[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 57.083072][ T6855] ==================================================================
[ 57.083113][ T6855] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c36/0x2210
[ 57.083121][ T6855] Read of size 2 at addr ffffffff8899f5be by task syz-executor726/6855
[ 57.083123][ T6855]
[ 57.083133][ T6855] CPU: 1 PID: 6855 Comm: syz-executor726 Not tainted 5.9.0-rc2-syzkaller #0
[ 57.083137][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 57.083141][ T6855] Call Trace:
[ 57.083152][ T6855] dump_stack+0x198/0x1fd
[ 57.083163][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083170][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083182][ T6855] print_address_description.constprop.0.cold+0x5/0x497
[ 57.083192][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083202][ T6855] ? lockdep_hardirqs_off+0x96/0xd0
[ 57.083212][ T6855] ? vprintk_func+0x97/0x1a6
[ 57.083222][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083229][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083236][ T6855] kasan_report.cold+0x1f/0x37
[ 57.083247][ T6855] ? lock_downgrade+0x830/0x830
[ 57.083255][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083265][ T6855] vga16fb_imageblit+0x1c36/0x2210
[ 57.083280][ T6855] ? fb_pad_aligned_buffer+0x14f/0x150
[ 57.083293][ T6855] soft_cursor+0x514/0xa30
[ 57.083309][ T6855] bit_cursor+0x1166/0x17d0
[ 57.083323][ T6855] ? kmalloc_array.constprop.0+0x20/0x20
[ 57.083338][ T6855] ? do_update_region+0x47c/0x630
[ 57.083347][ T6855] ? fb_get_color_depth+0x11a/0x240
[ 57.083357][ T6855] ? __sanitizer_cov_trace_switch+0x45/0x70
[ 57.083365][ T6855] ? get_color+0x20e/0x410
[ 57.083376][ T6855] fbcon_cursor+0x537/0x660
[ 57.083384][ T6855] ? kmalloc_array.constprop.0+0x20/0x20
[ 57.083391][ T6855] ? fbcon_set_palette+0x3a8/0x490
[ 57.083402][ T6855] set_cursor+0x1d2/0x240
[ 57.083417][ T6855] redraw_screen+0x4b9/0x770
[ 57.083425][ T6855] ? vga16fb_update_fix+0x4a0/0x4a0
[ 57.083435][ T6855] ? vc_init+0x430/0x430
[ 57.083446][ T6855] ? fbcon_set_palette+0x3a8/0x490
[ 57.083456][ T6855] fbcon_modechanged+0x575/0x710
[ 57.083468][ T6855] fbcon_update_vcs+0x3a/0x50
[ 57.083476][ T6855] do_fb_ioctl+0x62e/0x690
[ 57.083486][ T6855] ? fb_set_suspend+0x1a0/0x1a0
[ 57.083497][ T6855] ? tomoyo_execute_permission+0x470/0x470
[ 57.083513][ T6855] ? lock_is_held_type+0xbb/0xf0
[ 57.083526][ T6855] ? __sanitizer_cov_trace_switch+0x45/0x70
[ 57.083537][ T6855] ? do_vfs_ioctl+0x27d/0x1090
[ 57.083558][ T6855] ? __x64_sys_openat+0x13f/0x1f0
[ 57.083571][ T6855] fb_ioctl+0xdd/0x130
[ 57.083578][ T6855] ? do_fb_ioctl+0x690/0x690
[ 57.083587][ T6855] __x64_sys_ioctl+0x193/0x200
[ 57.083598][ T6855] do_syscall_64+0x2d/0x70
[ 57.083607][ T6855] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 57.083614][ T6855] RIP: 0033:0x4403d9
[ 57.083625][ T6855] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 57.083631][ T6855] RSP: 002b:00007ffc12e0e638 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 57.083640][ T6855] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403d9
[ 57.083645][ T6855] RDX: 00000000200000c0 RSI: 0000000000004601 RDI: 0000000000000003
[ 57.083650][ T6855] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[ 57.083655][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401be0
[ 57.083660][ T6855] R13: 0000000000401c70 R14: 0000000000000000 R15: 0000000000000000
[ 57.083677][ T6855]
[ 57.083680][ T6855] The buggy address belongs to the variable:
[ 57.083688][ T6855] transl_h+0x3e/0x40
[ 57.083690][ T6855]
[ 57.083693][ T6855] Memory state around the buggy address:
[ 57.083700][ T6855] ffffffff8899f480: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
[ 57.083707][ T6855] ffffffff8899f500: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9
[ 57.083713][ T6855] >ffffffff8899f580: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9
[ 57.083716][ T6855] ^
[ 57.083722][ T6855] ffffffff8899f600: 00 01 f9 f9 f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9
[ 57.083728][ T6855] ffffffff8899f680: 00 00 04 f9 f9 f9 f9 f9 00 00 00 00 00 00 02 f9
[ 57.083732][ T6855] ==================================================================
[ 57.083735][ T6855] Disabling lock debugging due to kernel taint
[ 57.083739][ T6855] Kernel panic - not syncing: panic_on_warn set ...
[ 57.083747][ T6855] CPU: 1 PID: 6855 Comm: syz-executor726 Tainted: G B 5.9.0-rc2-syzkaller #0
[ 57.083751][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 57.083753][ T6855] Call Trace:
[ 57.083760][ T6855] dump_stack+0x198/0x1fd
[ 57.083767][ T6855] ? vga16fb_imageblit+0x1b90/0x2210
[ 57.083775][ T6855] panic+0x347/0x7c0
[ 57.083783][ T6855] ? __warn_printk+0xf3/0xf3
[ 57.083793][ T6855] ? trace_hardirqs_on+0x55/0x220
[ 57.083800][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083807][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083813][ T6855] end_report+0x4d/0x53
[ 57.083820][ T6855] kasan_report.cold+0xd/0x37
[ 57.083828][ T6855] ? lock_downgrade+0x830/0x830
[ 57.083834][ T6855] ? vga16fb_imageblit+0x1c36/0x2210
[ 57.083841][ T6855] vga16fb_imageblit+0x1c36/0x2210
[ 57.083850][ T6855] ? fb_pad_aligned_buffer+0x14f/0x150
[ 57.083858][ T6855] soft_cursor+0x514/0xa30
[ 57.083867][ T6855] bit_cursor+0x1166/0x17d0
[ 57.083876][ T6855] ? kmalloc_array.constprop.0+0x20/0x20
[ 57.083885][ T6855] ? do_update_region+0x47c/0x630
[ 57.083893][ T6855] ? fb_get_color_depth+0x11a/0x240
[ 57.083899][ T6855] ? __sanitizer_cov_trace_switch+0x45/0x70
[ 57.083906][ T6855] ? get_color+0x20e/0x410
[ 57.083913][ T6855] fbcon_cursor+0x537/0x660
[ 57.083920][ T6855] ? kmalloc_array.constprop.0+0x20/0x20
[ 57.083926][ T6855] ? fbcon_set_palette+0x3a8/0x490
[ 57.083934][ T6855] set_cursor+0x1d2/0x240
[ 57.083941][ T6855] redraw_screen+0x4b9/0x770
[ 57.083948][ T6855] ? vga16fb_update_fix+0x4a0/0x4a0
[ 57.083955][ T6855] ? vc_init+0x430/0x430
[ 57.083963][ T6855] ? fbcon_set_palette+0x3a8/0x490
[ 57.083970][ T6855] fbcon_modechanged+0x575/0x710
[ 57.083978][ T6855] fbcon_update_vcs+0x3a/0x50
[ 57.083985][ T6855] do_fb_ioctl+0x62e/0x690
[ 57.083992][ T6855] ? fb_set_suspend+0x1a0/0x1a0
[ 57.084000][ T6855] ? tomoyo_execute_permission+0x470/0x470
[ 57.084009][ T6855] ? lock_is_held_type+0xbb/0xf0
[ 57.084017][ T6855] ? __sanitizer_cov_trace_switch+0x45/0x70
[ 57.084024][ T6855] ? do_vfs_ioctl+0x27d/0x1090
[ 57.084035][ T6855] ? __x64_sys_openat+0x13f/0x1f0
[ 57.084043][ T6855] fb_ioctl+0xdd/0x130
[ 57.084050][ T6855] ? do_fb_ioctl+0x690/0x690
[ 57.084056][ T6855] __x64_sys_ioctl+0x193/0x200
[ 57.084064][ T6855] do_syscall_64+0x2d/0x70
[ 57.084071][ T6855] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 57.084075][ T6855] RIP: 0033:0x4403d9
[ 57.084082][ T6855] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 57.084086][ T6855] RSP: 002b:00007ffc12e0e638 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 57.084092][ T6855] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403d9
[ 57.084097][ T6855] RDX: 00000000200000c0 RSI: 0000000000004601 RDI: 0000000000000003
[ 57.084101][ T6855] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[ 57.084105][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401be0
[ 57.084109][ T6855] R13: 0000000000401c70 R14: 0000000000000000 R15: 0000000000000000
[ 57.085280][ T6855] Kernel Offset: disabled
[ 57.823355][ T6855] Rebooting in 86400 seconds..