[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts.
2020/07/04 16:56:42 parsed 1 programs
2020/07/04 16:56:43 executed programs: 0
syzkaller login: [   66.476529][ T6837] IPVS: ftp: loaded support on port[0] = 21
[   66.566884][ T6837] chnl_net:caif_netlink_parms(): no params data found
[   66.614272][ T6837] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.621590][ T6837] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.631453][ T6837] device bridge_slave_0 entered promiscuous mode
[   66.640059][ T6837] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.648498][ T6837] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.656065][ T6837] device bridge_slave_1 entered promiscuous mode
[   66.675103][ T6837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.686326][ T6837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.709035][ T6837] team0: Port device team_slave_0 added
[   66.716166][ T6837] team0: Port device team_slave_1 added
[   66.733362][ T6837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.740369][ T6837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.767312][ T6837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.779346][ T6837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.786287][ T6837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.812355][ T6837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.880765][ T6837] device hsr_slave_0 entered promiscuous mode
[   66.917360][ T6837] device hsr_slave_1 entered promiscuous mode
[   67.028207][ T6837] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.069721][ T6837] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.119448][ T6837] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.159726][ T6837] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.222530][ T6837] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.229698][ T6837] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.237439][ T6837] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.244486][ T6837] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.288297][ T6837] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.301706][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.312039][ T2486] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.320293][ T2486] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.329315][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   67.342139][ T6837] 8021q: adding VLAN 0 to HW filter on device team0
[   67.352656][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.361588][ T2516] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.368688][ T2516] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.379480][ T2486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.388554][ T2486] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.395612][ T2486] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.420880][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   67.430801][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   67.439497][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.448343][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   67.462141][ T6837] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.473431][ T6837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   67.483459][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.505907][ T6837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.515159][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   67.523403][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   67.547557][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.563026][ T6837] device veth0_vlan entered promiscuous mode
[   67.569965][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   67.580558][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.591124][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.599790][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.612404][ T6837] device veth1_vlan entered promiscuous mode
[   67.634029][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   67.642627][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   67.650761][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   67.659333][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   67.670869][ T6837] device veth0_macvtap entered promiscuous mode
[   67.680611][ T6837] device veth1_macvtap entered promiscuous mode
[   67.696572][ T6837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.705491][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   67.714464][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   67.723057][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   67.731894][ T2516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   67.744024][ T6837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.752511][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   67.761959][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.092021][ T7046] ==================================================================
