[   39.140800] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts.
[   44.718922] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   44.845074] audit: type=1400 audit(1575330679.303:36): avc:  denied  { map } for  pid=7185 comm="syz-executor849" path="/root/syz-executor849948480" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   44.928449] ==================================================================
[   44.928478] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1bdb/0x2160
[   44.928483] Read of size 2 at addr ffffffff87087bde by task syz-executor849/7185
[   44.928485] 
[   44.928492] CPU: 1 PID: 7185 Comm: syz-executor849 Not tainted 4.14.157-syzkaller #0
[   44.928495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.928498] Call Trace:
[   44.928509]  dump_stack+0x142/0x197
[   44.928515]  ? vga16fb_imageblit+0x1bdb/0x2160
[   44.928523]  print_address_description.cold+0x5/0x1dc
[   44.928529]  ? vga16fb_imageblit+0x1bdb/0x2160
[   44.928533]  kasan_report.cold+0xa9/0x2af
[   44.928539]  __asan_report_load2_noabort+0x14/0x20
[   44.928543]  vga16fb_imageblit+0x1bdb/0x2160
[   44.928551]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   44.928557]  ? debug_check_no_obj_freed+0x287/0x7b7
[   44.928568]  soft_cursor+0x4ff/0xa50
[   44.928582]  bit_cursor+0x11be/0x1830
[   44.928590]  ? bit_clear+0x4a0/0x4a0
[   44.928594]  ? fbcon_putcs+0x3c2/0x480
[   44.928598]  ? fbcon_putcs+0x223/0x480
[   44.928605]  ? fb_get_color_depth+0x5f/0x70
[   44.928610]  ? get_color+0x1bf/0x3b0
[   44.928615]  fbcon_cursor+0x4e3/0x6f0
[   44.928619]  ? bit_clear+0x4a0/0x4a0
[   44.928629]  set_cursor+0x1bd/0x240
[   44.928633]  redraw_screen+0x596/0x7c0
[   44.928644]  ? con_flush_chars+0x90/0x90
[   44.928649]  ? fbcon_set_palette+0x203/0x5b0
[   44.928655]  fbcon_modechanged+0x59e/0x880
[   44.928662]  fbcon_event_notify+0x11f/0x17af
[   44.928672]  ? lock_acquire+0x16f/0x430
[   44.928680]  notifier_call_chain+0x111/0x1b0
[   44.928687]  blocking_notifier_call_chain+0x80/0xa0
[   44.928695]  fb_notifier_call_chain+0x25/0x30
[   44.928699]  fb_set_var+0xb09/0xcf0
[   44.928705]  ? fb_set_suspend+0x110/0x110
[   44.928709]  ? lock_acquire+0x16f/0x430
[   44.928713]  ? lock_fb_info+0x1f/0x80
[   44.928719]  ? lock_fb_info+0x1f/0x80
[   44.928723]  ? __mutex_lock+0x36a/0x1470
[   44.928728]  ? trace_hardirqs_on+0x10/0x10
[   44.928732]  ? lock_acquire+0x16f/0x430
[   44.928736]  ? __down+0x16b/0x290
[   44.928742]  ? mutex_trylock+0x1c0/0x1c0
[   44.928746]  ? down+0x70/0x90
[   44.928757]  ? mutex_lock_nested+0x16/0x20
[   44.928761]  ? mutex_lock_nested+0x16/0x20
[   44.928766]  do_fb_ioctl+0x3cc/0x940
[   44.928770]  ? fb_read+0x520/0x520
[   44.928778]  ? avc_has_extended_perms+0x8ec/0xe40
[   44.928784]  ? putname+0xdb/0x120
[   44.928790]  ? avc_ss_reset+0x110/0x110
[   44.928794]  ? kmem_cache_free+0x83/0x2b0
[   44.928803]  ? do_syscall_64+0x1e8/0x640
[   44.928807]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.928811]  ? find_held_lock+0x35/0x130
[   44.928816]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[   44.928831]  ? __might_sleep+0x93/0xb0
[   44.928837]  fb_ioctl+0xe6/0x130
[   44.928841]  ? do_fb_ioctl+0x940/0x940
[   44.928847]  do_vfs_ioctl+0x7ae/0x1060
[   44.928853]  ? selinux_file_mprotect+0x5d0/0x5d0
[   44.928856]  ? kmem_cache_free+0x244/0x2b0
[   44.928862]  ? ioctl_preallocate+0x1c0/0x1c0
[   44.928865]  ? putname+0xe0/0x120
[   44.928873]  ? do_sys_open+0x221/0x430
[   44.928882]  ? security_file_ioctl+0x7d/0xb0
[   44.928885]  ? security_file_ioctl+0x89/0xb0
[   44.928891]  SyS_ioctl+0x8f/0xc0
[   44.928896]  ? do_vfs_ioctl+0x1060/0x1060
[   44.928901]  do_syscall_64+0x1e8/0x640
[   44.928906]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.928913]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.928918] RIP: 0033:0x440309
[   44.928921] RSP: 002b:00007ffda6bcee78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   44.928927] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   44.928930] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[   44.928933] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   44.928936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   44.928938] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   44.928946] 
[   44.928947] The buggy address belongs to the variable:
[   44.928953]  transl_h+0x3e/0x40
[   44.928954] 
[   44.928956] Memory state around the buggy address:
[   44.928961]  ffffffff87087a80: 00 03 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa
[   44.928965]  ffffffff87087b00: 00 00 00 00 00 fa fa fa fa fa fa fa 04 fa fa fa
[   44.928968] >ffffffff87087b80: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   44.928970]                                                     ^
[   44.928973]  ffffffff87087c00: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 00 04
[   44.928976]  ffffffff87087c80: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   44.928978] ==================================================================
[   44.928980] Disabling lock debugging due to kernel taint
[   44.928983] Kernel panic - not syncing: panic_on_warn set ...
