syzbot

==================================================================
BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned drivers/video/fbdev/core/sysfillrect.c:54 [inline]
BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 drivers/video/fbdev/core/sysfillrect.c:25
Write of size 8 at addr ffffc90009a91000 by task syz-executor080/9273

CPU: 3 PID: 9273 Comm: syz-executor080 Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383
 __kasan_report mm/kasan/report.c:513 [inline]
 kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
 bitfill_aligned drivers/video/fbdev/core/sysfillrect.c:54 [inline]
 bitfill_aligned+0x34a/0x400 drivers/video/fbdev/core/sysfillrect.c:25
 sys_fillrect+0x408/0x7a0 drivers/video/fbdev/core/sysfillrect.c:291
 drm_fb_helper_sys_fillrect+0x1e/0x190 drivers/gpu/drm/drm_fb_helper.c:731
 bit_clear_margins+0x2d5/0x4a0 drivers/video/fbdev/core/bitblit.c:232
 fbcon_clear_margins+0x1d5/0x230 drivers/video/fbdev/core/fbcon.c:1381
 fbcon_switch+0xb6e/0x16c0 drivers/video/fbdev/core/fbcon.c:2363
 redraw_screen+0x2ae/0x770 drivers/tty/vt/vt.c:1015
 fbcon_modechanged+0x575/0x710 drivers/video/fbdev/core/fbcon.c:3001
 fbcon_update_vcs+0x3a/0x50 drivers/video/fbdev/core/fbcon.c:3048
 fb_set_var+0xae8/0xd60 drivers/video/fbdev/core/fbmem.c:1056
 do_fb_ioctl+0x33f/0x6c0 drivers/video/fbdev/core/fbmem.c:1109
 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1185
 vfs_ioctl fs/ioctl.c:48 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:753
 __do_sys_ioctl fs/ioctl.c:762 [inline]
 __se_sys_ioctl fs/ioctl.c:760 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:760
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x433d79
Code: c4 18 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb da fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc03901138 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000433d79
RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003
RBP: 00000000006b2018 R08: 0000000000000000 R09: 00000000004002e0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c10
R13: 0000000000401ca0 R14: 0000000000000000 R15: 0000000000000000


Memory state around the buggy address:
 ffffc90009a90f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90009a90f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90009a91000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                   ^
 ffffc90009a91080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc90009a91100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================