[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   32.911651] audit: type=1400 audit(1598943032.046:8): avc:  denied  { execmem } for  pid=6341 comm="syz-executor488" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   32.987805] ==================================================================
[   32.987830] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1be2/0x2140
[   32.987835] Read of size 2 at addr ffffffff86e8da1e by task syz-executor488/6341
[   32.987836] 
[   32.987842] CPU: 0 PID: 6341 Comm: syz-executor488 Not tainted 4.14.195-syzkaller #0
[   32.987845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.987847] Call Trace:
[   32.987855]  dump_stack+0x1b2/0x283
[   32.987864]  print_address_description.cold+0x5/0x1d3
[   32.987870]  kasan_report_error.cold+0x8a/0x194
[   32.987874]  ? vga16fb_imageblit+0x1be2/0x2140
[   32.987878]  __asan_report_load2_noabort+0x68/0x70
[   32.987883]  ? vga16fb_imageblit+0x1be2/0x2140
[   32.987887]  vga16fb_imageblit+0x1be2/0x2140
[   32.987895]  ? fb_pad_unaligned_buffer+0x2f/0x2e0
[   32.987902]  soft_cursor+0x50a/0xa50
[   32.987911]  ? trace_hardirqs_on_caller+0x3a8/0x580
[   32.987916]  bit_cursor+0x1056/0x1620
[   32.987923]  ? bit_update_start+0x1f0/0x1f0
[   32.987932]  ? do_update_region+0x41d/0x5b0
[   32.987936]  ? fb_get_color_depth+0x100/0x200
[   32.987941]  ? get_color+0x1be/0x3a0
[   32.987946]  fbcon_cursor+0x4b1/0x6a0
[   32.987950]  ? bit_update_start+0x1f0/0x1f0
[   32.987954]  ? add_softcursor+0x14/0x2d0
[   32.987959]  set_cursor+0x189/0x1e0
[   32.987964]  redraw_screen+0x57b/0x790
[   32.987970]  ? con_shutdown+0x90/0x90
[   32.987974]  ? fbcon_set_palette+0x466/0x580
[   32.987979]  fbcon_modechanged+0x68a/0x980
[   32.987985]  fbcon_event_notify+0x107/0x1760
[   32.987994]  notifier_call_chain+0x108/0x1a0
[   32.988001]  blocking_notifier_call_chain+0x79/0x90
[   32.988007]  fb_set_var+0xac5/0xc90
[   32.988016]  ? fb_set_suspend+0x110/0x110
[   32.988020]  ? __lock_acquire+0x5fc/0x3f20
[   32.988027]  ? lock_acquire+0x170/0x3f0
[   32.988031]  ? do_fb_ioctl+0x2f1/0xa70
[   32.988042]  ? _raw_spin_unlock_irq+0x24/0x80
[   32.988052]  ? do_fb_ioctl+0x2e7/0xa70
[   32.988059]  do_fb_ioctl+0x36d/0xa70
[   32.988064]  ? register_framebuffer+0x8e0/0x8e0
[   32.988072]  ? avc_has_extended_perms+0x6e4/0xbf0
[   32.988078]  ? avc_ss_reset+0x100/0x100
[   32.988082]  ? kasan_slab_free+0x12d/0x1a0
[   32.988087]  ? kasan_slab_free+0xc3/0x1a0
[   32.988090]  ? kmem_cache_free+0x7c/0x2b0
[   32.988096]  ? putname+0xcd/0x110
[   32.988099]  ? do_sys_open+0x203/0x410
[   32.988104]  ? do_syscall_64+0x1d5/0x640
[   32.988109]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.988114]  ? path_lookupat+0x780/0x780
[   32.988122]  ? debug_check_no_obj_freed+0x2c0/0x674
[   32.988135]  fb_ioctl+0xdd/0x130
[   32.988139]  ? do_fb_ioctl+0xa70/0xa70
[   32.988144]  do_vfs_ioctl+0x75a/0xff0
[   32.988149]  ? selinux_inode_setxattr+0x730/0x730
[   32.988154]  ? ioctl_preallocate+0x1a0/0x1a0
[   32.988158]  ? kmem_cache_free+0x23a/0x2b0
[   32.988162]  ? putname+0xcd/0x110
[   32.988166]  ? do_sys_open+0x208/0x410
[   32.988173]  ? security_file_ioctl+0x83/0xb0
[   32.988183]  SyS_ioctl+0x7f/0xb0
[   32.988187]  ? do_vfs_ioctl+0xff0/0xff0
[   32.988192]  do_syscall_64+0x1d5/0x640
[   32.988199]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.988203] RIP: 0033:0x4403d9
[   32.988206] RSP: 002b:00007ffdcd4b7e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   32.988211] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403d9
[   32.988214] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003
[   32.988217] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   32.988219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401be0
[   32.988222] R13: 0000000000401c70 R14: 0000000000000000 R15: 0000000000000000
[   32.988228] 
[   32.988230] The buggy address belongs to the variable:
[   32.988235]  transl_h+0x3e/0x40
[   32.988236] 
[   32.988237] Memory state around the buggy address:
[   32.988242]  ffffffff86e8d900: 02 fa fa fa fa fa fa fa 00 00 00 00 00 fa fa fa
[   32.988246]  ffffffff86e8d980: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00
[   32.988249] >ffffffff86e8da00: fa fa fa fa 00 00 00 00 fa fa fa fa 00 01 fa fa
[   32.988251]                             ^
[   32.988254]  ffffffff86e8da80: fa fa fa fa 00 00 00 04 fa fa fa fa 00 00 04 fa
[   32.988257]  ffffffff86e8db00: fa fa fa fa 00 00 00 00 00 00 02 fa fa fa fa fa
[   32.988258] ==================================================================
[   32.988260] Disabling lock debugging due to kernel taint
[   32.988262] Kernel panic - not syncing: panic_on_warn set ...
