Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   47.096144] kauditd_printk_skb: 2 callbacks suppressed
[   47.096159] audit: type=1400 audit(1575373386.827:36): avc:  denied  { map } for  pid=7660 comm="syz-executor224" path="/root/syz-executor224548000" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   47.212143] ==================================================================
[   47.212169] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xd5d/0xf10
[   47.212176] Read of size 1 at addr ffff888091df0734 by task syz-executor224/7660
[   47.212178] 
[   47.212189] CPU: 1 PID: 7660 Comm: syz-executor224 Not tainted 4.19.87-syzkaller #0
[   47.212194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.212197] Call Trace:
[   47.212209]  dump_stack+0x197/0x210
[   47.212218]  ? bit_putcs+0xd5d/0xf10
[   47.212230]  print_address_description.cold+0x7c/0x20d
[   47.212238]  ? bit_putcs+0xd5d/0xf10
[   47.212246]  kasan_report.cold+0x8c/0x2ba
[   47.212257]  __asan_report_load1_noabort+0x14/0x20
[   47.212264]  bit_putcs+0xd5d/0xf10
[   47.212282]  ? bit_cursor+0x1a60/0x1a60
[   47.212292]  ? __sanitizer_cov_trace_cmp1+0x1/0x20
[   47.212302]  ? fb_get_color_depth.part.0+0xcf/0x200
[   47.212312]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   47.212322]  fbcon_putcs+0x42b/0x4f0
[   47.212331]  ? bit_cursor+0x1a60/0x1a60
[   47.212343]  do_update_region+0x42b/0x6f0
[   47.212355]  ? con_get_trans_old+0x2a0/0x2a0
[   47.212364]  ? fbcon_set_palette+0x227/0x610
[   47.212372]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.212379]  ? fbcon_redraw.isra.0+0x490/0x490
[   47.212390]  redraw_screen+0x602/0x8e0
[   47.212397]  ? efifb_probe.cold+0x17e9/0x17e9
[   47.212407]  ? con_flush_chars+0xa0/0xa0
[   47.212416]  ? fbcon_set_palette+0x227/0x610
[   47.212425]  fbcon_modechanged+0x5f3/0x900
[   47.212437]  fbcon_event_notify+0x1bd/0x1dba
[   47.212448]  ? lock_acquire+0x16f/0x3f0
[   47.212459]  notifier_call_chain+0xc2/0x230
[   47.212472]  blocking_notifier_call_chain+0x94/0xb0
[   47.212483]  fb_notifier_call_chain+0x25/0x30
[   47.212491]  fb_set_var+0xc8f/0xe80
[   47.212500]  ? fb_set_suspend+0x130/0x130
[   47.212509]  ? lock_acquire+0x16f/0x3f0
[   47.212516]  ? lock_fb_info+0x1f/0x80
[   47.212530]  ? __mutex_lock+0x3cd/0x1300
[   47.212537]  ? mark_held_locks+0x100/0x100
[   47.212545]  ? lock_fb_info+0x1f/0x80
[   47.212556]  ? mutex_trylock+0x1e0/0x1e0
[   47.212563]  ? down+0x50/0x90
[   47.212578]  ? do_fb_ioctl+0x3e1/0xab0
[   47.212589]  ? mutex_lock_nested+0x16/0x20
[   47.212599]  do_fb_ioctl+0x450/0xab0
[   47.212607]  ? fb_read+0x580/0x580
[   47.212616]  ? kasan_check_read+0x11/0x20
[   47.212626]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.212636]  ? avc_has_extended_perms+0xa78/0x10f0
[   47.212649]  ? avc_ss_reset+0x190/0x190
[   47.212658]  ? __kasan_slab_free+0x102/0x150
[   47.212665]  ? kasan_slab_free+0xe/0x10
[   47.212671]  ? kmem_cache_free+0x86/0x260
[   47.212679]  ? putname+0xef/0x130
[   47.212686]  ? do_sys_open+0x318/0x550
[   47.212692]  ? __x64_sys_openat+0x9d/0x100
[   47.212701]  ? do_syscall_64+0xfd/0x620
[   47.212708]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.212731]  fb_ioctl+0xe6/0x130
[   47.212738]  ? do_fb_ioctl+0xab0/0xab0
[   47.212746]  do_vfs_ioctl+0xd5f/0x1380
[   47.212754]  ? selinux_file_ioctl+0x46f/0x5e0
[   47.212762]  ? selinux_file_ioctl+0x125/0x5e0
[   47.212770]  ? ioctl_preallocate+0x210/0x210
[   47.212778]  ? selinux_file_mprotect+0x620/0x620
[   47.212786]  ? kmem_cache_free+0x222/0x260
