[   41.657355] audit: type=1800 audit(1576562615.836:32): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   41.683173] audit: type=1800 audit(1576562615.866:33): pid=7139 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   49.832821] IPVS: Creating netns size=2712 id=1
[   49.837713] IPVS: ftp: loaded support on port[0] = 21
[   50.432135] audit: type=1400 audit(1576562624.616:34): avc:  denied  { create } for  pid=7320 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
[   50.456295] audit: type=1400 audit(1576562624.646:35): avc:  denied  { create } for  pid=7320 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   50.481273] audit: type=1400 audit(1576562624.666:36): avc:  denied  { create } for  pid=7320 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts.
2019/12/17 06:03:51 parsed 1 programs
2019/12/17 06:03:51 executed programs: 0
[   57.710636] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   57.721259] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   57.734033] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   57.743025] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   57.751090] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   57.758950] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   57.776304] IPVS: Creating netns size=2712 id=2
[   57.781258] IPVS: ftp: loaded support on port[0] = 21
[   57.847237] IPVS: Creating netns size=2712 id=3
[   57.852395] IPVS: ftp: loaded support on port[0] = 21
[   57.986642] chnl_net:caif_netlink_parms(): no params data found
[   58.026129] IPVS: Creating netns size=2712 id=4
[   58.031819] IPVS: ftp: loaded support on port[0] = 21
[   58.211713] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.218258] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.227196] device bridge_slave_0 entered promiscuous mode
[   58.249595] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.255990] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.264988] device bridge_slave_1 entered promiscuous mode
[   58.338215] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.351060] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.361980] IPVS: Creating netns size=2712 id=5
[   58.366816] IPVS: ftp: loaded support on port[0] = 21
[   58.382937] chnl_net:caif_netlink_parms(): no params data found
[   58.563995] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   58.597716] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   58.684823] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.691299] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.700567] device bridge_slave_0 entered promiscuous mode
[   58.713850] chnl_net:caif_netlink_parms(): no params data found
[   58.727473] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.734203] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.743214] device bridge_slave_1 entered promiscuous mode
[   58.756124] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   58.801168] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   58.821192] IPVS: Creating netns size=2712 id=6
[   58.826017] IPVS: ftp: loaded support on port[0] = 21
[   58.855769] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.867314] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.920388] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.926849] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.935991] device bridge_slave_0 entered promiscuous mode
[   58.944324] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.951141] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.960435] device bridge_slave_1 entered promiscuous mode
[   59.082065] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   59.117144] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   59.148538] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   59.183422] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   59.321647] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   59.342671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   59.356114] IPVS: Creating netns size=2712 id=7
[   59.366601] IPVS: ftp: loaded support on port[0] = 21
[   59.381361] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   59.388618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   59.422006] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   59.466988] chnl_net:caif_netlink_parms(): no params data found
[   59.653998] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   59.662690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   59.685489] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   59.764661] chnl_net:caif_netlink_parms(): no params data found
[   59.814040] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.821537] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.830889] device bridge_slave_0 entered promiscuous mode
[   59.860161] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.866605] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.875920] device bridge_slave_1 entered promiscuous mode
[   59.910771] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   59.990927] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.046062] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.198471] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.205394] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.214458] device bridge_slave_0 entered promiscuous mode
[   60.250893] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.270372] chnl_net:caif_netlink_parms(): no params data found
[   60.285030] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.291803] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.301098] device bridge_slave_1 entered promiscuous mode
[   60.339830] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   60.371513] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.383500] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.397275] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   60.406907] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   60.595414] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   60.611581] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.619677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   60.626891] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.633717] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.643568] device bridge_slave_0 entered promiscuous mode
[   60.651182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.659464] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   60.670099] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   60.699517] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.705907] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.715487] device bridge_slave_1 entered promiscuous mode
[   60.801804] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   60.817268] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.841037] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.855928] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   60.864994] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   60.902095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.966034] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.975850] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.982295] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.990070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.997805] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.004187] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.018659] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   61.043992] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.053185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.072938] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   61.087451] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   61.102799] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   61.112314] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   61.136070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   61.144026] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   61.156328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.164949] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.171367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.178344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.240336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.272521] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   61.281074] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   61.292293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.300390] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.306726] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.314190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.347729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.380000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.387791] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.394169] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.420629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.428045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.436528] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.442917] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.471062] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   61.485094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   61.536246] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   61.545197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   61.564949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   61.592795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.602898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.632280] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.664698] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.679880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.696061] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   61.750429] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.764947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.784916] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.816570] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   61.875264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.905279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.922638] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.929048] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.957731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.966399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.983816] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.990234] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.998926] audit: type=1400 audit(1576562636.176:37): avc:  denied  { associate } for  pid=7422 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   62.017972] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.031673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.051543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.088219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.101406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.111177] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.117543] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.138993] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.160831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.168393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.177529] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.183934] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.241687] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   62.267609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.300645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.320160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.350344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.371711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.448271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.458293] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.458347] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.483124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.483890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.484532] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.484588] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.565702] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   62.590581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   62.620001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
2019/12/17 06:03:56 executed programs: 8
[   62.671136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
2019/12/17 06:04:01 executed programs: 178
2019/12/17 06:04:06 executed programs: 379
2019/12/17 06:04:11 executed programs: 583
2019/12/17 06:04:16 executed programs: 760
** 1992 printk messages dropped ** [   85.854453] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.854454]                                               ^
[   85.854455]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.854456]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.854457] ==================================================================
[   85.854458] ==================================================================
[   85.854460] BUG: KASAN: use-after-free in fbcon_putcs+0x486/0x5a0 at addr ffff880126af7248
[   85.854461] Read of size 2 by task syz-executor.1/11658
[   85.854462] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.854463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.854465]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.854468]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.854470]  ffffffff81740207 0000000000000010 0000000100000000 0000000000000286
[   85.854470] Call Trace:
[   85.854472]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.854474]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.854477]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.854479]  [<ffffffff82daa9d6>] ? fbcon_putcs+0x486/0x5a0
[   85.854481]  [<ffffffff82daa9d6>] fbcon_putcs+0x486/0x5a0
