[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: [   48.172238][ T6843] sshd (6843) used greatest stack depth: 23608 bytes left
Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts.
executing program
[   59.524391][    T1] ==================================================================
[   59.532626][    T1] BUG: KASAN: stack-out-of-bounds in mpol_to_str+0x377/0x3be
[   59.540138][    T1] Write of size 8 at addr ffffc90000c7fb60 by task systemd/1
[   59.547506][    T1] 
[   59.549842][    T1] CPU: 0 PID: 1 Comm: systemd Not tainted 5.6.0-rc7-syzkaller #0
[   59.557556][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.567617][    T1] Call Trace:
[   59.570918][    T1]  dump_stack+0x188/0x20d
[   59.575283][    T1]  ? mpol_to_str+0x377/0x3be
[   59.579880][    T1]  ? mpol_to_str+0x377/0x3be
[   59.584455][    T1]  print_address_description.constprop.0.cold+0x5/0x315
[   59.591374][    T1]  ? mpol_to_str+0x377/0x3be
[   59.595940][    T1]  ? mpol_to_str+0x377/0x3be
[   59.600508][    T1]  __kasan_report.cold+0x1a/0x32
[   59.605424][    T1]  ? mpol_to_str+0x377/0x3be
[   59.610019][    T1]  kasan_report+0xe/0x20
[   59.614242][    T1]  check_memory_region+0x128/0x190
[   59.619368][    T1]  mpol_to_str+0x377/0x3be
[   59.623771][    T1]  ? mpol_parse_str+0xa00/0xa00
[   59.628611][    T1]  ? seq_vprintf+0x136/0x1a0
[   59.633206][    T1]  shmem_show_options+0x418/0x630
[   59.638228][    T1]  ? shmem_format_huge.part.0+0x10/0x10
[   59.643752][    T1]  ? string_escape_mem+0x5a2/0x8a0
[   59.648847][    T1]  ? memcpy+0x35/0x50
[   59.652817][    T1]  ? show_sb_opts+0xbe/0x100
[   59.657388][    T1]  ? shmem_format_huge.part.0+0x10/0x10
[   59.662935][    T1]  show_mountinfo+0x616/0x900
[   59.667600][    T1]  ? show_vfsmnt+0x3e0/0x3e0
[   59.672170][    T1]  ? seq_list_next+0x5b/0x80
[   59.676748][    T1]  seq_read+0xad0/0x1160
[   59.680982][    T1]  ? seq_open_private+0x40/0x40
[   59.685819][    T1]  __vfs_read+0x76/0x100
[   59.690054][    T1]  vfs_read+0x1ea/0x430
[   59.694196][    T1]  ksys_read+0x127/0x250
[   59.698419][    T1]  ? kernel_write+0x120/0x120
[   59.703084][    T1]  ? trace_hardirqs_off_caller+0x55/0x230
[   59.708816][    T1]  do_syscall_64+0xf6/0x7d0
[   59.713314][    T1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   59.719188][    T1] RIP: 0033:0x7f17892db92d
[   59.723587][    T1] Code: 2d 2c 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 de 9b 01 00 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 27 9c 01 00 48 89 d0 48 83 c4 08 48 3d 01
[   59.743292][    T1] RSP: 002b:00007ffc058b86b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   59.751711][    T1] RAX: ffffffffffffffda RBX: 0000556657fec630 RCX: 00007f17892db92d
[   59.759850][    T1] RDX: 0000000000000400 RSI: 0000556657fec860 RDI: 000000000000002c
[   59.767816][    T1] RBP: 0000000000000d68 R08: 00007f178ad11500 R09: 00000000000000e0
[   59.775768][    T1] R10: 0000556657fecc47 R11: 0000000000000293 R12: 00007f1789596440
[   59.783732][    T1] R13: 00007f1789595900 R14: 0000000000000019 R15: 0000000000000000
[   59.791705][    T1] 
[   59.794013][    T1] 
[   59.796428][    T1] addr ffffc90000c7fb60 is located in stack of task systemd/1 at offset 40 in frame:
[   59.806039][    T1]  mpol_to_str+0x0/0x3be
[   59.810258][    T1] 
[   59.812564][    T1] this frame has 1 object:
[   59.816966][    T1]  [32, 40) 'nodes'
[   59.816968][    T1] 
[   59.823053][    T1] Memory state around the buggy address:
[   59.828662][    T1]  ffffc90000c7fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.836713][    T1]  ffffc90000c7fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   59.844847][    T1] >ffffc90000c7fb00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00
[   59.853002][    T1]                                                        ^
[   59.860216][    T1]  ffffc90000c7fb80: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
[   59.868290][    T1]  ffffc90000c7fc00: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
[   59.876335][    T1] ==================================================================
[   59.884371][    T1] Disabling lock debugging due to kernel taint
[   59.891270][    T1] Kernel panic - not syncing: panic_on_warn set ...
