[   40.154595] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.29' (ECDSA) to the list of known hosts.
[   45.703575] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   45.832213] audit: type=1400 audit(1575354672.179:36): avc:  denied  { map } for  pid=7177 comm="syz-executor686" path="/root/syz-executor686828274" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   45.915198] ==================================================================
[   45.915223] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1bdb/0x2160
[   45.915228] Read of size 2 at addr ffffffff87087bd8 by task syz-executor686/7177
[   45.915229] 
[   45.915236] CPU: 0 PID: 7177 Comm: syz-executor686 Not tainted 4.14.157-syzkaller #0
[   45.915239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.915242] Call Trace:
[   45.915252]  dump_stack+0x142/0x197
[   45.915259]  ? ipmr_fill_mroute+0x1d0/0x6c0
[   45.915265]  ? vga16fb_imageblit+0x1bdb/0x2160
[   45.915271]  print_address_description.cold+0x5/0x1dc
[   45.915277]  ? vga16fb_imageblit+0x1bdb/0x2160
[   45.915281]  kasan_report.cold+0xa9/0x2af
[   45.915403]  __asan_report_load2_noabort+0x14/0x20
[   45.915412]  vga16fb_imageblit+0x1bdb/0x2160
[   45.915430]  soft_cursor+0x4ff/0xa50
[   45.915438]  ? trace_hardirqs_on+0x10/0x10
[   45.915449]  bit_cursor+0x11be/0x1830
[   45.915457]  ? bit_clear+0x4a0/0x4a0
[   45.915465]  ? fb_get_color_depth+0x5f/0x70
[   45.915470]  ? get_color+0x1bf/0x3b0
[   45.915476]  fbcon_cursor+0x4e3/0x6f0
[   45.915481]  ? bit_clear+0x4a0/0x4a0
[   45.915489]  hide_cursor+0x9d/0x2e0
[   45.915493]  ? lock_downgrade+0x740/0x740
[   45.915498]  redraw_screen+0x2a5/0x7c0
[   45.915505]  ? con_flush_chars+0x90/0x90
[   45.915510]  ? mutex_unlock+0xd/0x10
[   45.915516]  ? tty_do_resize+0x43/0x160
[   45.915522]  vc_do_resize+0xc8a/0xec0
[   45.915531]  ? vt_console_print+0xf70/0xf70
[   45.915536]  ? trace_hardirqs_on+0x10/0x10
[   45.915543]  vc_resize+0x4d/0x60
[   45.915548]  fbcon_modechanged+0x36b/0x880
[   45.915557]  fbcon_event_notify+0x11f/0x17af
[   45.915562]  ? lock_acquire+0x16f/0x430
[   45.915570]  notifier_call_chain+0x111/0x1b0
[   45.915577]  blocking_notifier_call_chain+0x80/0xa0
[   45.915584]  fb_notifier_call_chain+0x25/0x30
[   45.915588]  fb_set_var+0xb09/0xcf0
[   45.915594]  ? fb_set_suspend+0x110/0x110
[   45.915599]  ? lock_acquire+0x16f/0x430
[   45.915603]  ? lock_fb_info+0x1f/0x80
[   45.915609]  ? lock_fb_info+0x1f/0x80
[   45.915613]  ? __mutex_lock+0x36a/0x1470
[   45.915618]  ? trace_hardirqs_on+0x10/0x10
[   45.915622]  ? lock_acquire+0x16f/0x430
[   45.915626]  ? __down+0x16b/0x290
[   45.915632]  ? mutex_trylock+0x1c0/0x1c0
[   45.915636]  ? down+0x70/0x90
[   45.915647]  ? mutex_lock_nested+0x16/0x20
[   45.915650]  ? mutex_lock_nested+0x16/0x20
[   45.915655]  do_fb_ioctl+0x3cc/0x940
[   45.915660]  ? fb_read+0x520/0x520
[   45.915668]  ? avc_has_extended_perms+0x8ec/0xe40
[   45.915673]  ? putname+0xdb/0x120
[   45.915679]  ? avc_ss_reset+0x110/0x110
[   45.915683]  ? kmem_cache_free+0x83/0x2b0
[   45.915689]  ? do_syscall_64+0x1e8/0x640