[   32.988262] 
[   32.988266] CPU: 0 PID: 6341 Comm: syz-executor488 Tainted: G    B           4.14.195-syzkaller #0
[   32.988268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.988269] Call Trace:
[   32.988273]  dump_stack+0x1b2/0x283
[   32.988278]  panic+0x1f9/0x42d
[   32.988282]  ? add_taint.cold+0x16/0x16
[   32.988286]  ? lock_downgrade+0x740/0x740
[   32.988292]  kasan_end_report+0x43/0x49
[   32.988296]  kasan_report_error.cold+0xa7/0x194
[   32.988300]  ? vga16fb_imageblit+0x1be2/0x2140
[   32.988303]  __asan_report_load2_noabort+0x68/0x70
[   32.988307]  ? vga16fb_imageblit+0x1be2/0x2140
[   32.988311]  vga16fb_imageblit+0x1be2/0x2140
[   32.988316]  ? fb_pad_unaligned_buffer+0x2f/0x2e0
[   32.988325]  soft_cursor+0x50a/0xa50
[   32.988334]  ? trace_hardirqs_on_caller+0x3a8/0x580
[   32.988340]  bit_cursor+0x1056/0x1620
[   32.988348]  ? bit_update_start+0x1f0/0x1f0
[   32.988356]  ? do_update_region+0x41d/0x5b0
[   32.988362]  ? fb_get_color_depth+0x100/0x200
[   32.988368]  ? get_color+0x1be/0x3a0
[   32.988375]  fbcon_cursor+0x4b1/0x6a0
[   32.988380]  ? bit_update_start+0x1f0/0x1f0
[   32.988385]  ? add_softcursor+0x14/0x2d0
[   32.988392]  set_cursor+0x189/0x1e0
[   32.988397]  redraw_screen+0x57b/0x790
[   32.988401]  ? con_shutdown+0x90/0x90
[   32.988405]  ? fbcon_set_palette+0x466/0x580
[   32.988409]  fbcon_modechanged+0x68a/0x980
[   32.988414]  fbcon_event_notify+0x107/0x1760
[   32.988419]  notifier_call_chain+0x108/0x1a0
[   32.988424]  blocking_notifier_call_chain+0x79/0x90
[   32.988428]  fb_set_var+0xac5/0xc90
[   32.988433]  ? fb_set_suspend+0x110/0x110
[   32.988436]  ? __lock_acquire+0x5fc/0x3f20
[   32.988441]  ? lock_acquire+0x170/0x3f0
[   32.988445]  ? do_fb_ioctl+0x2f1/0xa70
[   32.988451]  ? _raw_spin_unlock_irq+0x24/0x80
[   32.988458]  ? do_fb_ioctl+0x2e7/0xa70
[   32.988463]  do_fb_ioctl+0x36d/0xa70
[   32.988467]  ? register_framebuffer+0x8e0/0x8e0
[   32.988472]  ? avc_has_extended_perms+0x6e4/0xbf0
[   32.988476]  ? avc_ss_reset+0x100/0x100
[   32.988480]  ? kasan_slab_free+0x12d/0x1a0
[   32.988484]  ? kasan_slab_free+0xc3/0x1a0
[   32.988487]  ? kmem_cache_free+0x7c/0x2b0
[   32.988490]  ? putname+0xcd/0x110
[   32.988493]  ? do_sys_open+0x203/0x410
[   32.988496]  ? do_syscall_64+0x1d5/0x640
[   32.988500]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.988504]  ? path_lookupat+0x780/0x780
[   32.988508]  ? debug_check_no_obj_freed+0x2c0/0x674
[   32.988517]  fb_ioctl+0xdd/0x130
[   32.988520]  ? do_fb_ioctl+0xa70/0xa70
[   32.988524]  do_vfs_ioctl+0x75a/0xff0
[   32.988528]  ? selinux_inode_setxattr+0x730/0x730
[   32.988532]  ? ioctl_preallocate+0x1a0/0x1a0
[   32.988535]  ? kmem_cache_free+0x23a/0x2b0
[   32.988539]  ? putname+0xcd/0x110
[   32.988542]  ? do_sys_open+0x208/0x410
[   32.988547]  ? security_file_ioctl+0x83/0xb0
[   32.988551]  SyS_ioctl+0x7f/0xb0
[   32.988555]  ? do_vfs_ioctl+0xff0/0xff0
[   32.988559]  do_syscall_64+0x1d5/0x640
[   32.988564]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   32.988567] RIP: 0033:0x4403d9
[   32.988569] RSP: 002b:00007ffdcd4b7e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   32.988572] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403d9
[   32.988575] RDX: 00000000200001c0 RSI: 0000000000004601 RDI: 0000000000000003
[   32.988577] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   32.988579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401be0
[   32.988581] R13: 0000000000401c70 R14: 0000000000000000 R15: 0000000000000000
[   32.989783] Kernel Offset: disabled
[   33.736395] Rebooting in 86400 seconds..