[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   62.743616][ T6843] ==================================================================
[   62.743663][ T6843] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c36/0x2210
[   62.743671][ T6843] Read of size 2 at addr ffffffff8899f4be by task syz-executor021/6843
[   62.743673][ T6843] 
[   62.743684][ T6843] CPU: 1 PID: 6843 Comm: syz-executor021 Not tainted 5.9.0-rc2-syzkaller #0
[   62.743689][ T6843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.743692][ T6843] Call Trace:
[   62.743704][ T6843]  dump_stack+0x18f/0x20d
[   62.743714][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.743722][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.743734][ T6843]  print_address_description.constprop.0.cold+0x5/0x497
[   62.743744][ T6843]  ? fb_compat_ioctl+0x175/0xc10
[   62.743754][ T6843]  ? __do_compat_sys_ioctl+0x1d3/0x230
[   62.743764][ T6843]  ? __do_fast_syscall_32+0x57/0x80
[   62.743772][ T6843]  ? do_fast_syscall_32+0x2f/0x70
[   62.743782][ T6843]  ? vprintk_func+0x97/0x1a6
[   62.743792][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.743800][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.743808][ T6843]  kasan_report.cold+0x1f/0x37
[   62.743818][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.743828][ T6843]  vga16fb_imageblit+0x1c36/0x2210
[   62.743840][ T6843]  ? fb_pad_unaligned_buffer+0x2f/0x320
[   62.743853][ T6843]  soft_cursor+0x514/0xa30
[   62.743866][ T6843]  ? lockdep_hardirqs_on+0x76/0xf0
[   62.743876][ T6843]  bit_cursor+0x1166/0x17d0
[   62.743890][ T6843]  ? kmalloc_array.constprop.0+0x20/0x20
[   62.743904][ T6843]  ? do_update_region+0x47c/0x630
[   62.743914][ T6843]  ? fb_get_color_depth+0x11a/0x240
[   62.743924][ T6843]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   62.743932][ T6843]  ? get_color+0x20e/0x410
[   62.743942][ T6843]  fbcon_cursor+0x537/0x660
[   62.743951][ T6843]  ? kmalloc_array.constprop.0+0x20/0x20
[   62.743959][ T6843]  ? fbcon_set_palette+0x3a8/0x490
[   62.743970][ T6843]  set_cursor+0x1d2/0x240
[   62.743979][ T6843]  redraw_screen+0x4b9/0x770
[   62.743988][ T6843]  ? vga16fb_update_fix+0x4a0/0x4a0
[   62.743998][ T6843]  ? vc_init+0x430/0x430
[   62.744008][ T6843]  ? fbcon_set_palette+0x3a8/0x490
[   62.744018][ T6843]  fbcon_modechanged+0x575/0x710
[   62.744029][ T6843]  fbcon_update_vcs+0x3a/0x50
[   62.744038][ T6843]  do_fb_ioctl+0x62e/0x690
[   62.744048][ T6843]  ? fb_set_suspend+0x1a0/0x1a0
[   62.744058][ T6843]  ? lock_downgrade+0x830/0x830
[   62.744070][ T6843]  ? trace_hardirqs_on+0x5f/0x220
[   62.744079][ T6843]  ? lockdep_hardirqs_on+0x76/0xf0
[   62.744092][ T6843]  ? tomoyo_path_number_perm+0x244/0x4d0
[   62.744102][ T6843]  ? tomoyo_execute_permission+0x470/0x470
[   62.744121][ T6843]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   62.744130][ T6843]  ? do_vfs_ioctl+0x27d/0x1090
[   62.744140][ T6843]  ? generic_block_fiemap+0x60/0x60
[   62.744151][ T6843]  fb_compat_ioctl+0x175/0xc10
[   62.744160][ T6843]  ? fb_open+0x430/0x430
[   62.744173][ T6843]  ? __ia32_compat_sys_openat+0x13f/0x1f0
[   62.744184][ T6843]  ? bpf_lsm_file_ioctl+0x5/0x10
[   62.744193][ T6843]  ? fb_open+0x430/0x430
[   62.744203][ T6843]  __do_compat_sys_ioctl+0x1d3/0x230
[   62.744213][ T6843]  __do_fast_syscall_32+0x57/0x80
[   62.744222][ T6843]  do_fast_syscall_32+0x2f/0x70
[   62.744232][ T6843]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   62.744240][ T6843] RIP: 0023:0xf7f46549
[   62.744251][ T6843] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   62.744256][ T6843] RSP: 002b:00000000ffb4a7ec EFLAGS: 00000213 ORIG_RAX: 0000000000000036
[   62.744265][ T6843] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[   62.744270][ T6843] RDX: 00000000200000c0 RSI: 00000000080ea078 RDI: 00000000ffb4a840
[   62.744275][ T6843] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   62.744281][ T6843] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   62.744286][ T6843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   62.744296][ T6843] 
[   62.744299][ T6843] The buggy address belongs to the variable:
[   62.744306][ T6843]  transl_h+0x3e/0x40
[   62.744309][ T6843] 
[   62.744311][ T6843] Memory state around the buggy address:
[   62.744319][ T6843]  ffffffff8899f380: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
[   62.744326][ T6843]  ffffffff8899f400: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9
[   62.744332][ T6843] >ffffffff8899f480: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9
[   62.744336][ T6843]                                         ^
[   62.744343][ T6843]  ffffffff8899f500: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9
[   62.744349][ T6843]  ffffffff8899f580: 00 00 04 f9 f9 f9 f9 f9 00 00 00 00 00 00 02 f9
[   62.744352][ T6843] ==================================================================
[   62.744355][ T6843] Disabling lock debugging due to kernel taint
[   62.744360][ T6843] Kernel panic - not syncing: panic_on_warn set ...
