https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85230
--- Comment #1 from Dmitry Vyukov <dvyukov at google dot com> --- I am also looking at kernel callback implementation, maybe they disagree with compiler as to what's actually passed as arguments: /* Emitted by compiler to poison alloca()ed objects. */ void __asan_alloca_poison(unsigned long addr, size_t size) { size_t rounded_up_size = round_up(size, KASAN_SHADOW_SCALE_SIZE); size_t padding_size = round_up(size, KASAN_ALLOCA_REDZONE_SIZE) - rounded_up_size; size_t rounded_down_size = round_down(size, KASAN_SHADOW_SCALE_SIZE); const void *left_redzone = (const void *)(addr - KASAN_ALLOCA_REDZONE_SIZE); const void *right_redzone = (const void *)(addr + rounded_up_size); WARN_ON(!IS_ALIGNED(addr, KASAN_ALLOCA_REDZONE_SIZE)); kasan_unpoison_shadow((const void *)(addr + rounded_down_size), size - rounded_down_size); kasan_poison_shadow(left_redzone, KASAN_ALLOCA_REDZONE_SIZE, KASAN_ALLOCA_LEFT); kasan_poison_shadow(right_redzone, padding_size + KASAN_ALLOCA_REDZONE_SIZE, KASAN_ALLOCA_RIGHT); } EXPORT_SYMBOL(__asan_alloca_poison); /* Emitted by compiler to unpoison alloca()ed areas when the stack unwinds. */ void __asan_allocas_unpoison(const void *stack_top, const void *stack_bottom) { if (unlikely(!stack_top || stack_top > stack_bottom)) return; kasan_unpoison_shadow(stack_top, stack_bottom - stack_top); } EXPORT_SYMBOL(__asan_allocas_unpoison);