==================================================================
BUG: KASAN: global-out-of-bounds in soft_cursor+0x374/0x69c drivers/video/fbdev/core/softcursor.c:70
Read of size 16 at addr ffff80008b5d04d0 by task syz.2.493/9261

CPU: 1 UID: 0 PID: 9261 Comm: syz.2.493 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xa8/0x238 mm/kasan/report.c:378
 print_report+0x68/0x84 mm/kasan/report.c:482
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:200
 __asan_memcpy+0x3c/0x84 mm/kasan/shadow.c:105
 soft_cursor+0x374/0x69c drivers/video/fbdev/core/softcursor.c:70
 bit_cursor+0x1008/0x173c drivers/video/fbdev/core/bitblit.c:395
 fbcon_cursor+0x450/0x66c drivers/video/fbdev/core/fbcon.c:1378
 hide_cursor+0xdc/0x3dc drivers/tty/vt/vt.c:855
 update_region+0x1b0/0x458 drivers/tty/vt/vt.c:641
 vcs_write+0x948/0x10f8 drivers/tty/vt/vc_screen.c:685
 do_loop_readv_writev fs/read_write.c:850 [inline]
 vfs_writev+0x3cc/0x7cc fs/read_write.c:1059
 do_writev+0x128/0x290 fs/read_write.c:1103
 __do_sys_writev fs/read_write.c:1171 [inline]
 __se_sys_writev fs/read_write.c:1168 [inline]
 __arm64_sys_writev+0x80/0x94 fs/read_write.c:1168
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

The buggy address belongs to the variable:
 .str.2+0x10/0x20

The buggy address belongs to a vmalloc virtual mapping
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x202fd0
flags: 0x5ffc00000002000(reserved|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002000 fffffdffc70bf408 fffffdffc70bf408 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff80008b5d0380: 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffff80008b5d0400: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
>ffff80008b5d0480: 06 f9 f9 f9 05 f9 f9 f9 06 f9 f9 f9 00 00 00 00
                                                 ^
 ffff80008b5d0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff80008b5d0580: 00 00 06 f9 f9 f9 f9 f9 00 02 f9 f9 00 01 f9 f9
==================================================================