[   47.212796]  ? do_sys_open+0x31d/0x550
[   47.212807]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.212815]  ? security_file_ioctl+0x8d/0xc0
[   47.212824]  ksys_ioctl+0xab/0xd0
[   47.212833]  __x64_sys_ioctl+0x73/0xb0
[   47.212842]  do_syscall_64+0xfd/0x620
[   47.212851]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.212858] RIP: 0033:0x444dd9
[   47.212868] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.212872] RSP: 002b:00007fff053d4498 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   47.212880] RAX: ffffffffffffffda RBX: 00007fff053d44a0 RCX: 0000000000444dd9
[   47.212885] RDX: 00000000200002c0 RSI: 0000000000004601 RDI: 0000000000000005
[   47.212889] RBP: 0000000000000000 R08: 0000000000401690 R09: 0000000000401690
[   47.212894] R10: 0000000000401690 R11: 0000000000000246 R12: 0000000000402ae0
[   47.212898] R13: 0000000000402b70 R14: 0000000000000000 R15: 0000000000000000
[   47.212909] 
[   47.212913] Allocated by task 7660:
[   47.212920]  save_stack+0x45/0xd0
[   47.212927]  kasan_kmalloc+0xce/0xf0
[   47.212932]  __kmalloc+0x15d/0x750
[   47.212938]  fbcon_set_font+0x32d/0x860
[   47.212944]  con_font_op+0xe18/0x1250
[   47.212950]  vt_ioctl+0xd2e/0x2530
[   47.212958]  tty_ioctl+0x7f3/0x1510
[   47.212964]  do_vfs_ioctl+0xd5f/0x1380
[   47.212970]  ksys_ioctl+0xab/0xd0
[   47.212976]  __x64_sys_ioctl+0x73/0xb0
[   47.212983]  do_syscall_64+0xfd/0x620
[   47.212989]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.212991] 
[   47.212995] Freed by task 5866:
[   47.213001]  save_stack+0x45/0xd0
[   47.213008]  __kasan_slab_free+0x102/0x150
[   47.213017]  kasan_slab_free+0xe/0x10
[   47.213023]  kfree+0xcf/0x220
[   47.213029]  free_pipe_info+0x243/0x300
[   47.213036]  put_pipe_info+0xd0/0xf0
[   47.213042]  pipe_release+0x1e6/0x280
[   47.213049]  __fput+0x2dd/0x8b0
[   47.213055]  ____fput+0x16/0x20
[   47.213062]  task_work_run+0x145/0x1c0
[   47.213069]  exit_to_usermode_loop+0x273/0x2c0
[   47.213076]  do_syscall_64+0x53d/0x620
[   47.213082]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.213084] 
[   47.213090] The buggy address belongs to the object at ffff888091df04c0
[   47.213090]  which belongs to the cache kmalloc-1024 of size 1024
[   47.213096] The buggy address is located 628 bytes inside of
[   47.213096]  1024-byte region [ffff888091df04c0, ffff888091df08c0)
[   47.213099] The buggy address belongs to the page:
[   47.213111] page:ffffea0002477c00 count:1 mapcount:0 mapping:ffff88812c31cac0 index:0x0 compound_mapcount: 0
[   47.213119] flags: 0xfffe0000008100(slab|head)
[   47.213129] raw: 00fffe0000008100 ffffea000230a908 ffffea00029f6308 ffff88812c31cac0
[   47.213138] raw: 0000000000000000 ffff888091df0040 0000000100000007 0000000000000000
[   47.213141] page dumped because: kasan: bad access detected
[   47.213143] 
[   47.213146] Memory state around the buggy address:
[   47.213152]  ffff888091df0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   47.213158]  ffff888091df0680: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   47.213163] >ffff888091df0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.213166]                                      ^
[   47.213172]  ffff888091df0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.213178]  ffff888091df0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.213180] ==================================================================
[   47.213183] Disabling lock debugging due to kernel taint
[   47.213187] Kernel panic - not syncing: panic_on_warn set ...