[   45.915694]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.915698]  ? find_held_lock+0x35/0x130
[   45.915704]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[   45.915718]  ? __might_sleep+0x93/0xb0
[   45.915725]  fb_ioctl+0xe6/0x130
[   45.915729]  ? do_fb_ioctl+0x940/0x940
[   45.915734]  do_vfs_ioctl+0x7ae/0x1060
[   45.915739]  ? selinux_file_mprotect+0x5d0/0x5d0
[   45.915743]  ? kmem_cache_free+0x244/0x2b0
[   45.915748]  ? ioctl_preallocate+0x1c0/0x1c0
[   45.915752]  ? putname+0xe0/0x120
[   45.915758]  ? do_sys_open+0x221/0x430
[   45.915766]  ? security_file_ioctl+0x7d/0xb0
[   45.915770]  ? security_file_ioctl+0x89/0xb0
[   45.915780]  SyS_ioctl+0x8f/0xc0
[   45.915784]  ? do_vfs_ioctl+0x1060/0x1060
[   45.915790]  do_syscall_64+0x1e8/0x640
[   45.915795]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.915802]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.915807] RIP: 0033:0x440309
[   45.915810] RSP: 002b:00007ffe0a9a3358 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   45.915816] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   45.915819] RDX: 0000000020000100 RSI: 0000000000004601 RDI: 0000000000000003
[   45.915822] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   45.915824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   45.915827] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   45.915835] 
[   45.915837] The buggy address belongs to the variable:
[   45.915842]  transl_h+0x38/0x40
[   45.915844] 
[   45.915845] Memory state around the buggy address:
[   45.915850]  ffffffff87087a80: 00 03 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa
[   45.915854]  ffffffff87087b00: 00 00 00 00 00 fa fa fa fa fa fa fa 04 fa fa fa
[   45.915857] >ffffffff87087b80: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00
[   45.915859]                                                     ^
[   45.915862]  ffffffff87087c00: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 00 04
[   45.915865]  ffffffff87087c80: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00
[   45.915867] ==================================================================
[   45.915870] Disabling lock debugging due to kernel taint
[   45.915873] Kernel panic - not syncing: panic_on_warn set ...
[   45.915873] 
[   45.915878] CPU: 0 PID: 7177 Comm: syz-executor686 Tainted: G    B           4.14.157-syzkaller #0
[   45.915880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.915881] Call Trace:
[   45.915889]  dump_stack+0x142/0x197
[   45.915894]  ? vga16fb_imageblit+0x1bdb/0x2160
[   45.915898]  panic+0x1f9/0x42d
[   45.915902]  ? add_taint.cold+0x16/0x16
[   45.915906]  ? lock_downgrade+0x740/0x740
[   45.915913]  kasan_end_report+0x47/0x4f
[   45.915917]  kasan_report.cold+0x130/0x2af
[   45.915922]  __asan_report_load2_noabort+0x14/0x20
[   45.915926]  vga16fb_imageblit+0x1bdb/0x2160
[   45.915932]  soft_cursor+0x4ff/0xa50
[   45.915936]  ? trace_hardirqs_on+0x10/0x10
[   45.915942]  bit_cursor+0x11be/0x1830
[   45.915948]  ? bit_clear+0x4a0/0x4a0
[   45.915953]  ? fb_get_color_depth+0x5f/0x70
[   45.915957]  ? get_color+0x1bf/0x3b0