[   85.854483]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.854484]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.854486]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.854488]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.854491]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.854493]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.854495]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.854497]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.854499]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854502]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.854504]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854506]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.854508]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.854510]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.854512]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.854514]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.854516]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.854517]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.854520]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.854522]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854523]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.854525]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.854527]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.854529]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.854531]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.854533]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.854535]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854537]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.854539]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.854541]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.854542]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.854545]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.854546]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854549]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854550] Object at ffff880126af7240, in cache kmalloc-32
[   85.854551] Object freed, allocated with size 14 bytes
[   85.854551] Allocation:
[   85.854552] PID = 11675
[   85.854554]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.854556]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.854558]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.854560]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.854562]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.854565]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854567]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854568]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854570]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854572]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854574]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854575] Deallocation:
[   85.854575] PID = 11658
[   85.854578]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.854580]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.854582]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.854584]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.854586]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.854588]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854590]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854592]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854594]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854596]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854598]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854599] Memory state around the buggy address:
[   85.854600]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.854601]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.854602] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.854603]                                               ^
[   85.854604]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.854605]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.854605] ==================================================================
[   85.854606] ==================================================================
[   85.854608] BUG: KASAN: use-after-free in bit_putcs+0xce9/0xd20 at addr ffff880126af7248
[   85.854609] Read of size 2 by task syz-executor.1/11658
[   85.854610] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.854611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.854613]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff880126af7248
[   85.854615]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.854618]  ffffffff81740207 ffff8800a868f4e8 0000000000000086 0000000000000286
[   85.854618] Call Trace:
[   85.854620]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.854622]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.854624]  [<ffffffff85b6fce6>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[   85.854626]  [<ffffffff81429810>] ? down_trylock+0x50/0x70
[   85.854629]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.854630]  [<ffffffff82dc5b99>] ? bit_putcs+0xce9/0xd20
[   85.854632]  [<ffffffff82dc5b99>] bit_putcs+0xce9/0xd20
[   85.854633]  [<ffffffff81465e5a>] ? vprintk_default+0x1a/0x20
[   85.854635]  [<ffffffff82c79250>] ? vsprintf+0x20/0x20
[   85.854637]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.854639]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.854641]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.854643]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.854646]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.854647]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.854649]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.854651]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.854653]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.854656]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.854658]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.854661]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.854662]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.854665]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854667]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.854669]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854671]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.854673]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.854675]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.854677]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.854679]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.854681]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.854683]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.854685]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.854687]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854688]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.854690]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.854691]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.854693]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.854695]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.854698]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.854699]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854702]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.854704]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.854705]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.854707]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.854709]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.854711]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854713]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854714] Object at ffff880126af7240, in cache kmalloc-32
[   85.854715] Object freed, allocated with size 14 bytes
[   85.854715] Allocation:
[   85.854716] PID = 11675
[   85.854718]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.854720]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.854722]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.854724]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.854727]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.854729]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854731]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854733]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854735]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854736]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854739]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854739] Deallocation:
[   85.854740] PID = 11658
[   85.854742]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.854744]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.854746]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.854748]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.854750]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.854753]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854755]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854756]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854758]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854760]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854763]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854763] Memory state around the buggy address:
[   85.854764]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.854765]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.854767] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.854767]                                               ^
[   85.854768]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.854770]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.854770] ==================================================================
[   85.854771] ==================================================================
[   85.854772] BUG: KASAN: use-after-free in bit_putcs+0xc73/0xd20 at addr ffff880126af7248
[   85.854773] Read of size 2 by task syz-executor.1/11658
[   85.854775] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.854776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.854778]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff8800ba5cdf70
[   85.854780]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.854783]  ffffffff81740207 0000000000000010 0000000000000000 0000000000000286
[   85.854783] Call Trace:
[   85.854785]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.854787]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.854789]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.854791]  [<ffffffff82dc5b23>] ? bit_putcs+0xc73/0xd20
[   85.854792]  [<ffffffff82dc5b23>] bit_putcs+0xc73/0xd20
[   85.854794]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.854796]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.854799]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.854801]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.854803]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.854805]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.854806]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.854808]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.854811]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.854813]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.854816]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.854819]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.854821]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.854824]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854826]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.854828]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854830]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.854832]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.854834]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.854836]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.854838]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.854840]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.854841]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.854844]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.854852]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854854]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.854855]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.854857]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.854858]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.854861]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.854863]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.854865]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854867]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.854869]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.854871]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.854872]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.854875]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.854876]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854879]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854880] Object at ffff880126af7240, in cache kmalloc-32
[   85.854881] Object freed, allocated with size 14 bytes
[   85.854881] Allocation:
[   85.854882] PID = 11675
[   85.854884]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.854886]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.854888]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.854890]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.854892]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.854895]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854897]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854898]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854900]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854902]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854904]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854905] Deallocation:
[   85.854905] PID = 11658
[   85.854907]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.854909]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.854912]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.854913]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.854916]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.854918]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.854920]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.854922]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.854923]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.854925]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.854928]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.854928] Memory state around the buggy address:
[   85.854929]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.854930]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.854931] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.854932]                                               ^
