==================================================================
BUG: KASAN: global-out-of-bounds in memcpy include/linux/string.h:347 [inline]
BUG: KASAN: global-out-of-bounds in soft_cursor+0x445/0xa40 drivers/video/fbdev/core/softcursor.c:70
Read of size 32 at addr ffffffff86c69880 by task syz-executor.2/19018

CPU: 1 PID: 19018 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_address_description.cold+0x5/0x1dc mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0xa9/0x2b9 mm/kasan/report.c:393
 memcpy+0x20/0x50 mm/kasan/kasan.c:302
 memcpy include/linux/string.h:347 [inline]
 soft_cursor+0x445/0xa40 drivers/video/fbdev/core/softcursor.c:70
 bit_cursor+0x1072/0x1660 drivers/video/fbdev/core/bitblit.c:386
 fbcon_cursor+0x4b1/0x690 drivers/video/fbdev/core/fbcon.c:1350
 hide_cursor+0x7a/0x2a0 drivers/tty/vt/vt.c:590
 redraw_screen+0x2a2/0x760 drivers/tty/vt/vt.c:680
 fbcon_do_set_font+0x6bd/0x990 drivers/video/fbdev/core/fbcon.c:2564
 fbcon_copy_font+0x125/0x190 drivers/video/fbdev/core/fbcon.c:2579
 con_font_copy drivers/tty/vt/vt.c:4238 [inline]
 con_font_op+0x58b/0xf70 drivers/tty/vt/vt.c:4253
 vt_ioctl+0x1376/0x1f20 drivers/tty/vt/vt_ioctl.c:980
 tty_ioctl+0x6c9/0x1220 drivers/tty/tty_io.c:2661
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xfe0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45cb29
RSP: 002b:00007f6e93189c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004e76c0 RCX: 000000000045cb29
RDX: 0000000020000040 RSI: 0000000000004b72 RDI: 0000000000000006
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000037e R14: 00000000004c6212 R15: 00007f6e9318a6d4

The buggy address belongs to the variable:
 str__msr__trace_system_name+0x220/0x9a0

Memory state around the buggy address:
 ffffffff86c69780: fa fa fa fa 00 04 fa fa fa fa fa fa 00 02 fa fa
 ffffffff86c69800: fa fa fa fa 00 00 01 fa fa fa fa fa 04 fa fa fa
>ffffffff86c69880: fa fa fa fa 00 00 00 00 06 fa fa fa fa fa fa fa
                   ^
 ffffffff86c69900: 00 00 00 fa fa fa fa fa 00 00 00 fa fa fa fa fa
 ffffffff86c69980: 00 00 00 03 fa fa fa fa 00 00 00 04 fa fa fa fa
==================================================================