[   45.915962]  fbcon_cursor+0x4e3/0x6f0
[   45.915965]  ? bit_clear+0x4a0/0x4a0
[   45.915969]  hide_cursor+0x9d/0x2e0
[   45.915973]  ? lock_downgrade+0x740/0x740
[   45.915977]  redraw_screen+0x2a5/0x7c0
[   45.915982]  ? con_flush_chars+0x90/0x90
[   45.915985]  ? mutex_unlock+0xd/0x10
[   45.915989]  ? tty_do_resize+0x43/0x160
[   45.915994]  vc_do_resize+0xc8a/0xec0
[   45.916000]  ? vt_console_print+0xf70/0xf70
[   45.916004]  ? trace_hardirqs_on+0x10/0x10
[   45.916009]  vc_resize+0x4d/0x60
[   45.916013]  fbcon_modechanged+0x36b/0x880
[   45.916018]  fbcon_event_notify+0x11f/0x17af
[   45.916022]  ? lock_acquire+0x16f/0x430
[   45.916027]  notifier_call_chain+0x111/0x1b0
[   45.916032]  blocking_notifier_call_chain+0x80/0xa0
[   45.916037]  fb_notifier_call_chain+0x25/0x30
[   45.916040]  fb_set_var+0xb09/0xcf0
[   45.916044]  ? fb_set_suspend+0x110/0x110
[   45.916048]  ? lock_acquire+0x16f/0x430
[   45.916051]  ? lock_fb_info+0x1f/0x80
[   45.916055]  ? lock_fb_info+0x1f/0x80
[   45.916059]  ? __mutex_lock+0x36a/0x1470
[   45.916063]  ? trace_hardirqs_on+0x10/0x10
[   45.916067]  ? lock_acquire+0x16f/0x430
[   45.916070]  ? __down+0x16b/0x290
[   45.916074]  ? mutex_trylock+0x1c0/0x1c0
[   45.916077]  ? down+0x70/0x90
[   45.916085]  ? mutex_lock_nested+0x16/0x20
[   45.916088]  ? mutex_lock_nested+0x16/0x20
[   45.916092]  do_fb_ioctl+0x3cc/0x940
[   45.916095]  ? fb_read+0x520/0x520
[   45.916099]  ? avc_has_extended_perms+0x8ec/0xe40
[   45.916103]  ? putname+0xdb/0x120
[   45.916108]  ? avc_ss_reset+0x110/0x110
[   45.916111]  ? kmem_cache_free+0x83/0x2b0
[   45.916115]  ? do_syscall_64+0x1e8/0x640
[   45.916119]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.916123]  ? find_held_lock+0x35/0x130
[   45.916127]  ? debug_check_no_obj_freed+0x2aa/0x7b7
[   45.916135]  ? __might_sleep+0x93/0xb0
[   45.916139]  fb_ioctl+0xe6/0x130
[   45.916143]  ? do_fb_ioctl+0x940/0x940
[   45.916146]  do_vfs_ioctl+0x7ae/0x1060
[   45.916150]  ? selinux_file_mprotect+0x5d0/0x5d0
[   45.916153]  ? kmem_cache_free+0x244/0x2b0
[   45.916158]  ? ioctl_preallocate+0x1c0/0x1c0
[   45.916161]  ? putname+0xe0/0x120
[   45.916165]  ? do_sys_open+0x221/0x430
[   45.916170]  ? security_file_ioctl+0x7d/0xb0
[   45.916174]  ? security_file_ioctl+0x89/0xb0
[   45.916178]  SyS_ioctl+0x8f/0xc0
[   45.916182]  ? do_vfs_ioctl+0x1060/0x1060
[   45.916186]  do_syscall_64+0x1e8/0x640
[   45.916190]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.916196]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   45.916198] RIP: 0033:0x440309
[   45.916200] RSP: 002b:00007ffe0a9a3358 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   45.916205] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   45.916207] RDX: 0000000020000100 RSI: 0000000000004601 RDI: 0000000000000003
[   45.916209] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   45.916211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   45.916214] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   45.918003] Kernel Offset: disabled
[   46.804136] Rebooting in 86400 seconds..