Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. 2020/01/07 14:22:45 parsed 1 programs 2020/01/07 14:22:45 executed programs: 0 [ 56.031384] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 56.042982] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 56.052007] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 56.060868] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 56.069565] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 56.081496] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 56.097128] IPVS: Creating netns size=2712 id=2 [ 56.101933] IPVS: ftp: loaded support on port[0] = 21 [ 56.175959] IPVS: Creating netns size=2712 id=3 [ 56.181097] IPVS: ftp: loaded support on port[0] = 21 [ 56.314190] chnl_net:caif_netlink_parms(): no params data found [ 56.341076] IPVS: Creating netns size=2712 id=4 [ 56.346047] IPVS: ftp: loaded support on port[0] = 21 [ 56.585082] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.591521] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.598789] IPVS: Creating netns size=2712 id=5 [ 56.598868] IPVS: ftp: loaded support on port[0] = 21 [ 56.616207] device bridge_slave_0 entered promiscuous mode [ 56.624898] chnl_net:caif_netlink_parms(): no params data found [ 56.645286] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.651665] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.660742] device bridge_slave_1 entered promiscuous mode [ 56.774814] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.820071] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.001185] IPVS: Creating netns size=2712 id=6 [ 57.006757] IPVS: ftp: loaded support on port[0] = 21 [ 57.010578] chnl_net:caif_netlink_parms(): no params data found [ 57.024767] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.024855] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.029549] device bridge_slave_0 entered promiscuous mode [ 57.058941] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.067698] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.074828] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.084308] device bridge_slave_1 entered promiscuous mode [ 57.110549] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.294126] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.336077] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.358855] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.398147] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.449894] chnl_net:caif_netlink_parms(): no params data found [ 57.512036] IPVS: Creating netns size=2712 id=7 [ 57.517655] IPVS: ftp: loaded support on port[0] = 21 [ 57.534967] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.541479] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.551629] device bridge_slave_0 entered promiscuous mode [ 57.559458] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.566151] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.575497] device bridge_slave_1 entered promiscuous mode [ 57.671113] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.724107] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.743206] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.769748] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.066965] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.074003] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.080378] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.089328] device bridge_slave_0 entered promiscuous mode [ 58.108356] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.115454] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.121814] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.130763] device bridge_slave_1 entered promiscuous mode [ 58.138459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.214833] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.222681] chnl_net:caif_netlink_parms(): no params data found [ 58.304077] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.316806] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.420820] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.575956] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.584521] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.614274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.671789] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.680507] chnl_net:caif_netlink_parms(): no params data found [ 58.717613] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.724142] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.733468] device bridge_slave_0 entered promiscuous mode [ 58.796904] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.803732] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.813193] device bridge_slave_1 entered promiscuous mode [ 58.875731] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.948300] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.983919] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 59.018740] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.029880] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 59.165134] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.171534] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.180949] device bridge_slave_0 entered promiscuous mode [ 59.240857] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.248091] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.257010] device bridge_slave_1 entered promiscuous mode [ 59.365381] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.375882] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.401318] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 59.414335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.423007] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.447799] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 