[   85.854933]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.854934]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.854935] ==================================================================
[   85.855009] ==================================================================
[   85.855010] BUG: KASAN: use-after-free in fbcon_scrolldelta+0xfff/0x10a0 at addr ffff880126af724a
[   85.855011] Read of size 2 by task syz-executor.1/11658
[   85.855013] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.855014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.855016]  1ffffffff0d9577e ffff8800a868f700 ffffffff82c4dd46 ffff880126af724c
[   85.855018]  ffff8800a868f790 ffff880126af7240 ffff88012bc00100 ffff8800a868f780
[   85.855021]  ffffffff81740207 ffffffff8174065e ffff8800ba6f4e40 0000000000000286
[   85.855021] Call Trace:
[   85.855023]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.855025]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.855027]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.855034]  [<ffffffff82daa8c4>] ? fbcon_putcs+0x374/0x5a0
[   85.855036]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.855038]  [<ffffffff82db26df>] ? fbcon_scrolldelta+0xfff/0x10a0
[   85.855039]  [<ffffffff82db26df>] fbcon_scrolldelta+0xfff/0x10a0
[   85.855041]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.855043]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.855045]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.855048]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.855050]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.855052]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.855054]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855057]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.855058]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855061]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.855063]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.855065]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.855067]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855069]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.855071]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.855073]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.855075]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.855077]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855079]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.855080]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.855082]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855083]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.855086]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.855088]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.855090]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855092]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.855094]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.855095]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.855097]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.855099]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.855101]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855103]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855105] Object at ffff880126af7240, in cache kmalloc-32
[   85.855105] Object freed, allocated with size 14 bytes
[   85.855106] Allocation:
[   85.855106] PID = 11675
[   85.855109]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855111]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855113]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.855114]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.855117]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.855119]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855121]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855123]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855125]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855127]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855129]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855129] Deallocation:
[   85.855130] PID = 11658
[   85.855132]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855134]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855136]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.855138]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.855140]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.855143]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855144]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855146]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855148]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855150]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855152]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855153] Memory state around the buggy address:
[   85.855154]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.855155]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.855156] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.855157]                                               ^
[   85.855158]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.855159]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.855159] ==================================================================
[   85.855160] ==================================================================
[   85.855163] BUG: KASAN: use-after-free in fbcon_putcs+0x471/0x5a0 at addr ffff880126af724a
[   85.855164] Read of size 2 by task syz-executor.1/11658
[   85.855165] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.855166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.855168]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.855170]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.855173]  ffffffff81740207 ffffffff8174048d 000000010000000d 0000000000000286
[   85.855173] Call Trace:
[   85.855175]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.855177]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.855180]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.855184]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.855187]  [<ffffffff82daa9c1>] ? fbcon_putcs+0x471/0x5a0
[   85.855190]  [<ffffffff82daa9c1>] fbcon_putcs+0x471/0x5a0
[   85.855194]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.855196]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.855199]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.855203]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.855206]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.855210]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.855214]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.855217]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.855220]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855223]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.855226]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855230]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.855233]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.855236]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.855239]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855242]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.855246]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.855248]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.855252]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.855255]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855258]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.855261]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.855264]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855266]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.855270]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.855274]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.855277]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855280]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.855283]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.855285]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.855287]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.855289]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.855291]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855293]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855294] Object at ffff880126af7240, in cache kmalloc-32
[   85.855295] Object freed, allocated with size 14 bytes
[   85.855296] Allocation:
[   85.855296] PID = 11675
[   85.855299]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855301]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855303]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.855305]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.855307]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.855309]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855311]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855313]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855315]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855317]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855319]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855320] Deallocation:
[   85.855320] PID = 11658
[   85.855323]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855325]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855327]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.855328]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.855331]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.855333]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855335]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855337]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855339]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855340]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855343]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855343] Memory state around the buggy address:
[   85.855344]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.855346]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.855347] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.855347]                                               ^
[   85.855348]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.855350]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.855350] ==================================================================
[   85.855351] ==================================================================
[   85.855353] BUG: KASAN: use-after-free in fbcon_putcs+0x486/0x5a0 at addr ffff880126af724a
[   85.855354] Read of size 2 by task syz-executor.1/11658
[   85.855356] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.855357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.855359]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.855361]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.855364]  ffffffff81740207 0000000000000010 0000000100000000 0000000000000286
[   85.855364] Call Trace:
[   85.855366]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.855368]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.855370]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.855373]  [<ffffffff82daa9d6>] ? fbcon_putcs+0x486/0x5a0
[   85.855375]  [<ffffffff82daa9d6>] fbcon_putcs+0x486/0x5a0
[   85.855376]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.855378]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.855380]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.855382]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.855384]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.855387]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.855389]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.855391]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.855393]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855396]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.855397]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855400]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.855402]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.855404]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.855406]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855408]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.855410]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.855411]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.855414]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.855415]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855417]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.855419]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.855420]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855422]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.855424]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.855427]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.855428]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855431]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.855432]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.855434]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.855435]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.855438]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.855440]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855442]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855443] Object at ffff880126af7240, in cache kmalloc-32
[   85.855444] Object freed, allocated with size 14 bytes
[   85.855444] Allocation:
[   85.855445] PID = 11675
[   85.855447]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855449]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855451]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.855453]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.855456]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.855458]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855460]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855462]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855464]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855465]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855468]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855468] Deallocation:
[   85.855469] PID = 11658
