cook 2020-04-06 324 struct array_bounds_flex_array *not_checked; ae2e1aad3e48e4 Kees Cook 2020-04-06 325 struct array_bounds *checked; ae2e1aad3e48e4 Kees Cook 2020-04-06 326 volatile int i; ae2e1aad3e48e4 Kees Cook 2020-04-06 327 ae2e1aad3e48e4 Kees Cook 2020-04-06 328 not_checked = kmalloc(sizeof(*not_checked) * 2, GFP_KERNEL); ae2e1aad3e48e4 Kees Cook 2020-04-06 329 checked = kmalloc(sizeof(*checked) * 2, GFP_KERNEL); 6ac33daa73b3fe Jiasheng Jiang 2022-01-14 330 if (!not_checked || !checked) 6ac33daa73b3fe Jiasheng Jiang 2022-01-14 @331 return; We've just changed one static checker warning for another. Plus these functions are *supposed* to be buggy. ae2e1aad3e48e4 Kees Cook 2020-04-06 332 ae2e1aad3e48e4 Kees Cook 2020-04-06 333 pr_info("Array access within bounds ...\n"); ae2e1aad3e48e4 Kees Cook 2020-04-06 334 /* For both, touch all bytes in the actual member size. */ ae2e1aad3e48e4 Kees Cook 2020-04-06 335 for (i = 0; i < sizeof(checked->data); i++) ae2e1aad3e48e4 Kees Cook 2020-04-06 336 checked->data[i] = 'A'; ae2e1aad3e48e4 Kees Cook 2020-04-06 337 /* ae2e1aad3e48e4 Kees Cook 2020-04-06 338 * For the uninstrumented flex array member, also touch 1 byte ae2e1aad3e48e4 Kees Cook 2020-04-06 339 * beyond to verify it is correctly uninstrumented. ae2e1aad3e48e4 Kees Cook 2020-04-06 340 */ ae2e1aad3e48e4 Kees Cook 2020-04-06 341 for (i = 0; i < sizeof(not_checked->data) + 1; i++) ae2e1aad3e48e4 Kees Cook 2020-04-06 342 not_checked->data[i] = 'A'; ae2e1aad3e48e4 Kees Cook 2020-04-06 343 ae2e1aad3e48e4 Kees Cook 2020-04-06 344 pr_info("Array access beyond bounds ...\n"); ae2e1aad3e48e4 Kees Cook 2020-04-06 345 for (i = 0; i < sizeof(checked->data) + 1; i++) ae2e1aad3e48e4 Kees Cook 2020-04-06 346 checked->data[i] = 'B'; ae2e1aad3e48e4 Kees Cook 2020-04-06 347 ae2e1aad3e48e4 Kees Cook 2020-04-06 348 kfree(not_checked); ae2e1aad3e48e4 Kees Cook 2020-04-06 349 kfree(checked); 464e86b4abadfc Kees Cook 2020-06-25 350 pr_err("FAIL: survived array bounds overflow!\n"); c75be56e35b2ee Kees Cook 2021-08-18 351 pr_expected_config(CONFIG_UBSAN_BOUNDS); ae2e1aad3e48e4 Kees Cook 2020-04-06 352 } --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org