59.552158] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.578704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.609101] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.631177] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.638847] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.646848] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.697708] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.841308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.849479] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.855906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.895790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.903703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.911424] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.917862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.926607] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.949297] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.961896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.021774] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.038063] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.129864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.166844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.194979] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.237616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.280545] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.291483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.300869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.312023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.356145] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.367151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.375657] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.382227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.434772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.442168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.450157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.459186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.467289] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.473694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.486383] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 60.521689] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.549432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.567164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.589285] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.646197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.663770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.671530] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.678007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.685225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.693266] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.699615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.707423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.715278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.724009] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.730379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.737586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.744962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.781004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.791827] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.798268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.806215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.832395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.862949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.878525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.898385] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.938867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.947493] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.954003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.961941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.986548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 61.005218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.019010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.029032] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.035456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.055138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 61.124901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 61.152005] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 61.179515] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.188257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.224887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.244737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.274622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.288392] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 61.311162] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 61.351720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.370170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.520721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.541307] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.547750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.558830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.608758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.617651] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.624054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.664347] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 61.675327] device veth0_vlan entered promiscuous mode [ 61.685463] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 61.692069] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 61.701936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 61.740439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.768364] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 61.778439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 61.791440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 61.837883] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 61.857070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.880119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.897433] device veth1_vlan entered promiscuous mode [ 61.928561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.089431] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 62.115566] device veth0_vlan entered promiscuous mode [ 62.129623] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 62.137076] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 62.158662] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 62.183719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.196503] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 62.216511] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.224913] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.232501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.265273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.299682] device veth1_vlan entered promiscuous mode [ 62.373155] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 62.379976] device veth0_vlan entered promiscuous mode [ 62.390253] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 62.397466] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 62.405472] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 62.447760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.448636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.450546] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.451452] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.510215] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 62.510293] device veth0_vlan entered promiscuous mode [ 62.511004] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 62.513245] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 62.517774] device veth1_vlan entered promiscuous mode [ 62.568905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.574509] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.575345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.614667] device veth1_vlan entered promiscuous mode [ 62.696439] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 62.696508] device veth0_vlan entered promiscuous mode [ 62.697080] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 62.699934] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 62.736994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.737998] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.738905] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.801266] ================================================================== [ 62.801277] BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff8800b43494c0 [ 62.801280] Read of size 16 by task syz-executor.0/7739 [ 62.801284] CPU: 1 PID: 7739 Comm: syz-executor.0 Not tainted 4.6.0-syzkaller #0 [ 62.801286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.801293] 1ffffffff0dd577e ffff880127487450 ffffffff82c7f386 0000000000000010 [ 62.801297] ffff8801274874e0 ffff8800b4348d80 ffff88012bc00800 ffff8801274874d0 [ 62.801302] ffffffff81740207 ffff8800add8e400 ffffffff86f0eda0 0000000000000286 [ 62.801303] Call Trace: [ 62.801309] [] dump_stack+0xe6/0x120 [ 62.801313] [] kasan_report_error+0x1e7/0x5c0 [ 62.801317] [] kasan_report+0x34/0x40 [ 62.801321] [] ? memcpy+0x1d/0x40 [ 62.801324] [] __asan_loadN+0x12a/0x180 [ 62.801327] [] memcpy+0x1d/0x40 [ 62.801331] [] soft_cursor+0x72e/0xc20 [ 62.801336] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 62.801340] [] bit_cursor+0x14ac/0x21a0 [ 62.801343] [] ? update_attr.isra.2+0x160/0x160 [ 62.801348] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.801353] [] ? get_color+0x30/0x380 [ 62.801356] [] ? update_attr.isra.2+0x160/0x160 [ 62.801359] [] fbcon_cursor+0x453/0x650 [ 62.801365] [] hide_cursor+0x95/0x2d0 [ 62.801371] [] ? __mutex_unlock_slowpath+0x2b7/0x530 [ 62.801374] [] redraw_screen+0x292/0x7d0 [ 62.801378] [] ? respond_string+0x3a0/0x3a0 [ 62.801381] [] ? mutex_unlock+0x9/0x10 [ 62.801386] [] ? tty_do_resize+0x47/0x150 [ 62.801390] [] vc_do_resize+0xd70/0x1350 [ 62.801394] [] ? vc_init+0x490/0x490 [ 62.801398] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.801402] [] vc_resize+0x3d/0x60 [ 62.801406] [] ? console_lock+0x4a/0x70 [ 62.801409] [] vt_ioctl+0x14fb/0x24e0 [ 62.801413] [] ? complete_change_console+0x300/0x300 [ 62.801417] [] ? plist_del+0xe9/0x1d0 [ 62.801423] [] ? wake_up_q+0x82/0xe0 [ 62.801428] [] ? futex_wake+0x110/0x500 [ 62.801432] [] ? get_futex_key+0xee0/0xee0 [ 62.801437] [] ? depot_save_stack+0x12f/0x480 [ 62.801441] [] tty_ioctl+0x5d4/0x20f0 [ 62.801445] [] ? no_tty+0x90/0x90 [ 62.801448] [] ? __lock_acquire+0xca1/0x5560 [ 62.801452] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.801454] [] ? __lock_acquire+0x1985/0x5560 [ 62.801459] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.801463] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.801466] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.801471] [] do_vfs_ioctl+0x17f/0xe70 [ 62.801474] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.801477] [] ? __fget+0x1c2/0x320 [ 62.801480] [] ? __fget+0x1df/0x320 [ 62.801483] [] ? __fget+0x42/0x320 [ 62.801486] [] ? __fget_light+0x79/0x200 [ 62.801489] [] SyS_ioctl+0x74/0x80 [ 62.801494] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.801497] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.801499] Object allocated with size 1040 bytes. [ 62.801499] Allocation: [ 62.801501] PID = 7735 [ 62.801508] [] save_stack_trace+0x26/0x50 [ 62.801512] [] save_stack+0x46/0xd0 [ 62.801515] [] kasan_kmalloc+0xc9/0xe0 [ 62.801519] [] __kmalloc+0x169/0x6d0 [ 62.801523] [] fbcon_set_font+0x269/0x820 [ 62.801526] [] con_font_op+0xc1d/0xfa0 [ 62.801530] [] vt_ioctl+0x434/0x24e0 [ 62.801533] [] tty_ioctl+0x5d4/0x20f0 [ 62.801536] [] do_vfs_ioctl+0x17f/0xe70 [ 62.801540] [] SyS_ioctl+0x74/0x80 [ 62.801543] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.801544] Memory state around the buggy address: [ 62.801547] ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.801549] ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.801551] >ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.801552] ^ [ 62.801554] ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.801556] ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.801557] ================================================================== [ 62.801558] Disabling lock debugging due to kernel taint [ 62.805551] ================================================================== [ 62.805557] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d0 [ 62.805560] Read of size 1 by task syz-executor.0/7739 [ 62.805565] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.805567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.805573] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.805577] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.805582] ffffffff81740207 0000000000000246 ffff880127487450 0000000000000286 [ 62.805583] Call Trace: [ 62.805587] [] dump_stack+0xe6/0x120 [ 62.805592] [] kasan_report_error+0x1e7/0x5c0 [ 62.805596] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.805599] [] ? bit_putcs+0xc43/0xd20 [ 62.805602] [] bit_putcs+0xc43/0xd20 [ 62.805605] [] ? bit_clear+0x6e0/0x6e0 [ 62.805611] [] ? get_color+0x30/0x380 [ 62.805615] [] fbcon_putcs+0x374/0x5a0 [ 62.805617] [] ? bit_clear+0x6e0/0x6e0 [ 62.805622] [] do_update_region+0x3f7/0x7c0 [ 62.805627] [] ? con_get_trans_old+0x180/0x180 [ 62.805630] [] ? fbcon_set_palette+0x387/0x580 [ 62.805635] [] redraw_screen+0x531/0x7d0 [ 62.805639] [] ? respond_string+0x3a0/0x3a0 [ 62.805645] [] ? mutex_unlock+0x9/0x10 [ 62.805649] [] ? tty_do_resize+0x47/0x150 [ 62.805653] [] vc_do_resize+0xd70/0x1350 [ 62.805658] [] ? vc_init+0x490/0x490 [ 62.805661] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.805665] [] vc_resize+0x3d/0x60 [ 62.805670] [] ? console_lock+0x4a/0x70 [ 62.805673] [] vt_ioctl+0x14fb/0x24e0 [ 62.805677] [] ? complete_change_console+0x300/0x300 [ 62.805680] [] ? plist_del+0xe9/0x1d0 [ 62.805686] [] ? wake_up_q+0x82/0xe0 [ 62.805690] [] ? futex_wake+0x110/0x500 [ 62.805694] [] ? get_futex_key+0xee0/0xee0 [ 62.805699] [] ? depot_save_stack+0x12f/0x480 [ 62.805703] [] tty_ioctl+0x5d4/0x20f0 [ 62.805706] [] ? no_tty+0x90/0x90 [ 62.805709] [] ? __lock_acquire+0xca1/0x5560 [ 62.805713] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.805716] [] ? __lock_acquire+0x1985/0x5560 [ 62.805720] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.805724] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.805727] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.805731] [] do_vfs_ioctl+0x17f/0xe70 [ 62.805734] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.805737] [] ? __fget+0x1c2/0x320 [ 62.805740] [] ? __fget+0x1df/0x320 [ 62.805743] [] ? __fget+0x42/0x320 [ 62.805746] [] ? __fget_light+0x79/0x200 [ 62.805749] [] SyS_ioctl+0x74/0x80 [ 62.805752] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.805754] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.805756] Object allocated with size 1040 bytes. [ 62.805757] Allocation: [ 62.805758] PID = 7735 [ 62.805764] [] save_stack_trace+0x26/0x50 [ 62.805768] [] save_stack+0x46/0xd0 [ 62.805771] [] kasan_kmalloc+0xc9/0xe0 [ 62.805775] [] __kmalloc+0x169/0x6d0 [ 62.805779] [] fbcon_set_font+0x269/0x820 [ 62.805782] [] con_font_op+0xc1d/0xfa0 [ 62.805785] [] vt_ioctl+0x434/0x24e0 [ 62.805788] [] tty_ioctl+0x5d4/0x20f0 [ 62.805792] [] do_vfs_ioctl+0x17f/0xe70 [ 62.805795] [] SyS_ioctl+0x74/0x80 [ 62.805798] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.805799] Memory state around the buggy address: [ 62.805802] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.805804] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.805806] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.805808] ^ [ 62.805810] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.805812] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.805813] ================================================================== [ 62.805815] ================================================================== [ 62.805818] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d1 [ 62.805820] Read of size 1 by task syz-executor.0/7739 [ 62.805823] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.805825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.805830] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.805834] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.805838] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.805839] Call Trace: [ 62.805843] [] dump_stack+0xe6/0x120 [ 62.805846] [] kasan_report_error+0x1e7/0x5c0 [ 62.805850] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.805853] [] ? bit_putcs+0xc43/0xd20 [ 62.805855] [] bit_putcs+0xc43/0xd20 [ 62.805859] [] ? bit_clear+0x6e0/0x6e0 [ 62.805863] [] ? get_color+0x30/0x380 [ 62.805866] [] fbcon_putcs+0x374/0x5a0 [ 62.805876] [] ? bit_clear+0x6e0/0x6e0 [ 62.805881] [] do_update_region+0x3f7/0x7c0 [ 62.805885] [] ? con_get_trans_old+0x180/0x180 [ 62.805889] [] ? fbcon_set_palette+0x387/0x580 [ 62.805893] [] redraw_screen+0x531/0x7d0 [ 62.805897] [] ? respond_string+0x3a0/0x3a0 [ 62.805901] [] ? mutex_unlock+0x9/0x10 [ 62.805904] [] ? tty_do_resize+0x47/0x150 [ 62.805908] [] vc_do_resize+0xd70/0x1350 [ 62.805912] [] ? vc_init+0x490/0x490 [ 62.805915] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.805919] [] vc_resize+0x3d/0x60 [ 62.805923] [] ? console_lock+0x4a/0x70 [ 62.805925] [] vt_ioctl+0x14fb/0x24e0 [ 62.805929] [] ? complete_change_console+0x300/0x300 [ 62.805932] [] ? plist_del+0xe9/0x1d0 [ 62.805936] [] ? wake_up_q+0x82/0xe0 [ 62.805940] [] ? futex_wake+0x110/0x500 [ 62.805944] [] ? get_futex_key+0xee0/0xee0 [ 62.805947] [] ? depot_save_stack+0x12f/0x480 [ 62.805951] [] tty_ioctl+0x5d4/0x20f0 [ 62.805954] [] ? no_tty+0x90/0x90 [ 62.805957] [] ? __lock_acquire+0xca1/0x5560 [ 62.805961] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.805963] [] ? __lock_acquire+0x1985/0x5560 [ 62.805968] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.805972] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.805975] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.805978] [] do_vfs_ioctl+0x17f/0xe70 [ 62.805982] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.805984] [] ? __fget+0x1c2/0x320 [ 62.805987] [] ? __fget+0x1df/0x320 [ 62.805990] [] ? __fget+0x42/0x320 [ 62.805993] [] ? __fget_light+0x79/0x200 [ 62.805995] [] SyS_ioctl+0x74/0x80 [ 62.805999] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806002] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.806003] Object allocated with size 1040 bytes. [ 62.806004] Allocation: [ 62.806005] PID = 7735 [ 62.806008] [] save_stack_trace+0x26/0x50 [ 62.806012] [] save_stack+0x46/0xd0 [ 62.806016] [] kasan_kmalloc+0xc9/0xe0 [ 62.806019] [] __kmalloc+0x169/0x6d0 [ 62.806023] [] fbcon_set_font+0x269/0x820 [ 62.806026] [] con_font_op+0xc1d/0xfa0 [ 62.806029] [] vt_ioctl+0x434/0x24e0 [ 62.806032] [] tty_ioctl+0x5d4/0x20f0 [ 62.806036] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806039] [] SyS_ioctl+0x74/0x80 [ 62.806042] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806043] Memory state around the buggy address: [ 62.806045] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806048] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806050] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806051] ^ [ 62.806053] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806055] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806056] ================================================================== [ 62.806058] ================================================================== [ 62.806061] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d2 [ 62.806063] Read of size 1 by task syz-executor.0/7739 [ 62.806066] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.806067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.806072] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.806076] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.806080] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.806081] Call Trace: [ 62.806084] [] dump_stack+0xe6/0x120 [ 62.806087] [] kasan_report_error+0x1e7/0x5c0 [ 62.806092] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.806094] [] ? bit_putcs+0xc43/0xd20 [ 62.806097] [] bit_putcs+0xc43/0xd20 [ 62.806101] [] ? bit_clear+0x6e0/0x6e0 [ 62.806105] [] ? get_color+0x30/0x380 [ 62.806108] [] fbcon_putcs+0x374/0x5a0 [ 62.806111] [] ? bit_clear+0x6e0/0x6e0 [ 62.806115] [] do_update_region+0x3f7/0x7c0 [ 62.806119] [] ? con_get_trans_old+0x180/0x180 [ 62.806123] [] ? fbcon_set_palette+0x387/0x580 [ 62.806127] [] redraw_screen+0x531/0x7d0 [ 62.806131] [] ? respond_string+0x3a0/0x3a0 [ 62.806135] [] ? mutex_unlock+0x9/0x10 [ 62.806138] [] ? tty_do_resize+0x47/0x150 [ 62.806142] [] vc_do_resize+0xd70/0x1350 [ 62.806146] [] ? vc_init+0x490/0x490 [ 62.806149] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.806153] [] vc_resize+0x3d/0x60 [ 62.806157] [] ? console_lock+0x4a/0x70 [ 62.806159] [] vt_ioctl+0x14fb/0x24e0 [ 62.806163] [] ? complete_change_console+0x300/0x300 [ 62.806166] [] ? plist_del+0xe9/0x1d0 [ 62.806170] [] ? wake_up_q+0x82/0xe0 [ 62.806174] [] ? futex_wake+0x110/0x500 [ 62.806178] [] ? get_futex_key+0xee0/0xee0 [ 62.806181] [] ? depot_save_stack+0x12f/0x480 [ 62.806185] [] tty_ioctl+0x5d4/0x20f0 [ 62.806188] [] ? no_tty+0x90/0x90 [ 62.806191] [] ? __lock_acquire+0xca1/0x5560 [ 62.806194] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806197] [] ? __lock_acquire+0x1985/0x5560 [ 62.806201] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806205] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806209] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806212] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806215] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.806217] [] ? __fget+0x1c2/0x320 [ 62.806219] [] ? __fget+0x1df/0x320 [ 62.806222] [] ? __fget+0x42/0x320 [ 62.806225] [] ? __fget_light+0x79/0x200 [ 62.806228] [] SyS_ioctl+0x74/0x80 [ 62.806231] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806234] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.806235] Object allocated with size 1040 bytes. [ 62.806236] Allocation: [ 62.806237] PID = 7735 [ 62.806248] [] save_stack_trace+0x26/0x50 [ 62.806252] [] save_stack+0x46/0xd0 [ 62.806255] [] kasan_kmalloc+0xc9/0xe0 [ 62.806258] [] __kmalloc+0x169/0x6d0 [ 62.806262] [] fbcon_set_font+0x269/0x820 [ 62.806264] [] con_font_op+0xc1d/0xfa0 [ 62.806268] [] vt_ioctl+0x434/0x24e0 [ 62.806271] [] tty_ioctl+0x5d4/0x20f0 [ 62.806274] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806276] [] SyS_ioctl+0x74/0x80 [ 62.806279] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806280] Memory state around the buggy address: [ 62.806282] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806284] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806286] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806287] ^ [ 62.806289] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806291] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806292] ================================================================== [ 62.806293] ================================================================== [ 62.806296] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d3 [ 62.806297] Read of size 1 by task syz-executor.0/7739 [ 62.806300] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.806301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.806305] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.806309] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.806313] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.806314] Call Trace: [ 62.806316] [] dump_stack+0xe6/0x120 [ 62.806320] [] kasan_report_error+0x1e7/0x5c0 [ 62.806324] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.806327] [] ? bit_putcs+0xc43/0xd20 [ 62.806329] [] bit_putcs+0xc43/0xd20 [ 62.806333] [] ? bit_clear+0x6e0/0x6e0 [ 62.806337] [] ? get_color+0x30/0x380 [ 62.806341] [] fbcon_putcs+0x374/0x5a0 [ 62.806343] [] ? bit_clear+0x6e0/0x6e0 [ 62.806348] [] do_update_region+0x3f7/0x7c0 [ 62.806352] [] ? con_get_trans_old+0x180/0x180 [ 