[   85.855471]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855473]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855475]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.855477]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.855479]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.855482]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855484]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855485]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855487]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855489]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855491]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855492] Memory state around the buggy address:
[   85.855493]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.855494]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.855495] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.855496]                                               ^
[   85.855497]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.855498]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.855499] ==================================================================
[   85.855499] ==================================================================
[   85.855501] BUG: KASAN: use-after-free in bit_putcs+0xce9/0xd20 at addr ffff880126af724a
[   85.855502] Read of size 2 by task syz-executor.1/11658
[   85.855503] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.855504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.855507]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff880126af724a
[   85.855509]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.855511]  ffffffff81740207 ffff8800a868f4e8 0000000000000086 0000000000000286
[   85.855512] Call Trace:
[   85.855513]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.855516]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.855518]  [<ffffffff85b6fce6>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[   85.855520]  [<ffffffff81429810>] ? down_trylock+0x50/0x70
[   85.855522]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.855524]  [<ffffffff82dc5b99>] ? bit_putcs+0xce9/0xd20
[   85.855525]  [<ffffffff82dc5b99>] bit_putcs+0xce9/0xd20
[   85.855527]  [<ffffffff81465e5a>] ? vprintk_default+0x1a/0x20
[   85.855529]  [<ffffffff82c79250>] ? vsprintf+0x20/0x20
[   85.855531]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.855533]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.855535]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.855537]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.855540]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.855541]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.855543]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.855545]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.855547]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.855549]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.855551]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.855554]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.855556]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.855558]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855560]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.855562]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855565]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.855567]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.855569]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.855570]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855572]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.855574]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.855576]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.855578]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.855580]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855582]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.855583]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.855585]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855586]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.855589]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.855591]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.855593]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855595]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.855597]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.855598]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.855600]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.855602]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.855604]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855606]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855608] Object at ffff880126af7240, in cache kmalloc-32
[   85.855608] Object freed, allocated with size 14 bytes
[   85.855609] Allocation:
[   85.855609] PID = 11675
[   85.855611]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855613]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855615]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.855617]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.855620]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.855622]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855624]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855626]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855628]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855630]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855632]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855633] Deallocation:
[   85.855633] PID = 11658
[   85.855635]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855637]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855639]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.855641]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.855644]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.855646]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855648]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855650]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855652]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855654]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855656]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855656] Memory state around the buggy address:
[   85.855658]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.855659]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.855660] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.855661]                                               ^
[   85.855662]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.855663]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.855663] ==================================================================
[   85.855664] ==================================================================
[   85.855666] BUG: KASAN: use-after-free in bit_putcs+0xc73/0xd20 at addr ffff880126af724a
[   85.855667] Read of size 2 by task syz-executor.1/11658
[   85.855668] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.855669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.855671]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff8800ba5cdf80
[   85.855674]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.855676]  ffffffff81740207 0000000000000010 0000000000000000 0000000000000286
[   85.855676] Call Trace:
[   85.855678]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.855680]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.855682]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.855684]  [<ffffffff82dc5b23>] ? bit_putcs+0xc73/0xd20
[   85.855685]  [<ffffffff82dc5b23>] bit_putcs+0xc73/0xd20
[   85.855687]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.855689]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.855692]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.855694]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.855696]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.855698]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.855699]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.855701]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.855703]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.855706]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.855708]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.855711]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.855712]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.855715]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855717]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.855719]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855721]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.855723]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.855725]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.855727]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855729]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.855731]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.855733]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.855735]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.855737]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855738]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.855740]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.855742]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855743]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.855746]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.855748]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.855750]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855752]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.855754]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.855755]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.855757]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.855759]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.855761]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855764]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855765] Object at ffff880126af7240, in cache kmalloc-32
[   85.855765] Object freed, allocated with size 14 bytes
[   85.855766] Allocation:
[   85.855766] PID = 11675
[   85.855769]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855771]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855773]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.855775]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.855777]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.855780]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855782]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855783]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855785]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855787]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855789]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855790] Deallocation:
[   85.855790] PID = 11658
[   85.855793]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855795]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855797]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.855798]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.855801]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.855803]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855805]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855807]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855809]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855811]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855813]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855814] Memory state around the buggy address:
[   85.855815]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.855816]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.855817] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.855818]                                               ^
[   85.855819]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.855820]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.855820] ==================================================================
[   85.855894] ==================================================================
[   85.855895] BUG: KASAN: use-after-free in fbcon_scrolldelta+0xfff/0x10a0 at addr ffff880126af724c
[   85.855896] Read of size 2 by task syz-executor.1/11658
[   85.855898] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.855899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.855901]  1ffffffff0d9577e ffff8800a868f700 ffffffff82c4dd46 ffff880126af724e
[   85.855903]  ffff8800a868f790 ffff880126af7240 ffff88012bc00100 ffff8800a868f780
[   85.855906]  ffffffff81740207 ffffffff8174065e ffff8800ba6f4e40 0000000000000286
[   85.855906] Call Trace:
[   85.855908]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.855916]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.855919]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.855921]  [<ffffffff82daa8c4>] ? fbcon_putcs+0x374/0x5a0
[   85.855923]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.855925]  [<ffffffff82db26df>] ? fbcon_scrolldelta+0xfff/0x10a0
[   85.855926]  [<ffffffff82db26df>] fbcon_scrolldelta+0xfff/0x10a0
[   85.855928]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.855930]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.855933]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.855935]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.855938]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.855939]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.855942]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.855944]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.855946]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.855948]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.855950]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.855952]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.855954]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855956]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.855958]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.855960]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.855962]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.855964]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.855965]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.855967]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.855969]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.855970]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.855973]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.855975]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.855977]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.855979]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.855981]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.855982]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.855984]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.855986]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.855988]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.855990]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.855991] Object at ffff880126af7240, in cache kmalloc-32
