Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts.
[   44.691944] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   44.818994] audit: type=1400 audit(1575362787.135:36): avc:  denied  { map } for  pid=7150 comm="syz-executor323" path="/root/syz-executor323099477" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.897766] ==================================================================
[   44.897796] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1bdb/0x2160
[   44.897802] Read of size 2 at addr ffffffff87087bd8 by task syz-executor323/7150
[   44.897803] 
[   44.897811] CPU: 0 PID: 7150 Comm: syz-executor323 Not tainted 4.14.157-syzkaller #0
[   44.897814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.897817] Call Trace:
[   44.897829]  dump_stack+0x142/0x197
[   44.897835]  ? vga16fb_imageblit+0x1bdb/0x2160
[   44.897844]  print_address_description.cold+0x5/0x1dc
[   44.897849]  ? vga16fb_imageblit+0x1bdb/0x2160
[   44.897853]  kasan_report.cold+0xa9/0x2af
[   44.897860]  __asan_report_load2_noabort+0x14/0x20
[   44.897864]  vga16fb_imageblit+0x1bdb/0x2160
[   44.897877]  soft_cursor+0x4ff/0xa50
[   44.897886]  ? trace_hardirqs_on+0x10/0x10
[   44.897894]  bit_cursor+0x11be/0x1830
[   44.897903]  ? bit_clear+0x4a0/0x4a0
[   44.897911]  ? fb_get_color_depth+0x5f/0x70
[   44.897915]  ? get_color+0x1bf/0x3b0
[   44.897921]  fbcon_cursor+0x4e3/0x6f0
[   44.897925]  ? bit_clear+0x4a0/0x4a0
[   44.897934]  hide_cursor+0x9d/0x2e0
[   44.897938]  ? lock_downgrade+0x740/0x740
[   44.897944]  redraw_screen+0x2a5/0x7c0
[   44.897950]  ? con_flush_chars+0x90/0x90
[   44.897956]  ? mutex_unlock+0xd/0x10
[   44.897963]  ? tty_do_resize+0x43/0x160
[   44.897969]  vc_do_resize+0xc8a/0xec0
[   44.897977]  ? vt_console_print+0xf70/0xf70
[   44.897983]  ? trace_hardirqs_on+0x10/0x10
[   44.897989]  vc_resize+0x4d/0x60
[   44.897994]  fbcon_modechanged+0x36b/0x880
[   44.898001]  fbcon_event_notify+0x11f/0x17af
[   44.898007]  ? lock_acquire+0x16f/0x430
[   44.898014]  notifier_call_chain+0x111/0x1b0
[   44.898022]  blocking_notifier_call_chain+0x80/0xa0
[   44.898028]  fb_notifier_call_chain+0x25/0x30
[   44.898033]  fb_set_var+0xb09/0xcf0
[   44.898038]  ? fb_set_suspend+0x110/0x110
[   44.898042]  ? lock_acquire+0x16f/0x430
[   44.898046]  ? lock_fb_info+0x1f/0x80
[   44.898052]  ? lock_fb_info+0x1f/0x80
[   44.898063]  ? __mutex_lock+0x36a/0x1470
[   44.898068]  ? trace_hardirqs_on+0x10/0x10
[   44.898072]  ? lock_acquire+0x16f/0x430
[   44.898076]  ? __down+0x16b/0x290
[   44.898082]  ? mutex_trylock+0x1c0/0x1c0
[   44.898086]  ? down+0x70/0x90
[   44.898098]  ? mutex_lock_nested+0x16/0x20
[   44.898101]  ? mutex_lock_nested+0x16/0x20
[   44.898106]  do_fb_ioctl+0x3cc/0x940
[   44.898111]  ? fb_read+0x520/0x520
[   44.898119]  ? avc_has_extended_perms+0x8ec/0xe40
[   44.898125]  ? putname+0xdb/0x120
[   44.898131]  ? avc_ss_reset+0x110/0x110
[   44.898134]  ? kmem_cache_free+0x83/0x2b0
[   44.898143]  ? do_syscall_64+0x1e8/0x640
[   44.898150]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.898154]  ? find_held_lock+0x35/0x130
[   44.898160]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[   44.898175]  ? __might_sleep+0x93/0xb0
[   44.898181]  fb_ioctl+0xe6/0x130
[   44.898186]  ? do_fb_ioctl+0x940/0x940
[   44.898191]  do_vfs_ioctl+0x7ae/0x1060
[   44.898197]  ? selinux_file_mprotect+0x5d0/0x5d0
[   44.898201]  ? kmem_cache_free+0x244/0x2b0
[   44.898206]  ? ioctl_preallocate+0x1c0/0x1c0
[   44.898210]  ? putname+0xe0/0x120
[   44.898217]  ? do_sys_open+0x221/0x430
[   44.898226]  ? security_file_ioctl+0x7d/0xb0
[   44.898230]  ? security_file_ioctl+0x89/0xb0
[   44.898236]  SyS_ioctl+0x8f/0xc0
[   44.898240]  ? do_vfs_ioctl+0x1060/0x1060
[   44.898245]  do_syscall_64+0x1e8/0x640
[   44.898250]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.898257]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.898263] RIP: 0033:0x440309
[   44.898266] RSP: 002b:00007ffc9fe89238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   44.898272] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   44.898275] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[   44.898278] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   44.898281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   44.898284] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   44.898291] 
[   44.898293] The buggy address belongs to the variable:
[   44.898298]  transl_h+0x38/0x40
[   44.898300] 
[   44.898301] Memory state around the buggy address:
[   44.898306]  ffffffff87087a80: 00 03 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa
[   44.898310]  ffffffff87087b00: 00 00 00 00 00 fa fa fa fa fa fa fa 04 fa fa fa
[   44.898313] >ffffffff87087b80: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   44.898315]                                                     ^
[   44.898318]  ffffffff87087c00: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 00 04
[   44.898321]  ffffffff87087c80: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   44.898323] ==================================================================
[   44.898325] Disabling lock debugging due to kernel taint
[   44.898329] Kernel panic - not syncing: panic_on_warn set ...
