Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: 321fc8f8f3935ba494d7b4bd5ec3d87eb334e57d ("for SLUB debugging functionality SLUB has resiliency_test() function which")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master


in testcase: trinity
version: trinity-x86_64-af355e9-1_2019-12-03
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------------------------------------------------------+------------+------------+
|                                                                                                 | 023ebe0283 | 321fc8f8f3 |
+-------------------------------------------------------------------------------------------------+------------+------------+
| WARNING:possible_circular_locking_dependency_detected                                           | 0          | 12         |
| BUG:KASAN:slab-out-of-bounds_in_test_clobber_zone                                               | 0          | 12         |
+-------------------------------------------------------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@intel.com>


[  514.102371] ==================================================================
[  514.130431] BUG: KASAN: slab-out-of-bounds in test_clobber_zone+0xa3/0x1a0
[  514.137686] Write of size 1 at addr ffff88819c564a08 by task kunit_try_catch/595
[  514.145142]
[  514.152077] CPU: 1 PID: 595 Comm: kunit_try_catch Tainted: G        W         5.12.0-rc5-00077-g321fc8f8f393 #1
[  514.160126] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  514.168240] Call Trace:
[  514.175890]  dump_stack+0x179/0x218
[  514.183672]  print_address_description.cold+0x82/0x326
[  514.191844]  ? test_clobber_zone+0xa3/0x1a0
[  514.199893]  kasan_report.cold+0x7f/0x111
[  514.207919]  ? test_clobber_zone+0xa3/0x1a0
[  514.215983]  test_clobber_zone+0xa3/0x1a0
[  514.224047]  ? test_next_pointer+0x300/0x300
[  514.232141]  ? write_comp_data+0x2a/0xa0
[  514.240205]  ? _raw_spin_unlock_irqrestore+0x61/0xa0
[  514.248410]  ? tracer_hardirqs_on+0x33/0x400
[  514.256564]  ? mark_held_locks+0x23/0xa0
[  514.264686]  ? lockdep_hardirqs_on+0x77/0x100
[  514.272867]  ? _raw_spin_unlock_irqrestore+0x61/0xa0
[  514.281163]  ? kunit_try_catch_throw+0x40/0x40
[  514.289388]  kunit_try_run_case+0xaa/0x100
[  514.297545]  ? kunit_catch_run_case+0xa0/0xa0
[  514.305723]  ? kunit_try_catch_throw+0x40/0x40
[  514.313933]  kunit_generic_run_threadfn_adapter+0x2e/0x60
[  514.322297]  kthread+0x1ff/0x260
[  514.330474]  ? kthread_insert_work_sanity_check+0xc0/0xc0
[  514.338913]  ret_from_fork+0x22/0x30
[  514.347183]
[  514.355193] Allocated by task 595:
[  514.363371]  kasan_save_stack+0x1b/0x40
[  514.371576]  __kasan_slab_alloc+0x75/0xa0
[  514.379762]  slab_post_alloc_hook+0x40/0x640
[  514.387977]  kmem_cache_alloc+0x16b/0x360
[  514.396155]  test_clobber_zone+0x97/0x1a0
[  514.404329]  kunit_try_run_case+0xaa/0x100
[  514.412469]  kunit_generic_run_threadfn_adapter+0x2e/0x60
[  514.420725]  kthread+0x1ff/0x260
[  514.428741]  ret_from_fork+0x22/0x30
[  514.436710]
[  514.444349] The buggy address belongs to the object at ffff88819c5649c8
[  514.444349]  which belongs to the cache TestSlub_RZ_alloc of size 64
[  514.460545] The buggy address is located 0 bytes to the right of
[  514.460545]  64-byte region [ffff88819c5649c8, ffff88819c564a08)
[  514.476417] The buggy address belongs to the page:
[  514.484133] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88819c564348 pfn:0x19c564
[  514.492641] head:(____ptrval____) order:1 compound_mapcount:0
[  514.500640] flags: 0x17ffffc0010200(slab|head)
[  514.508322] raw: 0017ffffc0010200 ffff8881c553a350 ffff8881c553a350 ffff8881c554e140
[  514.516342] raw: ffff88819c564348 0000000000130001 00000001ffffffff 0000000000000000
[  514.524501] page dumped because: kasan: bad access detected
[  514.532482]
[  514.539986] Memory state around the buggy address:
[  514.547867]  ffff88819c564900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  514.556133]  ffff88819c564980: fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00
[  514.564357] >ffff88819c564a00: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  514.572555]                       ^
[  514.580461]  ffff88819c564a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  514.588843]  ffff88819c564b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  514.597107] ==================================================================
[  514.656998]     not ok 1 - test_clobber_zone



To reproduce:

        # build kernel
	cd linux
	cp config-5.12.0-rc5-00077-g321fc8f8f393 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang