[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 62.379458][ T27] audit: type=1800 audit(1576508140.776:25): pid=8937 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 62.399386][ T27] audit: type=1800 audit(1576508140.776:26): pid=8937 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 62.421079][ T27] audit: type=1800 audit(1576508140.776:27): pid=8937 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 74.525993][ T9091] ==================================================================
[ 74.526033][ T9091] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1c8b/0x2200
[ 74.526041][ T9091] Read of size 2 at addr ffffffff8875111e by task syz-executor683/9091
[ 74.526043][ T9091]
[ 74.526053][ T9091] CPU: 1 PID: 9091 Comm: syz-executor683 Not tainted 5.5.0-rc1-syzkaller #0
[ 74.526058][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 74.526061][ T9091] Call Trace:
[ 74.526074][ T9091] dump_stack+0x197/0x210
[ 74.526081][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200
[ 74.526093][ T9091] print_address_description.constprop.0.cold+0x5/0x30b
[ 74.526099][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200
[ 74.526106][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200
[ 74.526114][ T9091] __kasan_report.cold+0x1b/0x41
[ 74.526123][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200
[ 74.526132][ T9091] kasan_report+0x12/0x20
[ 74.526140][ T9091] __asan_report_load2_noabort+0x14/0x20
[ 74.526147][ T9091] vga16fb_imageblit+0x1c8b/0x2200
[ 74.526155][ T9091] ? mark_lock+0xdf/0x1220
[ 74.526169][ T9091] soft_cursor+0x4fb/0xa30
[ 74.526177][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0
[ 74.526189][ T9091] bit_cursor+0x12fc/0x1a60
[ 74.526201][ T9091] ? bit_clear+0x530/0x530
[ 74.526210][ T9091] ? fbcon_putcs+0x33c/0x3e0
[ 74.526217][ T9091] ? fbcon_putcs+0x343/0x3e0
[ 74.526232][ T9091] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 74.526241][ T9091] ? get_color+0x225/0x430
[ 74.526249][ T9091] fbcon_cursor+0x487/0x660
[ 74.526256][ T9091] ? bit_clear+0x530/0x530
[ 74.526267][ T9091] set_cursor+0x1fb/0x280
[ 74.526276][ T9091] redraw_screen+0x4e1/0x7d0
[ 74.526282][ T9091] ? efifb_probe.cold+0x181f/0x181f
[ 74.526291][ T9091] ? respond_string+0x2c0/0x2c0
[ 74.526301][ T9091] ? fbcon_set_palette+0x3c4/0x4a0
[ 74.526312][ T9091] fbcon_modechanged+0x5c3/0x790
[ 74.526323][ T9091] fbcon_update_vcs+0x42/0x50
[ 74.526331][ T9091] fb_set_var+0xb32/0xdd0
[ 74.526340][ T9091] ? fb_blank+0x1a0/0x1a0
[ 74.526347][ T9091] ? lock_acquire+0x190/0x410
[ 74.526360][ T9091] ? __mutex_lock+0x458/0x13c0
[ 74.526368][ T9091] ? down+0x50/0x90
[ 74.526387][ T9091] ? do_fb_ioctl+0x335/0x7d0
[ 74.526400][ T9091] do_fb_ioctl+0x390/0x7d0
[ 74.526408][ T9091] ? fb_mmap+0x520/0x520
[ 74.526414][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0
[ 74.526427][ T9091] ? tomoyo_path_number_perm+0x454/0x520
[ 74.526437][ T9091] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 74.526444][ T9091] ? tomoyo_path_number_perm+0x25e/0x520
[ 74.526454][ T9091] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 74.526479][ T9091] fb_compat_ioctl+0x305/0xc50
[ 74.526488][ T9091] ? fb_release+0x150/0x150
[ 74.526501][ T9091] ? do_sys_open+0x31d/0x5d0
[ 74.526513][ T9091] ? tomoyo_file_ioctl+0x23/0x30
[ 74.526521][ T9091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 74.526529][ T9091] ? security_file_ioctl+0x8d/0xc0
[ 74.526540][ T9091] __ia32_compat_sys_ioctl+0x233/0x610
[ 74.526548][ T9091] ? fb_release+0x150/0x150
[ 74.526561][ T9091] do_fast_syscall_32+0x27b/0xe16
[ 74.526573][ T9091] entry_SYSENTER_compat+0x70/0x7f
[ 74.526580][ T9091] RIP: 0023:0xf7f5ea39
[ 74.526590][ T9091] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 74.526594][ T9091] RSP: 002b:00000000fff15d3c EFLAGS: 00000213 ORIG_RAX: 0000000000000036
[ 74.526603][ T9091] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[ 74.526607][ T9091] RDX: 0000000020000000 RSI: 00000000080ea078 RDI: 00000000fff15d90
[ 74.526612][ T9091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 74.526616][ T9091] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 74.526621][ T9091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 74.526631][ T9091]
[ 74.526634][ T9091] The buggy address belongs to the variable:
[ 74.526642][ T9091] transl_h+0x3e/0x40
[ 74.526644][ T9091]
[ 74.526647][ T9091] Memory state around the buggy address:
[ 74.526654][ T9091] ffffffff88751000: 00 00 00 00 fa fa fa fa 00 00 00 00 00 fa fa fa
[ 74.526660][ T9091] ffffffff88751080: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00
[ 74.526666][ T9091] >ffffffff88751100: fa fa fa fa 00 00 00 00 fa fa fa fa 00 01 fa fa
[ 74.526669][ T9091] ^
[ 74.526675][ T9091] ffffffff88751180: fa fa fa fa 00 00 00 04 fa fa fa fa 00 00 04 fa
[ 74.526681][ T9091] ffffffff88751200: fa fa fa fa 00 00 00 00 00 00 02 fa fa fa fa fa
[ 74.526684][ T9091] ==================================================================
[ 74.526687][ T9091] Disabling lock debugging due to kernel taint
[ 74.526691][ T9091] Kernel panic - not syncing: panic_on_warn set ...
[ 74.526699][ T9091] CPU: 1 PID: 9091 Comm: syz-executor683 Tainted: G B 5.5.0-rc1-syzkaller #0
[ 74.526703][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 74.526705][ T9091] Call Trace:
[ 74.526712][ T9091] dump_stack+0x197/0x210
[ 74.526722][ T9091] panic+0x2e3/0x75c
[ 74.526729][ T9091] ? add_taint.cold+0x16/0x16
[ 74.526740][ T9091] ? trace_hardirqs_on+0x67/0x240
[ 74.526747][ T9091] ? trace_hardirqs_on+0x5e/0x240
[ 74.526754][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200
[ 74.526761][ T9091] end_report+0x47/0x4f
[ 74.526767][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200
[ 74.526773][ T9091] __kasan_report.cold+0xe/0x41
[ 74.526780][ T9091] ? vga16fb_imageblit+0x1c8b/0x2200
[ 74.526787][ T9091] kasan_report+0x12/0x20
[ 74.526795][ T9091] __asan_report_load2_noabort+0x14/0x20
[ 74.526801][ T9091] vga16fb_imageblit+0x1c8b/0x2200
[ 74.526807][ T9091] ? mark_lock+0xdf/0x1220
[ 74.526816][ T9091] soft_cursor+0x4fb/0xa30
[ 74.526822][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0
[ 74.526831][ T9091] bit_cursor+0x12fc/0x1a60
[ 74.526839][ T9091] ? bit_clear+0x530/0x530
[ 74.526846][ T9091] ? fbcon_putcs+0x33c/0x3e0
[ 74.526853][ T9091] ? fbcon_putcs+0x343/0x3e0
[ 74.526863][ T9091] ? __sanitizer_cov_trace_switch+0x49/0x80
[ 74.526870][ T9091] ? get_color+0x225/0x430
[ 74.526877][ T9091] fbcon_cursor+0x487/0x660
[ 74.526883][ T9091] ? bit_clear+0x530/0x530
[ 74.526890][ T9091] set_cursor+0x1fb/0x280
[ 74.526898][ T9091] redraw_screen+0x4e1/0x7d0
[ 74.526903][ T9091] ? efifb_probe.cold+0x181f/0x181f
[ 74.526911][ T9091] ? respond_string+0x2c0/0x2c0
[ 74.526919][ T9091] ? fbcon_set_palette+0x3c4/0x4a0
[ 74.526935][ T9091] fbcon_modechanged+0x5c3/0x790
[ 74.526944][ T9091] fbcon_update_vcs+0x42/0x50
[ 74.526951][ T9091] fb_set_var+0xb32/0xdd0
[ 74.526958][ T9091] ? fb_blank+0x1a0/0x1a0
[ 74.526964][ T9091] ? lock_acquire+0x190/0x410
[ 74.526972][ T9091] ? __mutex_lock+0x458/0x13c0
[ 74.526979][ T9091] ? down+0x50/0x90
[ 74.526991][ T9091] ? do_fb_ioctl+0x335/0x7d0
[ 74.527000][ T9091] do_fb_ioctl+0x390/0x7d0
[ 74.527006][ T9091] ? fb_mmap+0x520/0x520
[ 74.527012][ T9091] ? lockdep_hardirqs_on+0x421/0x5e0
[ 74.527020][ T9091] ? tomoyo_path_number_perm+0x454/0x520
[ 74.527029][ T9091] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 74.527036][ T9091] ? tomoyo_path_number_perm+0x25e/0x520
[ 74.527043][ T9091] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 74.527059][ T9091] fb_compat_ioctl+0x305/0xc50
[ 74.527066][ T9091] ? fb_release+0x150/0x150
[ 74.527072][ T9091] ? do_sys_open+0x31d/0x5d0
[ 74.527080][ T9091] ? tomoyo_file_ioctl+0x23/0x30
[ 74.527088][ T9091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 74.527094][ T9091] ? security_file_ioctl+0x8d/0xc0
[ 74.527102][ T9091] __ia32_compat_sys_ioctl+0x233/0x610
[ 74.527109][ T9091] ? fb_release+0x150/0x150
[ 74.527117][ T9091] do_fast_syscall_32+0x27b/0xe16
[ 74.527125][ T9091] entry_SYSENTER_compat+0x70/0x7f
[ 74.527130][ T9091] RIP: 0023:0xf7f5ea39
[ 74.527137][ T9091] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 74.527141][ T9091] RSP: 002b:00000000fff15d3c EFLAGS: 00000213 ORIG_RAX: 0000000000000036
[ 74.527147][ T9091] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[ 74.527151][ T9091] RDX: 0000000020000000 RSI: 00000000080ea078 RDI: 00000000fff15d90
[ 74.527155][ T9091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 74.527159][ T9091] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 74.527163][ T9091] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 74.528648][ T9091] Kernel Offset: disabled
[ 75.354257][ T9091] Rebooting in 86400 seconds..