[   68.092062][ T7046] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c36/0x2210
[   68.092069][ T7046] Read of size 2 at addr ffffffff889972be by task syz-executor.0/7046
[   68.092071][ T7046] 
[   68.092080][ T7046] CPU: 1 PID: 7046 Comm: syz-executor.0 Not tainted 5.8.0-rc3-syzkaller #0
[   68.092085][ T7046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.092088][ T7046] Call Trace:
[   68.092099][ T7046]  dump_stack+0x18f/0x20d
[   68.092115][ T7046]  ? vga16fb_imageblit+0x1c36/0x2210
[   68.092122][ T7046]  ? vga16fb_imageblit+0x1c36/0x2210
[   68.092131][ T7046]  print_address_description.constprop.0.cold+0x5/0x436
[   68.092139][ T7046]  ? fbcon_modechanged+0x36c/0x710
[   68.092146][ T7046]  ? fbcon_update_vcs+0x3a/0x50
[   68.092154][ T7046]  ? fb_set_var+0xae8/0xd60
[   68.092164][ T7046]  ? lockdep_hardirqs_off+0x66/0xa0
[   68.092173][ T7046]  ? vprintk_func+0x97/0x1a6
[   68.092182][ T7046]  ? vga16fb_imageblit+0x1c36/0x2210
[   68.092188][ T7046]  kasan_report.cold+0x1f/0x37
[   68.092197][ T7046]  ? vga16fb_imageblit+0x1c36/0x2210
[   68.092206][ T7046]  vga16fb_imageblit+0x1c36/0x2210
[   68.092217][ T7046]  ? fb_pad_unaligned_buffer+0x9f/0x320
[   68.092227][ T7046]  soft_cursor+0x514/0xa30
[   68.092239][ T7046]  ? lockdep_hardirqs_on+0x6a/0xe0
[   68.092248][ T7046]  bit_cursor+0x1166/0x17d0
[   68.092260][ T7046]  ? kmalloc_array.constprop.0+0x20/0x20
[   68.092273][ T7046]  ? do_update_region+0x47c/0x630
[   68.092282][ T7046]  ? fb_get_color_depth+0x11a/0x240
[   68.092291][ T7046]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   68.092298][ T7046]  ? get_color+0x20e/0x410
[   68.092307][ T7046]  fbcon_cursor+0x52b/0x650
[   68.092315][ T7046]  ? kmalloc_array.constprop.0+0x20/0x20
[   68.092324][ T7046]  ? fbcon_set_palette+0x3a8/0x490
[   68.092334][ T7046]  set_cursor+0x1dd/0x230
[   68.092343][ T7046]  redraw_screen+0x4b7/0x770
[   68.092351][ T7046]  ? wait_for_completion+0x260/0x260
[   68.092360][ T7046]  ? vc_init+0x440/0x440
[   68.092373][ T7046]  vc_do_resize+0x110e/0x13f0
[   68.092389][ T7046]  ? store_bind+0x6a0/0x6a0
[   68.092400][ T7046]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   68.092412][ T7046]  fbcon_modechanged+0x36c/0x710
[   68.092422][ T7046]  fbcon_update_vcs+0x3a/0x50
[   68.092430][ T7046]  fb_set_var+0xae8/0xd60
[   68.092439][ T7046]  ? fb_blank+0x190/0x190
[   68.092447][ T7046]  ? lock_release+0x8d0/0x8d0
[   68.092458][ T7046]  ? lock_is_held_type+0xb0/0xe0
[   68.092472][ T7046]  ? do_fb_ioctl+0x2f2/0x6c0
[   68.092487][ T7046]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   68.092495][ T7046]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   68.092503][ T7046]  ? trace_hardirqs_on+0x5f/0x220
[   68.092514][ T7046]  do_fb_ioctl+0x33f/0x6c0
[   68.092523][ T7046]  ? fb_set_suspend+0x1a0/0x1a0
[   68.092532][ T7046]  ? tomoyo_execute_permission+0x470/0x470
[   68.092544][ T7046]  ? __might_fault+0x11f/0x1d0
[   68.092557][ T7046]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   68.092565][ T7046]  ? do_vfs_ioctl+0x27d/0x1090
[   68.092581][ T7046]  ? __fget_files+0x294/0x400
[   68.092593][ T7046]  fb_ioctl+0xdd/0x130
[   68.092601][ T7046]  ? do_fb_ioctl+0x6c0/0x6c0
[   68.092607][ T7046]  ksys_ioctl+0x11a/0x180
[   68.092616][ T7046]  __x64_sys_ioctl+0x6f/0xb0
[   68.092624][ T7046]  ? lockdep_hardirqs_on+0x6a/0xe0
[   68.092631][ T7046]  do_syscall_64+0x60/0xe0
[   68.092639][ T7046]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   68.092646][ T7046] RIP: 0033:0x45cb29
[   68.092649][ T7046] Code: Bad RIP value.
[   68.092654][ T7046] RSP: 002b:00007f45caf8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.092661][ T7046] RAX: ffffffffffffffda RBX: 00000000004e55e0 RCX: 000000000045cb29
[   68.092666][ T7046] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[   68.092670][ T7046] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[   68.092675][ T7046] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   68.092680][ T7046] R13: 00000000000002fd R14: 00000000004c58a5 R15: 00007f45caf8d6d4
[   68.092690][ T7046] 
[   68.092692][ T7046] The buggy address belongs to the variable:
[   68.092700][ T7046]  transl_h+0x3e/0x40
[   68.092702][ T7046] 
[   68.092705][ T7046] Memory state around the buggy address:
[   68.092712][ T7046]  ffffffff88997180: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
[   68.092718][ T7046]  ffffffff88997200: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
[   68.092724][ T7046] >ffffffff88997280: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
[   68.092727][ T7046]                                         ^
[   68.092733][ T7046]  ffffffff88997300: 00 01 fa fa fa fa fa fa 00 00 00 04 fa fa fa fa
[   68.092738][ T7046]  ffffffff88997380: 00 00 04 fa fa fa fa fa 00 00 00 00 00 00 02 fa
[   68.092741][ T7046] ==================================================================
[   68.092744][ T7046] Disabling lock debugging due to kernel taint
[   68.092748][ T7046] Kernel panic - not syncing: panic_on_warn set ...