[   85.855992] Object freed, allocated with size 14 bytes
[   85.855992] Allocation:
[   85.855993] PID = 11675
[   85.855995]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.855997]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.855999]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.856001]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.856004]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.856006]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856008]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856010]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856012]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856013]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856016]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856016] Deallocation:
[   85.856017] PID = 11658
[   85.856019]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856021]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856023]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.856025]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.856027]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.856034]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856036]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856037]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856039]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856041]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856043]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856044] Memory state around the buggy address:
[   85.856045]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.856046]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.856047] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.856048]                                               ^
[   85.856049]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.856050]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.856051] ==================================================================
[   85.856052] ==================================================================
[   85.856054] BUG: KASAN: use-after-free in fbcon_putcs+0x471/0x5a0 at addr ffff880126af724c
[   85.856055] Read of size 2 by task syz-executor.1/11658
[   85.856057] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.856057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.856060]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.856062]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.856064]  ffffffff81740207 ffffffff8174048d 000000010000000d 0000000000000286
[   85.856065] Call Trace:
[   85.856067]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.856069]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.856071]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.856073]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.856075]  [<ffffffff82daa9c1>] ? fbcon_putcs+0x471/0x5a0
[   85.856077]  [<ffffffff82daa9c1>] fbcon_putcs+0x471/0x5a0
[   85.856079]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.856081]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.856082]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.856085]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.856087]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.856089]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.856092]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.856093]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.856096]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856098]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.856100]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856102]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.856104]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.856106]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.856108]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856110]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.856112]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.856114]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.856116]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.856118]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856119]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.856121]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.856123]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856124]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.856127]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.856129]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.856131]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856133]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.856135]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.856136]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.856138]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.856140]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.856142]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856144]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856145] Object at ffff880126af7240, in cache kmalloc-32
[   85.856146] Object freed, allocated with size 14 bytes
[   85.856147] Allocation:
[   85.856147] PID = 11675
[   85.856149]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856151]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856153]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.856155]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.856158]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.856160]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856162]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856164]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856166]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856168]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856170]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856171] Deallocation:
[   85.856171] PID = 11658
[   85.856173]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856176]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856178]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.856179]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.856182]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.856184]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856186]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856188]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856190]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856192]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856194]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856195] Memory state around the buggy address:
[   85.856196]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.856197]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.856198] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.856199]                                               ^
[   85.856200]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.856201]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.856201] ==================================================================
[   85.856202] ==================================================================
[   85.856204] BUG: KASAN: use-after-free in fbcon_putcs+0x486/0x5a0 at addr ffff880126af724c
[   85.856205] Read of size 2 by task syz-executor.1/11658
[   85.856207] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.856207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.856210]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.856212]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.856214]  ffffffff81740207 0000000000000010 0000000100000000 0000000000000286
[   85.856215] Call Trace:
[   85.856217]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.856219]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.856221]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.856223]  [<ffffffff82daa9d6>] ? fbcon_putcs+0x486/0x5a0
[   85.856225]  [<ffffffff82daa9d6>] fbcon_putcs+0x486/0x5a0
[   85.856227]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.856229]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.856231]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.856233]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.856235]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.856237]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.856240]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.856242]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.856244]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856246]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.856248]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856250]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.856252]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.856254]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.856256]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856258]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.856260]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.856262]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.856264]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.856266]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856268]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.856269]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.856271]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856273]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.856277]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.856280]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.856283]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856286]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.856290]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.856292]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.856295]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.856299]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.856302]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856306]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856308] Object at ffff880126af7240, in cache kmalloc-32
[   85.856309] Object freed, allocated with size 14 bytes
[   85.856310] Allocation:
[   85.856311] PID = 11675
[   85.856314]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856317]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856320]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.856323]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.856327]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.856331]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856334]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856337]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856340]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856343]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856347]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856348] Deallocation:
[   85.856349] PID = 11658
[   85.856352]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856356]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856359]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.856362]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.856366]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.856369]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856373]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856375]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856378]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856380]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856383]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856383] Memory state around the buggy address:
[   85.856385]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.856386]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.856387] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.856388]                                               ^
[   85.856389]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.856390]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.856391] ==================================================================
[   85.856391] ==================================================================
[   85.856393] BUG: KASAN: use-after-free in bit_putcs+0xce9/0xd20 at addr ffff880126af724c
[   85.856394] Read of size 2 by task syz-executor.1/11658
[   85.856396] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.856396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.856399]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff880126af724c
[   85.856401]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.856403]  ffffffff81740207 ffff8800a868f4e8 0000000000000086 0000000000000286
[   85.856404] Call Trace:
[   85.856406]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.856408]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.856410]  [<ffffffff85b6fce6>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[   85.856412]  [<ffffffff81429810>] ? down_trylock+0x50/0x70
[   85.856414]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.856416]  [<ffffffff82dc5b99>] ? bit_putcs+0xce9/0xd20
[   85.856418]  [<ffffffff82dc5b99>] bit_putcs+0xce9/0xd20
[   85.856419]  [<ffffffff81465e5a>] ? vprintk_default+0x1a/0x20
[   85.856421]  [<ffffffff82c79250>] ? vsprintf+0x20/0x20
[   85.856423]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.856425]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.856427]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.856429]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.856431]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.856433]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.856435]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.856436]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.856439]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.856441]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.856443]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.856446]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.856448]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.856450]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856452]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.856454]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856456]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.856458]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.856460]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.856462]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856464]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.856466]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.856468]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.856470]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.856472]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856474]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.856475]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.856477]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856478]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.856481]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.856483]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.856485]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856487]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.856489]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.856490]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.856492]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.856494]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.856496]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856498]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856499] Object at ffff880126af7240, in cache kmalloc-32
[   85.856500] Object freed, allocated with size 14 bytes
[   85.856500] Allocation:
[   85.856501] PID = 11675
[   85.856503]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856505]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856507]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.856509]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.856512]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.856514]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856516]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856518]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856520]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856522]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856524]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856525] Deallocation:
[   85.856525] PID = 11658
[   85.856527]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856529]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856531]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.856533]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.856536]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.856538]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856540]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856542]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856544]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856546]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856548]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856549] Memory state around the buggy address:
[   85.856550]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.856551]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.856552] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.856553]                                               ^
[   85.856554]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.856555]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.856556] ==================================================================
[   85.856556] ==================================================================
[   85.856558] BUG: KASAN: use-after-free in bit_putcs+0xc73/0xd20 at addr ffff880126af724c
[   85.856559] Read of size 2 by task syz-executor.1/11658
[   85.856560] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.856561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.856564]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff8800ba5cdf90
[   85.856566]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.856568]  ffffffff81740207 0000000000000010 0000000000000000 0000000000000286
[   85.856569] Call Trace:
[   85.856570]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.856572]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.856575]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.856576]  [<ffffffff82dc5b23>] ? bit_putcs+0xc73/0xd20
[   85.856578]  [<ffffffff82dc5b23>] bit_putcs+0xc73/0xd20
[   85.856580]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.856582]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.856584]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.856586]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.856589]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.856590]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.856592]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.856594]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.856596]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.856598]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.856600]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.856603]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.856605]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.856607]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856609]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.856611]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856614]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.856616]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.856618]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.856619]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856621]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.856623]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.856625]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.856627]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.856629]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856631]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.856632]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.856634]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856636]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.856638]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.856640]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.856642]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856644]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.856646]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.856648]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.856649]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.856652]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.856653]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856656]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856657] Object at ffff880126af7240, in cache kmalloc-32
[   85.856658] Object freed, allocated with size 14 bytes
[   85.856658] Allocation:
[   85.856659] PID = 11675
[   85.856661]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856663]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856665]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.856667]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.856669]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.856672]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856674]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856676]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856677]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856679]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856682]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856682] Deallocation:
[   85.856683] PID = 11658
[   85.856685]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856687]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856689]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.856691]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.856693]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.856696]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856697]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856699]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856701]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856703]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856705]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856706] Memory state around the buggy address:
[   85.856707]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.856708]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.856709] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.856710]                                               ^
[   85.856711]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.856712]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.856713] ==================================================================
[   85.856788] ==================================================================
[   85.856790] BUG: KASAN: use-after-free in fbcon_scrolldelta+0xfff/0x10a0 at addr ffff880126af724e
[   85.856791] Read of size 2 by task syz-executor.1/11658
[   85.856792] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.856793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.856795]  1ffffffff0d9577e ffff8800a868f700 ffffffff82c4dd46 ffff880126af7250
[   85.856797]  ffff8800a868f790 ffff880126af7240 ffff88012bc00100 ffff8800a868f780
[   85.856800]  ffffffff81740207 ffffffff8174065e ffff8800ba6f4e40 0000000000000286
[   85.856800] Call Trace:
[   85.856802]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.856804]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.856806]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.856808]  [<ffffffff82daa8c4>] ? fbcon_putcs+0x374/0x5a0
[   85.856811]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.856812]  [<ffffffff82db26df>] ? fbcon_scrolldelta+0xfff/0x10a0
[   85.856814]  [<ffffffff82db26df>] fbcon_scrolldelta+0xfff/0x10a0
[   85.856816]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.856818]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.856820]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.856822]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.856825]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.856827]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.856829]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856831]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.856833]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856836]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.856838]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.856840]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.856841]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856843]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.856845]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.856847]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.856849]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.856851]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856853]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.856854]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.856856]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856858]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.856860]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.856862]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.856864]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856866]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.856868]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.856870]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.856871]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.856874]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.856875]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856878]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856879] Object at ffff880126af7240, in cache kmalloc-32
[   85.856879] Object freed, allocated with size 14 bytes
[   85.856880] Allocation:
[   85.856880] PID = 11675
[   85.856883]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856885]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856887]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.856889]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.856891]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.856894]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856896]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856897]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856899]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856901]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856903]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856904] Deallocation:
[   85.856904] PID = 11658
[   85.856906]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.856909]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.856911]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.856912]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.856915]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.856917]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856919]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856921]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.856923]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.856925]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.856927]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.856928] Memory state around the buggy address:
[   85.856929]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.856930]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.856931] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.856932]                                               ^
[   85.856933]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.856934]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.856934] ==================================================================
[   85.856935] ==================================================================