[   44.898329] 
[   44.898333] CPU: 0 PID: 7150 Comm: syz-executor323 Tainted: G    B           4.14.157-syzkaller #0
[   44.898335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.898337] Call Trace:
[   44.898341]  dump_stack+0x142/0x197
[   44.898347]  ? vga16fb_imageblit+0x1bdb/0x2160
[   44.898351]  panic+0x1f9/0x42d
[   44.898355]  ? add_taint.cold+0x16/0x16
[   44.898359]  ? lock_downgrade+0x740/0x740
[   44.898365]  kasan_end_report+0x47/0x4f
[   44.898369]  kasan_report.cold+0x130/0x2af
[   44.898374]  __asan_report_load2_noabort+0x14/0x20
[   44.898377]  vga16fb_imageblit+0x1bdb/0x2160
[   44.898384]  soft_cursor+0x4ff/0xa50
[   44.898388]  ? trace_hardirqs_on+0x10/0x10
[   44.898394]  bit_cursor+0x11be/0x1830
[   44.898399]  ? bit_clear+0x4a0/0x4a0
[   44.898405]  ? fb_get_color_depth+0x5f/0x70
[   44.898409]  ? get_color+0x1bf/0x3b0
[   44.898414]  fbcon_cursor+0x4e3/0x6f0
[   44.898417]  ? bit_clear+0x4a0/0x4a0
[   44.898421]  hide_cursor+0x9d/0x2e0
[   44.898425]  ? lock_downgrade+0x740/0x740
[   44.898429]  redraw_screen+0x2a5/0x7c0
[   44.898434]  ? con_flush_chars+0x90/0x90
[   44.898437]  ? mutex_unlock+0xd/0x10
[   44.898441]  ? tty_do_resize+0x43/0x160
[   44.898445]  vc_do_resize+0xc8a/0xec0
[   44.898451]  ? vt_console_print+0xf70/0xf70
[   44.898456]  ? trace_hardirqs_on+0x10/0x10
[   44.898461]  vc_resize+0x4d/0x60
[   44.898465]  fbcon_modechanged+0x36b/0x880
[   44.898470]  fbcon_event_notify+0x11f/0x17af
[   44.898474]  ? lock_acquire+0x16f/0x430
[   44.898479]  notifier_call_chain+0x111/0x1b0
[   44.898487]  blocking_notifier_call_chain+0x80/0xa0
[   44.898492]  fb_notifier_call_chain+0x25/0x30
[   44.898495]  fb_set_var+0xb09/0xcf0
[   44.898500]  ? fb_set_suspend+0x110/0x110
[   44.898504]  ? lock_acquire+0x16f/0x430
[   44.898507]  ? lock_fb_info+0x1f/0x80
[   44.898511]  ? lock_fb_info+0x1f/0x80
[   44.898514]  ? __mutex_lock+0x36a/0x1470
[   44.898518]  ? trace_hardirqs_on+0x10/0x10
[   44.898522]  ? lock_acquire+0x16f/0x430
[   44.898525]  ? __down+0x16b/0x290
[   44.898530]  ? mutex_trylock+0x1c0/0x1c0
[   44.898533]  ? down+0x70/0x90
[   44.898540]  ? mutex_lock_nested+0x16/0x20
[   44.898543]  ? mutex_lock_nested+0x16/0x20
[   44.898547]  do_fb_ioctl+0x3cc/0x940
[   44.898550]  ? fb_read+0x520/0x520
[   44.898556]  ? avc_has_extended_perms+0x8ec/0xe40
[   44.898561]  ? putname+0xdb/0x120
[   44.898565]  ? avc_ss_reset+0x110/0x110
[   44.898568]  ? kmem_cache_free+0x83/0x2b0
[   44.898572]  ? do_syscall_64+0x1e8/0x640
[   44.898576]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.898580]  ? find_held_lock+0x35/0x130
[   44.898584]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[   44.898592]  ? __might_sleep+0x93/0xb0
[   44.898597]  fb_ioctl+0xe6/0x130
[   44.898600]  ? do_fb_ioctl+0x940/0x940
[   44.898603]  do_vfs_ioctl+0x7ae/0x1060
[   44.898608]  ? selinux_file_mprotect+0x5d0/0x5d0
[   44.898611]  ? kmem_cache_free+0x244/0x2b0
[   44.898615]  ? ioctl_preallocate+0x1c0/0x1c0
[   44.898618]  ? putname+0xe0/0x120
[   44.898622]  ? do_sys_open+0x221/0x430
[   44.898627]  ? security_file_ioctl+0x7d/0xb0
[   44.898631]  ? security_file_ioctl+0x89/0xb0
[   44.898635]  SyS_ioctl+0x8f/0xc0
[   44.898639]  ? do_vfs_ioctl+0x1060/0x1060
[   44.898643]  do_syscall_64+0x1e8/0x640
[   44.898647]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.898652]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.898655] RIP: 0033:0x440309
[   44.898657] RSP: 002b:00007ffc9fe89238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   44.898661] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   44.898663] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[   44.898665] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   44.898667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   44.898670] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   44.902389] Kernel Offset: disabled
[   45.778984] Rebooting in 86400 seconds..