62.806355] [] ? fbcon_set_palette+0x387/0x580 [ 62.806360] [] redraw_screen+0x531/0x7d0 [ 62.806363] [] ? respond_string+0x3a0/0x3a0 [ 62.806367] [] ? mutex_unlock+0x9/0x10 [ 62.806370] [] ? tty_do_resize+0x47/0x150 [ 62.806374] [] vc_do_resize+0xd70/0x1350 [ 62.806378] [] ? vc_init+0x490/0x490 [ 62.806381] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.806384] [] vc_resize+0x3d/0x60 [ 62.806387] [] ? console_lock+0x4a/0x70 [ 62.806390] [] vt_ioctl+0x14fb/0x24e0 [ 62.806393] [] ? complete_change_console+0x300/0x300 [ 62.806395] [] ? plist_del+0xe9/0x1d0 [ 62.806399] [] ? wake_up_q+0x82/0xe0 [ 62.806403] [] ? futex_wake+0x110/0x500 [ 62.806406] [] ? get_futex_key+0xee0/0xee0 [ 62.806410] [] ? depot_save_stack+0x12f/0x480 [ 62.806413] [] tty_ioctl+0x5d4/0x20f0 [ 62.806417] [] ? no_tty+0x90/0x90 [ 62.806420] [] ? __lock_acquire+0xca1/0x5560 [ 62.806423] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806426] [] ? __lock_acquire+0x1985/0x5560 [ 62.806430] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806434] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806437] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806440] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806443] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.806446] [] ? __fget+0x1c2/0x320 [ 62.806448] [] ? __fget+0x1df/0x320 [ 62.806451] [] ? __fget+0x42/0x320 [ 62.806454] [] ? __fget_light+0x79/0x200 [ 62.806457] [] SyS_ioctl+0x74/0x80 [ 62.806460] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806463] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.806464] Object allocated with size 1040 bytes. [ 62.806464] Allocation: [ 62.806465] PID = 7735 [ 62.806469] [] save_stack_trace+0x26/0x50 [ 62.806473] [] save_stack+0x46/0xd0 [ 62.806476] [] kasan_kmalloc+0xc9/0xe0 [ 62.806478] [] __kmalloc+0x169/0x6d0 [ 62.806482] [] fbcon_set_font+0x269/0x820 [ 62.806485] [] con_font_op+0xc1d/0xfa0 [ 62.806488] [] vt_ioctl+0x434/0x24e0 [ 62.806491] [] tty_ioctl+0x5d4/0x20f0 [ 62.806494] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806497] [] SyS_ioctl+0x74/0x80 [ 62.806501] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806502] Memory state around the buggy address: [ 62.806504] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806506] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806508] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806509] ^ [ 62.806511] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806514] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806515] ================================================================== [ 62.806516] ================================================================== [ 62.806519] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d4 [ 62.806521] Read of size 1 by task syz-executor.0/7739 [ 62.806523] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.806525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.806529] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.806532] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.806536] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.806537] Call Trace: [ 62.806540] [] dump_stack+0xe6/0x120 [ 62.806543] [] kasan_report_error+0x1e7/0x5c0 [ 62.806547] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.806550] [] ? bit_putcs+0xc43/0xd20 [ 62.806552] [] bit_putcs+0xc43/0xd20 [ 62.806556] [] ? bit_clear+0x6e0/0x6e0 [ 62.806560] [] ? get_color+0x30/0x380 [ 62.806564] [] fbcon_putcs+0x374/0x5a0 [ 62.806567] [] ? bit_clear+0x6e0/0x6e0 [ 62.806570] [] do_update_region+0x3f7/0x7c0 [ 62.806574] [] ? con_get_trans_old+0x180/0x180 [ 62.806578] [] ? fbcon_set_palette+0x387/0x580 [ 62.806582] [] redraw_screen+0x531/0x7d0 [ 62.806586] [] ? respond_string+0x3a0/0x3a0 [ 62.806590] [] ? mutex_unlock+0x9/0x10 [ 62.806593] [] ? tty_do_resize+0x47/0x150 [ 62.806597] [] vc_do_resize+0xd70/0x1350 [ 62.806601] [] ? vc_init+0x490/0x490 [ 62.806604] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.806607] [] vc_resize+0x3d/0x60 [ 62.806611] [] ? console_lock+0x4a/0x70 [ 62.806614] [] vt_ioctl+0x14fb/0x24e0 [ 62.806617] [] ? complete_change_console+0x300/0x300 [ 62.806621] [] ? plist_del+0xe9/0x1d0 [ 62.806625] [] ? wake_up_q+0x82/0xe0 [ 62.806628] [] ? futex_wake+0x110/0x500 [ 62.806632] [] ? get_futex_key+0xee0/0xee0 [ 62.806636] [] ? depot_save_stack+0x12f/0x480 [ 62.806639] [] tty_ioctl+0x5d4/0x20f0 [ 62.806643] [] ? no_tty+0x90/0x90 [ 62.806645] [] ? __lock_acquire+0xca1/0x5560 [ 62.806649] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806651] [] ? __lock_acquire+0x1985/0x5560 [ 62.806656] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806660] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806663] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806666] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806669] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.806672] [] ? __fget+0x1c2/0x320 [ 62.806675] [] ? __fget+0x1df/0x320 [ 62.806677] [] ? __fget+0x42/0x320 [ 62.806680] [] ? __fget_light+0x79/0x200 [ 62.806683] [] SyS_ioctl+0x74/0x80 [ 62.806687] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806689] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.806690] Object allocated with size 1040 bytes. [ 62.806691] Allocation: [ 62.806692] PID = 7735 [ 62.806696] [] save_stack_trace+0x26/0x50 [ 62.806699] [] save_stack+0x46/0xd0 [ 62.806703] [] kasan_kmalloc+0xc9/0xe0 [ 62.806706] [] __kmalloc+0x169/0x6d0 [ 62.806710] [] fbcon_set_font+0x269/0x820 [ 62.806713] [] con_font_op+0xc1d/0xfa0 [ 62.806716] [] vt_ioctl+0x434/0x24e0 [ 62.806718] [] tty_ioctl+0x5d4/0x20f0 [ 62.806721] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806724] [] SyS_ioctl+0x74/0x80 [ 62.806728] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806729] Memory state around the buggy address: [ 62.806730] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806732] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806734] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806735] ^ [ 