[   59.897897][    T1] CPU: 0 PID: 1 Comm: systemd Tainted: G    B             5.6.0-rc7-syzkaller #0
[   59.907000][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.917050][    T1] Call Trace:
[   59.920326][    T1]  dump_stack+0x188/0x20d
[   59.924652][    T1]  panic+0x2e3/0x75c
[   59.928546][    T1]  ? add_taint.cold+0x16/0x16
[   59.933214][    T1]  ? preempt_schedule_common+0x5e/0xc0
[   59.938668][    T1]  ? mpol_to_str+0x377/0x3be
[   59.943249][    T1]  ? ___preempt_schedule+0x16/0x18
[   59.948414][    T1]  ? trace_hardirqs_on+0x55/0x220
[   59.953471][    T1]  ? mpol_to_str+0x377/0x3be
[   59.958054][    T1]  end_report+0x43/0x49
[   59.962185][    T1]  ? mpol_to_str+0x377/0x3be
[   59.966751][    T1]  __kasan_report.cold+0xd/0x32
[   59.971581][    T1]  ? mpol_to_str+0x377/0x3be
[   59.976158][    T1]  kasan_report+0xe/0x20
[   59.980376][    T1]  check_memory_region+0x128/0x190
[   59.985471][    T1]  mpol_to_str+0x377/0x3be
[   59.989899][    T1]  ? mpol_parse_str+0xa00/0xa00
[   59.994740][    T1]  ? seq_vprintf+0x136/0x1a0
[   59.999321][    T1]  shmem_show_options+0x418/0x630
[   60.004331][    T1]  ? shmem_format_huge.part.0+0x10/0x10
[   60.009862][    T1]  ? string_escape_mem+0x5a2/0x8a0
[   60.014964][    T1]  ? memcpy+0x35/0x50
[   60.018926][    T1]  ? show_sb_opts+0xbe/0x100
[   60.023494][    T1]  ? shmem_format_huge.part.0+0x10/0x10
[   60.029014][    T1]  show_mountinfo+0x616/0x900
[   60.033669][    T1]  ? show_vfsmnt+0x3e0/0x3e0
[   60.038235][    T1]  ? seq_list_next+0x5b/0x80
[   60.042802][    T1]  seq_read+0xad0/0x1160
[   60.047044][    T1]  ? seq_open_private+0x40/0x40
[   60.051885][    T1]  __vfs_read+0x76/0x100
[   60.056164][    T1]  vfs_read+0x1ea/0x430
[   60.060302][    T1]  ksys_read+0x127/0x250
[   60.064535][    T1]  ? kernel_write+0x120/0x120
[   60.069209][    T1]  ? trace_hardirqs_off_caller+0x55/0x230
[   60.074938][    T1]  do_syscall_64+0xf6/0x7d0
[   60.079480][    T1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   60.085354][    T1] RIP: 0033:0x7f17892db92d
[   60.089748][    T1] Code: 2d 2c 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 de 9b 01 00 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 27 9c 01 00 48 89 d0 48 83 c4 08 48 3d 01
[   60.109330][    T1] RSP: 002b:00007ffc058b86b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
[   60.117721][    T1] RAX: ffffffffffffffda RBX: 0000556657fec630 RCX: 00007f17892db92d
[   60.125741][    T1] RDX: 0000000000000400 RSI: 0000556657fec860 RDI: 000000000000002c
[   60.133699][    T1] RBP: 0000000000000d68 R08: 00007f178ad11500 R09: 00000000000000e0
[   60.141657][    T1] R10: 0000556657fecc47 R11: 0000000000000293 R12: 00007f1789596440
[   60.149614][    T1] R13: 00007f1789595900 R14: 0000000000000019 R15: 0000000000000000
[   60.158810][    T1] Kernel Offset: disabled
[   60.163140][    T1] Rebooting in 86400 seconds..