[   68.092755][ T7046] CPU: 1 PID: 7046 Comm: syz-executor.0 Tainted: G    B             5.8.0-rc3-syzkaller #0
[   68.092759][ T7046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.092761][ T7046] Call Trace:
[   68.092768][ T7046]  dump_stack+0x18f/0x20d
[   68.092775][ T7046]  ? vga16fb_imageblit+0x1b40/0x2210
[   68.092783][ T7046]  panic+0x2e3/0x75c
[   68.092790][ T7046]  ? __warn_printk+0xf3/0xf3
[   68.092798][ T7046]  ? trace_hardirqs_on+0x55/0x220
[   68.092805][ T7046]  ? vga16fb_imageblit+0x1c36/0x2210
[   68.092811][ T7046]  ? vga16fb_imageblit+0x1c36/0x2210
[   68.092817][ T7046]  end_report+0x4d/0x53
[   68.092823][ T7046]  kasan_report.cold+0xd/0x37
[   68.092830][ T7046]  ? vga16fb_imageblit+0x1c36/0x2210
[   68.092837][ T7046]  vga16fb_imageblit+0x1c36/0x2210
[   68.092845][ T7046]  ? fb_pad_unaligned_buffer+0x9f/0x320
[   68.092853][ T7046]  soft_cursor+0x514/0xa30
[   68.092864][ T7046]  ? lockdep_hardirqs_on+0x6a/0xe0
[   68.092877][ T7046]  bit_cursor+0x1166/0x17d0
[   68.092893][ T7046]  ? kmalloc_array.constprop.0+0x20/0x20
[   68.092907][ T7046]  ? do_update_region+0x47c/0x630
[   68.092921][ T7046]  ? fb_get_color_depth+0x11a/0x240
[   68.092935][ T7046]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   68.092945][ T7046]  ? get_color+0x20e/0x410
[   68.092954][ T7046]  fbcon_cursor+0x52b/0x650
[   68.092961][ T7046]  ? kmalloc_array.constprop.0+0x20/0x20
[   68.092967][ T7046]  ? fbcon_set_palette+0x3a8/0x490
[   68.092974][ T7046]  set_cursor+0x1dd/0x230
[   68.092982][ T7046]  redraw_screen+0x4b7/0x770
[   68.092988][ T7046]  ? wait_for_completion+0x260/0x260
[   68.092995][ T7046]  ? vc_init+0x440/0x440
[   68.093004][ T7046]  vc_do_resize+0x110e/0x13f0
[   68.093015][ T7046]  ? store_bind+0x6a0/0x6a0
[   68.093022][ T7046]  ? rcu_read_lock_sched_held+0x3a/0xb0
[   68.093030][ T7046]  fbcon_modechanged+0x36c/0x710
[   68.093038][ T7046]  fbcon_update_vcs+0x3a/0x50
[   68.093044][ T7046]  fb_set_var+0xae8/0xd60
[   68.093052][ T7046]  ? fb_blank+0x190/0x190
[   68.093058][ T7046]  ? lock_release+0x8d0/0x8d0
[   68.093066][ T7046]  ? lock_is_held_type+0xb0/0xe0
[   68.093075][ T7046]  ? do_fb_ioctl+0x2f2/0x6c0
[   68.093085][ T7046]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   68.093092][ T7046]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   68.093098][ T7046]  ? trace_hardirqs_on+0x5f/0x220
[   68.093112][ T7046]  do_fb_ioctl+0x33f/0x6c0
[   68.093119][ T7046]  ? fb_set_suspend+0x1a0/0x1a0
[   68.093126][ T7046]  ? tomoyo_execute_permission+0x470/0x470
[   68.093134][ T7046]  ? __might_fault+0x11f/0x1d0
[   68.093144][ T7046]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   68.093150][ T7046]  ? do_vfs_ioctl+0x27d/0x1090
[   68.093159][ T7046]  ? __fget_files+0x294/0x400
[   68.093167][ T7046]  fb_ioctl+0xdd/0x130
[   68.093174][ T7046]  ? do_fb_ioctl+0x6c0/0x6c0
[   68.093179][ T7046]  ksys_ioctl+0x11a/0x180
[   68.093186][ T7046]  __x64_sys_ioctl+0x6f/0xb0
[   68.093193][ T7046]  ? lockdep_hardirqs_on+0x6a/0xe0
[   68.093200][ T7046]  do_syscall_64+0x60/0xe0
[   68.093206][ T7046]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   68.093211][ T7046] RIP: 0033:0x45cb29
[   68.093213][ T7046] Code: Bad RIP value.
[   68.093217][ T7046] RSP: 002b:00007f45caf8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.093223][ T7046] RAX: ffffffffffffffda RBX: 00000000004e55e0 RCX: 000000000045cb29
[   68.093227][ T7046] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
[   68.093231][ T7046] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[   68.093235][ T7046] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   68.093239][ T7046] R13: 00000000000002fd R14: 00000000004c58a5 R15: 00007f45caf8d6d4
[   68.094229][ T7046] Kernel Offset: disabled
[   68.909177][ T7046] Rebooting in 86400 seconds..