[   85.856938] BUG: KASAN: use-after-free in fbcon_putcs+0x471/0x5a0 at addr ffff880126af724e
[   85.856939] Read of size 2 by task syz-executor.1/11658
[   85.856940] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.856941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.856943]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.856946]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.856948]  ffffffff81740207 ffffffff8174048d 000000010000000d 0000000000000286
[   85.856948] Call Trace:
[   85.856950]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.856952]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.856954]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.856956]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.856959]  [<ffffffff82daa9c1>] ? fbcon_putcs+0x471/0x5a0
[   85.856961]  [<ffffffff82daa9c1>] fbcon_putcs+0x471/0x5a0
[   85.856962]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.856964]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.856966]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.856968]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.856970]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.856973]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.856975]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.856977]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.856979]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.856982]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.856983]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.856986]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.856988]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.856990]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.856992]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.856994]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.856995]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.856997]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.857000]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.857001]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857003]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.857005]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.857006]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857008]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.857010]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.857012]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.857014]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857016]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.857018]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.857020]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.857021]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.857024]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.857025]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857028]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857033] Object at ffff880126af7240, in cache kmalloc-32
[   85.857033] Object freed, allocated with size 14 bytes
[   85.857034] Allocation:
[   85.857034] PID = 11675
[   85.857037]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857039]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857041]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.857043]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.857045]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.857048]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857049]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857051]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857053]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857055]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857057]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857058] Deallocation:
[   85.857058] PID = 11658
[   85.857060]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857062]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857065]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.857066]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.857069]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.857071]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857073]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857075]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857077]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857078]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857081]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857081] Memory state around the buggy address:
[   85.857082]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.857084]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.857085] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.857085]                                               ^
[   85.857087]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.857088]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.857088] ==================================================================
[   85.857089] ==================================================================
[   85.857091] BUG: KASAN: use-after-free in fbcon_putcs+0x486/0x5a0 at addr ffff880126af724e
[   85.857092] Read of size 2 by task syz-executor.1/11658
[   85.857094] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.857094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.857097]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.857099]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.857101]  ffffffff81740207 0000000000000010 0000000100000000 0000000000000286
[   85.857102] Call Trace:
[   85.857104]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.857106]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.857108]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.857110]  [<ffffffff82daa9d6>] ? fbcon_putcs+0x486/0x5a0
[   85.857112]  [<ffffffff82daa9d6>] fbcon_putcs+0x486/0x5a0
[   85.857114]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.857116]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.857118]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.857120]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.857122]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.857124]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.857127]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.857129]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.857131]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857133]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.857135]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857137]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.857139]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.857142]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.857143]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857145]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.857147]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.857149]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.857151]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.857153]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857155]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.857157]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.857158]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857160]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.857162]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.857164]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.857166]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857168]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.857170]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.857172]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.857173]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.857176]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.857177]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857180]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857181] Object at ffff880126af7240, in cache kmalloc-32
[   85.857181] Object freed, allocated with size 14 bytes
[   85.857182] Allocation:
[   85.857182] PID = 11675
[   85.857185]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857187]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857189]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.857191]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.857193]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.857196]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857197]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857199]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857201]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857203]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857205]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857206] Deallocation:
[   85.857206] PID = 11658
[   85.857208]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857210]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857213]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.857214]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.857217]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.857219]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857221]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857223]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857225]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857226]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857229]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857229] Memory state around the buggy address:
[   85.857231]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.857232]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.857233] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.857233]                                               ^
[   85.857235]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.857236]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.857236] ==================================================================
[   85.857237] ==================================================================
[   85.857239] BUG: KASAN: use-after-free in bit_putcs+0xce9/0xd20 at addr ffff880126af724e
[   85.857239] Read of size 2 by task syz-executor.1/11658
[   85.857241] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.857242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.857244]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff880126af724e
[   85.857246]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.857249]  ffffffff81740207 ffff8800a868f4e8 0000000000000086 0000000000000286
[   85.857249] Call Trace:
[   85.857251]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.857253]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.857255]  [<ffffffff85b6fce6>] ? _raw_spin_unlock_irqrestore+0xa6/0xd0
[   85.857257]  [<ffffffff81429810>] ? down_trylock+0x50/0x70
[   85.857260]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.857261]  [<ffffffff82dc5b99>] ? bit_putcs+0xce9/0xd20
[   85.857263]  [<ffffffff82dc5b99>] bit_putcs+0xce9/0xd20
[   85.857264]  [<ffffffff81465e5a>] ? vprintk_default+0x1a/0x20
[   85.857266]  [<ffffffff82c79250>] ? vsprintf+0x20/0x20
[   85.857268]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.857270]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.857272]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.857274]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.857277]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.857278]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.857280]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.857282]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.857284]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.857286]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.857289]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.857291]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.857293]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.857295]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857297]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.857299]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857302]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.857304]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.857306]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.857307]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857309]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.857311]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.857313]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.857315]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.857317]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857319]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.857320]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.857322]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857323]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.857326]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.857328]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.857330]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857332]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.857334]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.857335]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.857337]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.857339]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.857341]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857343]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857344] Object at ffff880126af7240, in cache kmalloc-32
[   85.857345] Object freed, allocated with size 14 bytes
[   85.857345] Allocation:
[   85.857346] PID = 11675
[   85.857348]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857350]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857352]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.857354]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.857357]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.857359]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857361]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857363]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857365]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857367]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857370]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857370] Deallocation:
[   85.857371] PID = 11658