[   47.213187] 
[   47.213195] CPU: 1 PID: 7660 Comm: syz-executor224 Tainted: G    B             4.19.87-syzkaller #0
[   47.213199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.213201] Call Trace:
[   47.213208]  dump_stack+0x197/0x210
[   47.213215]  ? bit_putcs+0xd5d/0xf10
[   47.213222]  panic+0x26a/0x50e
[   47.213228]  ? __warn_printk+0xf3/0xf3
[   47.213235]  ? lock_downgrade+0x880/0x880
[   47.213245]  ? trace_hardirqs_on+0x67/0x220
[   47.213252]  ? trace_hardirqs_on+0x5e/0x220
[   47.213259]  ? bit_putcs+0xd5d/0xf10
[   47.213266]  kasan_end_report+0x47/0x4f
[   47.213273]  kasan_report.cold+0xa9/0x2ba
[   47.213282]  __asan_report_load1_noabort+0x14/0x20
[   47.213288]  bit_putcs+0xd5d/0xf10
[   47.213300]  ? bit_cursor+0x1a60/0x1a60
[   47.213307]  ? __sanitizer_cov_trace_cmp1+0x1/0x20
[   47.213315]  ? fb_get_color_depth.part.0+0xcf/0x200
[   47.213323]  ? __sanitizer_cov_trace_switch+0x49/0x80
[   47.213330]  fbcon_putcs+0x42b/0x4f0
[   47.213338]  ? bit_cursor+0x1a60/0x1a60
[   47.213346]  do_update_region+0x42b/0x6f0
[   47.213355]  ? con_get_trans_old+0x2a0/0x2a0
[   47.213362]  ? fbcon_set_palette+0x227/0x610
[   47.213369]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.213376]  ? fbcon_redraw.isra.0+0x490/0x490
[   47.213384]  redraw_screen+0x602/0x8e0
[   47.213391]  ? efifb_probe.cold+0x17e9/0x17e9
[   47.213399]  ? con_flush_chars+0xa0/0xa0
[   47.213406]  ? fbcon_set_palette+0x227/0x610
[   47.213414]  fbcon_modechanged+0x5f3/0x900
[   47.213422]  fbcon_event_notify+0x1bd/0x1dba
[   47.213430]  ? lock_acquire+0x16f/0x3f0
[   47.213439]  notifier_call_chain+0xc2/0x230
[   47.213449]  blocking_notifier_call_chain+0x94/0xb0
[   47.213457]  fb_notifier_call_chain+0x25/0x30
[   47.213464]  fb_set_var+0xc8f/0xe80
[   47.213472]  ? fb_set_suspend+0x130/0x130
[   47.213479]  ? lock_acquire+0x16f/0x3f0
[   47.213486]  ? lock_fb_info+0x1f/0x80
[   47.213495]  ? __mutex_lock+0x3cd/0x1300
[   47.213502]  ? mark_held_locks+0x100/0x100
[   47.213509]  ? lock_fb_info+0x1f/0x80
[   47.213517]  ? mutex_trylock+0x1e0/0x1e0
[   47.213523]  ? down+0x50/0x90
[   47.213534]  ? do_fb_ioctl+0x3e1/0xab0
[   47.213542]  ? mutex_lock_nested+0x16/0x20
[   47.213550]  do_fb_ioctl+0x450/0xab0
[   47.213557]  ? fb_read+0x580/0x580
[   47.213564]  ? kasan_check_read+0x11/0x20
[   47.213572]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.213580]  ? avc_has_extended_perms+0xa78/0x10f0
[   47.213589]  ? avc_ss_reset+0x190/0x190
[   47.213597]  ? __kasan_slab_free+0x102/0x150
[   47.213603]  ? kasan_slab_free+0xe/0x10
[   47.213609]  ? kmem_cache_free+0x86/0x260
[   47.213616]  ? putname+0xef/0x130
[   47.213622]  ? do_sys_open+0x318/0x550
[   47.213628]  ? __x64_sys_openat+0x9d/0x100
[   47.213635]  ? do_syscall_64+0xfd/0x620
[   47.213641]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.213656]  fb_ioctl+0xe6/0x130
[   47.213662]  ? do_fb_ioctl+0xab0/0xab0
[   47.213669]  do_vfs_ioctl+0xd5f/0x1380
[   47.213676]  ? selinux_file_ioctl+0x46f/0x5e0
[   47.213683]  ? selinux_file_ioctl+0x125/0x5e0
[   47.213690]  ? ioctl_preallocate+0x210/0x210
[   47.213696]  ? selinux_file_mprotect+0x620/0x620
[   47.213703]  ? kmem_cache_free+0x222/0x260
[   47.213711]  ? do_sys_open+0x31d/0x550
[   47.213720]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.213726]  ? security_file_ioctl+0x8d/0xc0
[   47.213734]  ksys_ioctl+0xab/0xd0
[   47.213741]  __x64_sys_ioctl+0x73/0xb0
[   47.213749]  do_syscall_64+0xfd/0x620
[   47.213757]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.213761] RIP: 0033:0x444dd9
[   47.213768] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   47.213772] RSP: 002b:00007fff053d4498 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   47.213778] RAX: ffffffffffffffda RBX: 00007fff053d44a0 RCX: 0000000000444dd9
[   47.213782] RDX: 00000000200002c0 RSI: 0000000000004601 RDI: 0000000000000005
[   47.213786] RBP: 0000000000000000 R08: 0000000000401690 R09: 0000000000401690
[   47.213790] R10: 0000000000401690 R11: 0000000000000246 R12: 0000000000402ae0
[   47.213794] R13: 0000000000402b70 R14: 0000000000000000 R15: 0000000000000000
[   47.215135] Kernel Offset: disabled
[   48.248680] Rebooting in 86400 seconds..