[   62.744368][ T6843] CPU: 1 PID: 6843 Comm: syz-executor021 Tainted: G    B             5.9.0-rc2-syzkaller #0
[   62.744372][ T6843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.744374][ T6843] Call Trace:
[   62.744382][ T6843]  dump_stack+0x18f/0x20d
[   62.744390][ T6843]  ? vga16fb_imageblit+0x1bc0/0x2210
[   62.744399][ T6843]  panic+0x2e3/0x75c
[   62.744407][ T6843]  ? __warn_printk+0xf3/0xf3
[   62.744416][ T6843]  ? trace_hardirqs_on+0x55/0x220
[   62.744425][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.744432][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.744439][ T6843]  end_report+0x4d/0x53
[   62.744447][ T6843]  kasan_report.cold+0xd/0x37
[   62.744455][ T6843]  ? vga16fb_imageblit+0x1c36/0x2210
[   62.744463][ T6843]  vga16fb_imageblit+0x1c36/0x2210
[   62.744473][ T6843]  ? fb_pad_unaligned_buffer+0x2f/0x320
[   62.744482][ T6843]  soft_cursor+0x514/0xa30
[   62.744491][ T6843]  ? lockdep_hardirqs_on+0x76/0xf0
[   62.744499][ T6843]  bit_cursor+0x1166/0x17d0
[   62.744509][ T6843]  ? kmalloc_array.constprop.0+0x20/0x20
[   62.744519][ T6843]  ? do_update_region+0x47c/0x630
[   62.744528][ T6843]  ? fb_get_color_depth+0x11a/0x240
[   62.744535][ T6843]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   62.744542][ T6843]  ? get_color+0x20e/0x410
[   62.744550][ T6843]  fbcon_cursor+0x537/0x660
[   62.744558][ T6843]  ? kmalloc_array.constprop.0+0x20/0x20
[   62.744572][ T6843]  ? fbcon_set_palette+0x3a8/0x490
[   62.744581][ T6843]  set_cursor+0x1d2/0x240
[   62.744590][ T6843]  redraw_screen+0x4b9/0x770
[   62.744597][ T6843]  ? vga16fb_update_fix+0x4a0/0x4a0
[   62.744606][ T6843]  ? vc_init+0x430/0x430
[   62.744614][ T6843]  ? fbcon_set_palette+0x3a8/0x490
[   62.744622][ T6843]  fbcon_modechanged+0x575/0x710
[   62.744630][ T6843]  fbcon_update_vcs+0x3a/0x50
[   62.744639][ T6843]  do_fb_ioctl+0x62e/0x690
[   62.744647][ T6843]  ? fb_set_suspend+0x1a0/0x1a0
[   62.744655][ T6843]  ? lock_downgrade+0x830/0x830
[   62.744663][ T6843]  ? trace_hardirqs_on+0x5f/0x220
[   62.744671][ T6843]  ? lockdep_hardirqs_on+0x76/0xf0
[   62.744681][ T6843]  ? tomoyo_path_number_perm+0x244/0x4d0
[   62.744690][ T6843]  ? tomoyo_execute_permission+0x470/0x470
[   62.744701][ T6843]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   62.744709][ T6843]  ? do_vfs_ioctl+0x27d/0x1090
[   62.744717][ T6843]  ? generic_block_fiemap+0x60/0x60
[   62.744726][ T6843]  fb_compat_ioctl+0x175/0xc10
[   62.744734][ T6843]  ? fb_open+0x430/0x430
[   62.744744][ T6843]  ? __ia32_compat_sys_openat+0x13f/0x1f0
[   62.744752][ T6843]  ? bpf_lsm_file_ioctl+0x5/0x10
[   62.744759][ T6843]  ? fb_open+0x430/0x430
[   62.744768][ T6843]  __do_compat_sys_ioctl+0x1d3/0x230
[   62.744776][ T6843]  __do_fast_syscall_32+0x57/0x80
[   62.744784][ T6843]  do_fast_syscall_32+0x2f/0x70
[   62.744792][ T6843]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   62.744798][ T6843] RIP: 0023:0xf7f46549
[   62.744805][ T6843] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   62.744809][ T6843] RSP: 002b:00000000ffb4a7ec EFLAGS: 00000213 ORIG_RAX: 0000000000000036
[   62.744816][ T6843] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[   62.744821][ T6843] RDX: 00000000200000c0 RSI: 00000000080ea078 RDI: 00000000ffb4a840
[   62.744825][ T6843] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   62.744830][ T6843] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   62.744834][ T6843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   62.745879][ T6843] Kernel Offset: disabled
[   63.558223][ T6843] Rebooting in 86400 seconds..