Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   59.025336][ T6837] ==================================================================
[   59.025379][ T6837] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c36/0x2210
[   59.025388][ T6837] Read of size 2 at addr ffffffff8899f6be by task syz-executor258/6837
[   59.025390][ T6837] 
[   59.025399][ T6837] CPU: 0 PID: 6837 Comm: syz-executor258 Not tainted 5.9.0-rc3-syzkaller #0
[   59.025404][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.025407][ T6837] Call Trace:
[   59.025418][ T6837]  dump_stack+0x198/0x1fd
[   59.025428][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.025436][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.025447][ T6837]  print_address_description.constprop.0.cold+0x5/0x497
[   59.025457][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.025467][ T6837]  ? lockdep_hardirqs_off+0x96/0xd0
[   59.025477][ T6837]  ? vprintk_func+0x97/0x1a6
[   59.025487][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.025494][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.025501][ T6837]  kasan_report.cold+0x1f/0x37
[   59.025512][ T6837]  ? lock_downgrade+0x830/0x830
[   59.025519][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.025529][ T6837]  vga16fb_imageblit+0x1c36/0x2210
[   59.025543][ T6837]  ? fb_pad_unaligned_buffer+0x3f/0x320
[   59.025555][ T6837]  soft_cursor+0x514/0xa30
[   59.025571][ T6837]  bit_cursor+0x1166/0x17d0
[   59.025592][ T6837]  ? kmalloc_array.constprop.0+0x20/0x20
[   59.025606][ T6837]  ? do_update_region+0x47c/0x630
[   59.025616][ T6837]  ? fb_get_color_depth+0x11a/0x240
[   59.025625][ T6837]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   59.025633][ T6837]  ? get_color+0x20e/0x410
[   59.025644][ T6837]  fbcon_cursor+0x537/0x660
[   59.025652][ T6837]  ? kmalloc_array.constprop.0+0x20/0x20
[   59.025659][ T6837]  ? fbcon_set_palette+0x3a8/0x490
[   59.025670][ T6837]  set_cursor+0x1d2/0x240
[   59.025679][ T6837]  redraw_screen+0x4b9/0x770
[   59.025687][ T6837]  ? vga16fb_update_fix+0x4a0/0x4a0
[   59.025696][ T6837]  ? vc_init+0x430/0x430
[   59.025707][ T6837]  ? fbcon_set_palette+0x3a8/0x490
[   59.025717][ T6837]  fbcon_modechanged+0x575/0x710
[   59.025728][ T6837]  fbcon_update_vcs+0x3a/0x50
[   59.025737][ T6837]  do_fb_ioctl+0x62e/0x690
[   59.025746][ T6837]  ? fb_set_suspend+0x1a0/0x1a0
[   59.025755][ T6837]  ? lock_downgrade+0x830/0x830
[   59.025762][ T6837]  ? kfree+0x221/0x2b0
[   59.025771][ T6837]  ? check_preemption_disabled+0x50/0x130
[   59.025777][ T6837]  ? kfree+0x221/0x2b0
[   59.025787][ T6837]  ? tomoyo_path_number_perm+0x415/0x4d0
[   59.025795][ T6837]  ? lockdep_hardirqs_on+0x53/0x100
[   59.025806][ T6837]  ? tomoyo_path_number_perm+0x244/0x4d0
[   59.025816][ T6837]  ? tomoyo_execute_permission+0x470/0x470
[   59.025837][ T6837]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   59.025847][ T6837]  ? do_vfs_ioctl+0x27d/0x1090
[   59.025856][ T6837]  ? generic_block_fiemap+0x60/0x60
[   59.025867][ T6837]  fb_compat_ioctl+0x175/0xc10
[   59.025876][ T6837]  ? fb_open+0x430/0x430
[   59.025890][ T6837]  ? __ia32_compat_sys_openat+0x13f/0x1f0
[   59.025902][ T6837]  ? bpf_lsm_file_ioctl+0x5/0x10
[   59.025910][ T6837]  ? fb_open+0x430/0x430
[   59.025920][ T6837]  __do_compat_sys_ioctl+0x1d3/0x230
[   59.025930][ T6837]  __do_fast_syscall_32+0x57/0x80
[   59.025938][ T6837]  do_fast_syscall_32+0x2f/0x70
[   59.025948][ T6837]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   59.025955][ T6837] RIP: 0023:0xf7f87549
[   59.025965][ T6837] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   59.025970][ T6837] RSP: 002b:00000000ffca572c EFLAGS: 00000213 ORIG_RAX: 0000000000000036
[   59.025979][ T6837] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[   59.025984][ T6837] RDX: 00000000200001c0 RSI: 00000000080ea078 RDI: 00000000ffca5780
[   59.025989][ T6837] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   59.025994][ T6837] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   59.025999][ T6837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.026011][ T6837] 
[   59.026014][ T6837] The buggy address belongs to the variable:
[   59.026022][ T6837]  transl_h+0x3e/0x40
[   59.026024][ T6837] 
[   59.026027][ T6837] Memory state around the buggy address:
[   59.026034][ T6837]  ffffffff8899f580: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
[   59.026040][ T6837]  ffffffff8899f600: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9
[   59.026046][ T6837] >ffffffff8899f680: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9
[   59.026049][ T6837]                                         ^
[   59.026055][ T6837]  ffffffff8899f700: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9
[   59.026061][ T6837]  ffffffff8899f780: 00 00 04 f9 f9 f9 f9 f9 00 00 00 00 00 00 02 f9
[   59.026064][ T6837] ==================================================================
[   59.026067][ T6837] Disabling lock debugging due to kernel taint
[   59.026071][ T6837] Kernel panic - not syncing: panic_on_warn set ...