[   85.857374]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857378]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857381]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.857384]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.857388]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.857392]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857395]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857398]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857401]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857404]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857408]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857409] Memory state around the buggy address:
[   85.857411]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.857413]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.857415] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.857416]                                               ^
[   85.857418]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.857420]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.857421] ==================================================================
[   85.857422] ==================================================================
[   85.857424] BUG: KASAN: use-after-free in bit_putcs+0xc73/0xd20 at addr ffff880126af724e
[   85.857426] Read of size 2 by task syz-executor.1/11658
[   85.857429] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.857430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.857435]  1ffffffff0d9577e ffff8800a868f4c8 ffffffff82c4dd46 ffff8800ba5cdfa0
[   85.857439]  ffff8800a868f558 ffff880126af7240 ffff88012bc00100 ffff8800a868f548
[   85.857443]  ffffffff81740207 0000000000000010 0000000000000000 0000000000000286
[   85.857443] Call Trace:
[   85.857446]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.857450]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.857453]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.857456]  [<ffffffff82dc5b23>] ? bit_putcs+0xc73/0xd20
[   85.857459]  [<ffffffff82dc5b23>] bit_putcs+0xc73/0xd20
[   85.857463]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.857466]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.857469]  [<ffffffff82da9e20>] ? get_color+0x30/0x380
[   85.857472]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.857475]  [<ffffffff82daa8c4>] fbcon_putcs+0x374/0x5a0
[   85.857477]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.857479]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.857481]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.857483]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.857485]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.857488]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.857490]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.857492]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.857494]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857497]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.857498]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857501]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.857503]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.857505]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.857507]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857509]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.857511]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.857512]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.857515]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.857517]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857518]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.857520]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.857521]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857523]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.857526]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.857528]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.857530]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857532]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.857534]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.857535]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.857537]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.857539]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.857541]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857543]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857544] Object at ffff880126af7240, in cache kmalloc-32
[   85.857545] Object freed, allocated with size 14 bytes
[   85.857545] Allocation:
[   85.857546] PID = 11675
[   85.857548]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857550]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857553]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.857554]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.857557]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.857559]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857561]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857563]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857565]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857567]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857569]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857570] Deallocation:
[   85.857570] PID = 11658
[   85.857572]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857574]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857576]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.857578]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.857581]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.857583]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857585]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857587]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857589]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857590]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857593]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857593] Memory state around the buggy address:
[   85.857594]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.857596]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.857597] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.857597]                                               ^
[   85.857598]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.857600]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.857600] ==================================================================
[   85.857674] ==================================================================
[   85.857676] BUG: KASAN: use-after-free in fbcon_scrolldelta+0xfff/0x10a0 at addr ffff880126af7250
[   85.857677] Read of size 2 by task syz-executor.1/11658
[   85.857678] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.857679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.857681]  1ffffffff0d9577e ffff8800a868f700 ffffffff82c4dd46 ffff880126af7252
[   85.857684]  ffff8800a868f790 ffff880126af7240 ffff88012bc00100 ffff8800a868f780
[   85.857686]  ffffffff81740207 ffffffff8174065e ffff8800ba6f4e40 0000000000000286
[   85.857686] Call Trace:
[   85.857688]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.857690]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.857693]  [<ffffffff8174065e>] ? __asan_report_load2_noabort+0x3e/0x40
[   85.857695]  [<ffffffff82daa8c4>] ? fbcon_putcs+0x374/0x5a0
[   85.857697]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.857699]  [<ffffffff82db26df>] ? fbcon_scrolldelta+0xfff/0x10a0
[   85.857701]  [<ffffffff82db26df>] fbcon_scrolldelta+0xfff/0x10a0
[   85.857702]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.857705]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.857707]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.857709]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.857712]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.857714]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.857716]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857718]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.857720]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857723]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.857725]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.857727]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.857728]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857730]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.857732]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.857734]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.857736]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.857738]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857740]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.857741]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.857743]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857745]  [<ffffffff81437ae5>] ? __lock_acquire+0x1985/0x5560
[   85.857747]  [<ffffffff813b61a1>] ? ___might_sleep+0x331/0x440
[   85.857749]  [<ffffffff813b6340>] ? __might_sleep+0x90/0x1a0
[   85.857751]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857753]  [<ffffffff8298ad44>] ? selinux_file_ioctl+0x324/0x510
[   85.857755]  [<ffffffff817d2fb0>] ? ioctl_preallocate+0x1a0/0x1a0
[   85.857757]  [<ffffffff817f041f>] ? __fget+0x1df/0x320
[   85.857758]  [<ffffffff817f0282>] ? __fget+0x42/0x320
[   85.857760]  [<ffffffff8297311a>] ? security_file_ioctl+0x6a/0xa0
[   85.857762]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857765]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857766] Object at ffff880126af7240, in cache kmalloc-32
[   85.857766] Object freed, allocated with size 14 bytes
[   85.857767] Allocation:
[   85.857767] PID = 11675
[   85.857770]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857772]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857774]  [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0
[   85.857776]  [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0
[   85.857778]  [<ffffffff82fce4e9>] vc_do_resize+0x1e9/0x1350
[   85.857781]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857782]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857784]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857786]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857788]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857790]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857791] Deallocation:
[   85.857791] PID = 11658
[   85.857793]  [<ffffffff81205056>] save_stack_trace+0x26/0x50
[   85.857795]  [<ffffffff8173f3e6>] save_stack+0x46/0xd0
[   85.857798]  [<ffffffff8173fc8b>] kasan_slab_free+0x9b/0xb0
[   85.857799]  [<ffffffff81739f02>] kfree+0xe2/0x460
[   85.857802]  [<ffffffff82fcea10>] vc_do_resize+0x710/0x1350
[   85.857804]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857806]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857808]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857810]  [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70
[   85.857812]  [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80
[   85.857814]  [<ffffffff85b6fe80>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   85.857815] Memory state around the buggy address:
[   85.857816]  ffff880126af7100: 00 00 fc fc fc fc fc fc 00 00 06 fc fc fc fc fc
[   85.857817]  ffff880126af7180: 06 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   85.857818] >ffff880126af7200: 00 05 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   85.857819]                                                  ^
[   85.857820]  ffff880126af7280: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   85.857821]  ffff880126af7300: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[   85.857822] ==================================================================
[   85.857822] ==================================================================
[   85.857825] BUG: KASAN: use-after-free in fbcon_putcs+0x471/0x5a0 at addr ffff880126af7250
[   85.857826] Read of size 2 by task syz-executor.1/11658
[   85.857827] CPU: 1 PID: 11658 Comm: syz-executor.1 Tainted: G    B           4.6.0-syzkaller #0
[   85.857828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.857830]  1ffffffff0d9577e ffff8800a868f688 ffffffff82c4dd46 ffff8800ba6f4e40
[   85.857833]  ffff8800a868f718 ffff880126af7240 ffff88012bc00100 ffff8800a868f708
[   85.857835]  ffffffff81740207 ffffffff8174048d 000000010000000d 0000000000000286
[   85.857835] Call Trace:
[   85.857837]  [<ffffffff82c4dd46>] dump_stack+0xe6/0x120
[   85.857839]  [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0
[   85.857841]  [<ffffffff8174048d>] ? kasan_report_error+0x46d/0x5c0
[   85.857843]  [<ffffffff8174065e>] __asan_report_load2_noabort+0x3e/0x40
[   85.857846]  [<ffffffff82daa9c1>] ? fbcon_putcs+0x471/0x5a0
[   85.857848]  [<ffffffff82daa9c1>] fbcon_putcs+0x471/0x5a0
[   85.857850]  [<ffffffff82dc4eb0>] ? bit_clear+0x6e0/0x6e0
[   85.857851]  [<ffffffff82db2339>] fbcon_scrolldelta+0xc59/0x10a0
[   85.857853]  [<ffffffff82db2796>] fbcon_set_origin+0x16/0x20
[   85.857855]  [<ffffffff82fca7b7>] set_origin+0x2c7/0x390
[   85.857857]  [<ffffffff82fcea81>] vc_do_resize+0x781/0x1350
[   85.857860]  [<ffffffff82987680>] ? selinux_ipv4_output+0x120/0x120
[   85.857862]  [<ffffffff82fce300>] ? vc_init+0x490/0x490
[   85.857864]  [<ffffffff82fb4d39>] ? vt_ioctl+0x15c9/0x24e0
[   85.857866]  [<ffffffff82fcf68d>] vc_resize+0x3d/0x60
[   85.857869]  [<ffffffff814611ba>] ? console_lock+0x4a/0x70
[   85.857870]  [<ffffffff82fb4d9b>] vt_ioctl+0x162b/0x24e0
[   85.857873]  [<ffffffff81436160>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   85.857875]  [<ffffffff82fb3770>] ? complete_change_console+0x300/0x300
[   85.857877]  [<ffffffff82c59419>] ? plist_del+0xe9/0x1d0
[   85.857879]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   85.857881]  [<ffffffff82979d2b>] ? avc_has_extended_perms+0x27b/0x10f0
[   85.857883]  [<ffffffff82979d48>] ? avc_has_extended_perms+0x298/0x10f0
[   85.857884]  [<ffffffff82979b54>] ? avc_has_extended_perms+0xa4/0x10f0
[   85.857887]  [<ffffffff82d11d5f>] ? depot_save_stack+0x12f/0x480
[   85.857889]  [<ffffffff82f81da4>] tty_ioctl+0x5d4/0x20f0
[   85.857890]  [<ffffffff82f817d0>] ? no_tty+0x90/0x90
[   85.857892]  [<ffffffff81436e01>] ? __lock_acquire+0xca1/0x5560
[   85.857893]  [<ffffffff8147fc27>] ? debug_lockdep_rcu_enabled+0x77/0x90