[   44.928983] 
[   44.928987] CPU: 1 PID: 7185 Comm: syz-executor849 Tainted: G    B           4.14.157-syzkaller #0
[   44.928989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   44.928990] Call Trace:
[   44.928995]  dump_stack+0x142/0x197
[   44.928999]  ? vga16fb_imageblit+0x1bdb/0x2160
[   44.929005]  panic+0x1f9/0x42d
[   44.929008]  ? add_taint.cold+0x16/0x16
[   44.929012]  ? lock_downgrade+0x740/0x740
[   44.929018]  kasan_end_report+0x47/0x4f
[   44.929022]  kasan_report.cold+0x130/0x2af
[   44.929026]  __asan_report_load2_noabort+0x14/0x20
[   44.929030]  vga16fb_imageblit+0x1bdb/0x2160
[   44.929034]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   44.929038]  ? debug_check_no_obj_freed+0x287/0x7b7
[   44.929043]  soft_cursor+0x4ff/0xa50
[   44.929049]  bit_cursor+0x11be/0x1830
[   44.929055]  ? bit_clear+0x4a0/0x4a0
[   44.929058]  ? fbcon_putcs+0x3c2/0x480
[   44.929062]  ? fbcon_putcs+0x223/0x480
[   44.929066]  ? fb_get_color_depth+0x5f/0x70
[   44.929070]  ? get_color+0x1bf/0x3b0
[   44.929074]  fbcon_cursor+0x4e3/0x6f0
[   44.929078]  ? bit_clear+0x4a0/0x4a0
[   44.929082]  set_cursor+0x1bd/0x240
[   44.929086]  redraw_screen+0x596/0x7c0
[   44.929090]  ? con_flush_chars+0x90/0x90
[   44.929094]  ? fbcon_set_palette+0x203/0x5b0
[   44.929099]  fbcon_modechanged+0x59e/0x880
[   44.929104]  fbcon_event_notify+0x11f/0x17af
[   44.929108]  ? lock_acquire+0x16f/0x430
[   44.929113]  notifier_call_chain+0x111/0x1b0
[   44.929118]  blocking_notifier_call_chain+0x80/0xa0
[   44.929123]  fb_notifier_call_chain+0x25/0x30
[   44.929126]  fb_set_var+0xb09/0xcf0
[   44.929130]  ? fb_set_suspend+0x110/0x110
[   44.929134]  ? lock_acquire+0x16f/0x430
[   44.929137]  ? lock_fb_info+0x1f/0x80
[   44.929141]  ? lock_fb_info+0x1f/0x80
[   44.929144]  ? __mutex_lock+0x36a/0x1470
[   44.929148]  ? trace_hardirqs_on+0x10/0x10
[   44.929152]  ? lock_acquire+0x16f/0x430
[   44.929155]  ? __down+0x16b/0x290
[   44.929159]  ? mutex_trylock+0x1c0/0x1c0
[   44.929162]  ? down+0x70/0x90
[   44.929169]  ? mutex_lock_nested+0x16/0x20
[   44.929172]  ? mutex_lock_nested+0x16/0x20
[   44.929176]  do_fb_ioctl+0x3cc/0x940
[   44.929179]  ? fb_read+0x520/0x520
[   44.929183]  ? avc_has_extended_perms+0x8ec/0xe40
[   44.929187]  ? putname+0xdb/0x120
[   44.929191]  ? avc_ss_reset+0x110/0x110
[   44.929194]  ? kmem_cache_free+0x83/0x2b0
[   44.929198]  ? do_syscall_64+0x1e8/0x640
[   44.929202]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.929205]  ? find_held_lock+0x35/0x130
[   44.929209]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[   44.929218]  ? __might_sleep+0x93/0xb0
[   44.929224]  fb_ioctl+0xe6/0x130
[   44.929228]  ? do_fb_ioctl+0x940/0x940
[   44.929231]  do_vfs_ioctl+0x7ae/0x1060
[   44.929235]  ? selinux_file_mprotect+0x5d0/0x5d0
[   44.929238]  ? kmem_cache_free+0x244/0x2b0
[   44.929242]  ? ioctl_preallocate+0x1c0/0x1c0
[   44.929245]  ? putname+0xe0/0x120
[   44.929250]  ? do_sys_open+0x221/0x430
[   44.929255]  ? security_file_ioctl+0x7d/0xb0
[   44.929258]  ? security_file_ioctl+0x89/0xb0
[   44.929263]  SyS_ioctl+0x8f/0xc0
[   44.929267]  ? do_vfs_ioctl+0x1060/0x1060
[   44.929271]  do_syscall_64+0x1e8/0x640
[   44.929274]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.929280]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   44.929283] RIP: 0033:0x440309
[   44.929285] RSP: 002b:00007ffda6bcee78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   44.929289] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   44.929291] RDX: 0000000020000340 RSI: 0000000000004601 RDI: 0000000000000003
[   44.929294] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   44.929296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   44.929298] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   44.930727] Kernel Offset: disabled
[   45.746063] Rebooting in 86400 seconds..