[   59.026078][ T6837] CPU: 0 PID: 6837 Comm: syz-executor258 Tainted: G    B             5.9.0-rc3-syzkaller #0
[   59.026082][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.026083][ T6837] Call Trace:
[   59.026091][ T6837]  dump_stack+0x198/0x1fd
[   59.026098][ T6837]  ? vga16fb_imageblit+0x1bd0/0x2210
[   59.026106][ T6837]  panic+0x347/0x7c0
[   59.026114][ T6837]  ? __warn_printk+0xf3/0xf3
[   59.026124][ T6837]  ? trace_hardirqs_on+0x55/0x220
[   59.026133][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.026140][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.026146][ T6837]  end_report+0x4d/0x53
[   59.026152][ T6837]  kasan_report.cold+0xd/0x37
[   59.026160][ T6837]  ? lock_downgrade+0x830/0x830
[   59.026166][ T6837]  ? vga16fb_imageblit+0x1c36/0x2210
[   59.026173][ T6837]  vga16fb_imageblit+0x1c36/0x2210
[   59.026182][ T6837]  ? fb_pad_unaligned_buffer+0x3f/0x320
[   59.026189][ T6837]  soft_cursor+0x514/0xa30
[   59.026198][ T6837]  bit_cursor+0x1166/0x17d0
[   59.026207][ T6837]  ? kmalloc_array.constprop.0+0x20/0x20
[   59.026216][ T6837]  ? do_update_region+0x47c/0x630
[   59.026223][ T6837]  ? fb_get_color_depth+0x11a/0x240
[   59.026230][ T6837]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   59.026236][ T6837]  ? get_color+0x20e/0x410
[   59.026243][ T6837]  fbcon_cursor+0x537/0x660
[   59.026250][ T6837]  ? kmalloc_array.constprop.0+0x20/0x20
[   59.026256][ T6837]  ? fbcon_set_palette+0x3a8/0x490
[   59.026264][ T6837]  set_cursor+0x1d2/0x240
[   59.026271][ T6837]  redraw_screen+0x4b9/0x770
[   59.026277][ T6837]  ? vga16fb_update_fix+0x4a0/0x4a0
[   59.026285][ T6837]  ? vc_init+0x430/0x430
[   59.026292][ T6837]  ? fbcon_set_palette+0x3a8/0x490
[   59.026299][ T6837]  fbcon_modechanged+0x575/0x710
[   59.026307][ T6837]  fbcon_update_vcs+0x3a/0x50
[   59.026314][ T6837]  do_fb_ioctl+0x62e/0x690
[   59.026331][ T6837]  ? fb_set_suspend+0x1a0/0x1a0
[   59.026339][ T6837]  ? lock_downgrade+0x830/0x830
[   59.026344][ T6837]  ? kfree+0x221/0x2b0
[   59.026352][ T6837]  ? check_preemption_disabled+0x50/0x130
[   59.026357][ T6837]  ? kfree+0x221/0x2b0
[   59.026364][ T6837]  ? tomoyo_path_number_perm+0x415/0x4d0
[   59.026371][ T6837]  ? lockdep_hardirqs_on+0x53/0x100
[   59.026379][ T6837]  ? tomoyo_path_number_perm+0x244/0x4d0
[   59.026387][ T6837]  ? tomoyo_execute_permission+0x470/0x470
[   59.026398][ T6837]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   59.026405][ T6837]  ? do_vfs_ioctl+0x27d/0x1090
[   59.026412][ T6837]  ? generic_block_fiemap+0x60/0x60
[   59.026420][ T6837]  fb_compat_ioctl+0x175/0xc10
[   59.026427][ T6837]  ? fb_open+0x430/0x430
[   59.026437][ T6837]  ? __ia32_compat_sys_openat+0x13f/0x1f0
[   59.026445][ T6837]  ? bpf_lsm_file_ioctl+0x5/0x10
[   59.026451][ T6837]  ? fb_open+0x430/0x430
[   59.026459][ T6837]  __do_compat_sys_ioctl+0x1d3/0x230
[   59.026466][ T6837]  __do_fast_syscall_32+0x57/0x80
[   59.026473][ T6837]  do_fast_syscall_32+0x2f/0x70
[   59.026480][ T6837]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   59.026485][ T6837] RIP: 0023:0xf7f87549
[   59.026494][ T6837] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   59.026498][ T6837] RSP: 002b:00000000ffca572c EFLAGS: 00000213 ORIG_RAX: 0000000000000036
[   59.026504][ T6837] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[   59.026508][ T6837] RDX: 00000000200001c0 RSI: 00000000080ea078 RDI: 00000000ffca5780
[   59.026512][ T6837] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   59.026516][ T6837] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   59.026520][ T6837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.027641][ T6837] Kernel Offset: disabled
[   59.908552][ T6837] Rebooting in 86400 seconds..