62.806737] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806740] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806741] ================================================================== [ 62.806742] ================================================================== [ 62.806745] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d5 [ 62.806747] Read of size 1 by task syz-executor.0/7739 [ 62.806750] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.806751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.806756] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.806760] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.806763] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.806764] Call Trace: [ 62.806767] [] dump_stack+0xe6/0x120 [ 62.806770] [] kasan_report_error+0x1e7/0x5c0 [ 62.806773] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.806776] [] ? bit_putcs+0xc43/0xd20 [ 62.806779] [] bit_putcs+0xc43/0xd20 [ 62.806782] [] ? bit_clear+0x6e0/0x6e0 [ 62.806799] [] ? get_color+0x30/0x380 [ 62.806802] [] fbcon_putcs+0x374/0x5a0 [ 62.806805] [] ? bit_clear+0x6e0/0x6e0 [ 62.806808] [] do_update_region+0x3f7/0x7c0 [ 62.806811] [] ? con_get_trans_old+0x180/0x180 [ 62.806815] [] ? fbcon_set_palette+0x387/0x580 [ 62.806818] [] redraw_screen+0x531/0x7d0 [ 62.806822] [] ? respond_string+0x3a0/0x3a0 [ 62.806825] [] ? mutex_unlock+0x9/0x10 [ 62.806828] [] ? tty_do_resize+0x47/0x150 [ 62.806832] [] vc_do_resize+0xd70/0x1350 [ 62.806836] [] ? vc_init+0x490/0x490 [ 62.806839] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.806843] [] vc_resize+0x3d/0x60 [ 62.806846] [] ? console_lock+0x4a/0x70 [ 62.806849] [] vt_ioctl+0x14fb/0x24e0 [ 62.806853] [] ? complete_change_console+0x300/0x300 [ 62.806856] [] ? plist_del+0xe9/0x1d0 [ 62.806860] [] ? wake_up_q+0x82/0xe0 [ 62.806863] [] ? futex_wake+0x110/0x500 [ 62.806867] [] ? get_futex_key+0xee0/0xee0 [ 62.806876] [] ? depot_save_stack+0x12f/0x480 [ 62.806879] [] tty_ioctl+0x5d4/0x20f0 [ 62.806883] [] ? no_tty+0x90/0x90 [ 62.806886] [] ? __lock_acquire+0xca1/0x5560 [ 62.806889] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806892] [] ? __lock_acquire+0x1985/0x5560 [ 62.806896] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806900] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.806903] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.806906] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806909] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.806912] [] ? __fget+0x1c2/0x320 [ 62.806915] [] ? __fget+0x1df/0x320 [ 62.806917] [] ? __fget+0x42/0x320 [ 62.806920] [] ? __fget_light+0x79/0x200 [ 62.806923] [] SyS_ioctl+0x74/0x80 [ 62.806926] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806929] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.806930] Object allocated with size 1040 bytes. [ 62.806931] Allocation: [ 62.806931] PID = 7735 [ 62.806934] [] save_stack_trace+0x26/0x50 [ 62.806938] [] save_stack+0x46/0xd0 [ 62.806941] [] kasan_kmalloc+0xc9/0xe0 [ 62.806944] [] __kmalloc+0x169/0x6d0 [ 62.806948] [] fbcon_set_font+0x269/0x820 [ 62.806951] [] con_font_op+0xc1d/0xfa0 [ 62.806954] [] vt_ioctl+0x434/0x24e0 [ 62.806957] [] tty_ioctl+0x5d4/0x20f0 [ 62.806960] [] do_vfs_ioctl+0x17f/0xe70 [ 62.806963] [] SyS_ioctl+0x74/0x80 [ 62.806967] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.806967] Memory state around the buggy address: [ 62.806970] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806972] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.806974] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806975] ^ [ 62.806977] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806979] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.806979] ================================================================== [ 62.806981] ================================================================== [ 62.806983] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d6 [ 62.806984] Read of size 1 by task syz-executor.0/7739 [ 62.806986] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.806988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.806992] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.806996] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.807000] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.807001] Call Trace: [ 62.807004] [] dump_stack+0xe6/0x120 [ 62.807007] [] kasan_report_error+0x1e7/0x5c0 [ 62.807011] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.807014] [] ? bit_putcs+0xc43/0xd20 [ 62.807017] [] bit_putcs+0xc43/0xd20 [ 62.807020] [] ? bit_clear+0x6e0/0x6e0 [ 62.807024] [] ? get_color+0x30/0x380 [ 62.807027] [] fbcon_putcs+0x374/0x5a0 [ 62.807030] [] ? bit_clear+0x6e0/0x6e0 [ 62.807034] [] do_update_region+0x3f7/0x7c0 [ 62.807038] [] ? con_get_trans_old+0x180/0x180 [ 62.807041] [] ? fbcon_set_palette+0x387/0x580 [ 62.807045] [] redraw_screen+0x531/0x7d0 [ 62.807049] [] ? respond_string+0x3a0/0x3a0 [ 62.807052] [] ? mutex_unlock+0x9/0x10 [ 62.807055] [] ? tty_do_resize+0x47/0x150 [ 62.807059] [] vc_do_resize+0xd70/0x1350 [ 62.807063] [] ? vc_init+0x490/0x490 [ 62.807066] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.807070] [] vc_resize+0x3d/0x60 [ 62.807073] [] ? console_lock+0x4a/0x70 [ 62.807076] [] vt_ioctl+0x14fb/0x24e0 [ 62.807079] [] ? complete_change_console+0x300/0x300 [ 62.807082] [] ? plist_del+0xe9/0x1d0 [ 62.807086] [] ? wake_up_q+0x82/0xe0 [ 62.807090] [] ? futex_wake+0x110/0x500 [ 62.807093] [] ? get_futex_key+0xee0/0xee0 [ 62.807096] [] ? depot_save_stack+0x12f/0x480 [ 62.807099] [] tty_ioctl+0x5d4/0x20f0 [ 62.807103] [] ? no_tty+0x90/0x90 [ 62.807106] [] ? __lock_acquire+0xca1/0x5560 [ 62.807109] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807111] [] ? __lock_acquire+0x1985/0x5560 [ 62.807116] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807119] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807122] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807125] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807129] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.807131] [] ? __fget+0x1c2/0x320 [ 62.807134] [] ? __fget+0x1df/0x320 [ 62.807137] [] ? __fget+0x42/0x320 [ 62.807140] [] ? __fget_light+0x79/0x200 [ 62.807143] [] SyS_ioctl+0x74/0x80 [ 62.807146] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807148] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.807149] Object allocated with size 1040 bytes. [ 62.807150] Allocation: [ 62.807151] PID = 7735 [ 62.807155] [] save_stack_trace+0x26/0x50 [ 62.807158] [] save_stack+0x46/0xd0 [ 62.807161] [] kasan_kmalloc+0xc9/0xe0 [ 62.807165] [] __kmalloc+0x169/0x6d0 [ 62.807168] [] fbcon_set_font+0x269/0x820 [ 62.807171] [] con_font_op+0xc1d/0xfa0 [ 62.807174] [] vt_ioctl+0x434/0x24e0 [ 62.807177] [] tty_ioctl+0x5d4/0x20f0 [ 62.807180] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807183] [] SyS_ioctl+0x74/0x80 [ 62.807186] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807187] Memory state around the buggy address: [ 62.807189] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807191] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807194] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807195] ^ [ 62.807197] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807199] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807200] ================================================================== [ 62.807201] ================================================================== [ 62.807203] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d7 [ 62.807205] Read of size 1 by task syz-executor.0/7739 [ 62.807208] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.807209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.807213] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.807218] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.807221] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.807222] Call Trace: [ 62.807225] [] dump_stack+0xe6/0x120 [ 62.807228] [] kasan_report_error+0x1e7/0x5c0 [ 62.807232] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.807235] [] ? bit_putcs+0xc43/0xd20 [ 62.807238] [] bit_putcs+0xc43/0xd20 [ 62.807241] [] ? bit_clear+0x6e0/0x6e0 [ 62.807245] [] ? get_color+0x30/0x380 [ 62.807249] [] fbcon_putcs+0x374/0x5a0 [ 62.807251] [] ? bit_clear+0x6e0/0x6e0 [ 62.807255] [] do_update_region+0x3f7/0x7c0 [ 62.807259] [] ? con_get_trans_old+0x180/0x180 [ 62.807262] [] ? fbcon_set_palette+0x387/0x580 [ 62.807266] [] redraw_screen+0x531/0x7d0 [ 62.807270] [] ? respond_string+0x3a0/0x3a0 [ 62.807273] [] ? mutex_unlock+0x9/0x10 [ 62.807277] [] ? tty_do_resize+0x47/0x150 [ 62.807280] [] vc_do_resize+0xd70/0x1350 [ 62.807284] [] ? vc_init+0x490/0x490 [ 62.807304] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.807308] [] vc_resize+0x3d/0x60 [ 62.807311] [] ? console_lock+0x4a/0x70 [ 62.807314] [] vt_ioctl+0x14fb/0x24e0 [ 62.807318] [] ? complete_change_console+0x300/0x300 [ 62.807321] [] ? plist_del+0xe9/0x1d0 [ 62.807325] [] ? wake_up_q+0x82/0xe0 [ 62.807328] [] ? futex_wake+0x110/0x500 [ 62.807332] [] ? get_futex_key+0xee0/0xee0 [ 62.807336] [] ? depot_save_stack+0x12f/0x480 [ 62.807339] [] tty_ioctl+0x5d4/0x20f0 [ 62.807343] [] ? no_tty+0x90/0x90 [ 62.807346] [] ? __lock_acquire+0xca1/0x5560 [ 62.807349] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807352] [] ? __lock_acquire+0x1985/0x5560 [ 62.807356] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807360] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807363] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807366] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807369] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.807371] [] ? __fget+0x1c2/0x320 [ 62.807374] [] ? __fget+0x1df/0x320 [ 62.807376] [] ? __fget+0x42/0x320 [ 62.807379] [] ? __fget_light+0x79/0x200 [ 62.807382] [] SyS_ioctl+0x74/0x80 [ 62.807386] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807388] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.807389] Object allocated with size 1040 bytes. [ 62.807390] Allocation: [ 62.807391] PID = 7735 [ 62.807395] [] save_stack_trace+0x26/0x50 [ 62.807398] [] save_stack+0x46/0xd0 [ 62.807402] [] kasan_kmalloc+0xc9/0xe0 [ 62.807404] [] __kmalloc+0x169/0x6d0 [ 62.807408] [] fbcon_set_font+0x269/0x820 [ 62.807411] [] con_font_op+0xc1d/0xfa0 [ 62.807414] [] vt_ioctl+0x434/0x24e0 [ 62.807417] [] tty_ioctl+0x5d4/0x20f0 [ 62.807420] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807423] [] SyS_ioctl+0x74/0x80 [ 62.807426] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807427] Memory state around the buggy address: [ 62.807429] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807431] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807434] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807435] ^ [ 62.807437] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807439] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807440] ================================================================== [ 62.807441] ================================================================== [ 62.807443] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d8 [ 62.807445] Read of size 1 by task syz-executor.0/7739 [ 62.807447] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.807449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.807453] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.807457] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.807462] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.807462] Call Trace: [ 62.807465] [] dump_stack+0xe6/0x120 [ 62.807469] [] kasan_report_error+0x1e7/0x5c0 [ 62.807473] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.807476] [] ? bit_putcs+0xc43/0xd20 [ 62.807478] [] bit_putcs+0xc43/0xd20 [ 62.807482] [] ? bit_clear+0x6e0/0x6e0 [ 62.807486] [] ? get_color+0x30/0x380 [ 62.807490] [] fbcon_putcs+0x374/0x5a0 [ 62.807493] [] ? bit_clear+0x6e0/0x6e0 [ 62.807497] [] do_update_region+0x3f7/0x7c0 [ 62.807500] [] ? con_get_trans_old+0x180/0x180 [ 62.807504] [] ? fbcon_set_palette+0x387/0x580 [ 62.807508] [] redraw_screen+0x531/0x7d0 [ 62.807512] [] ? respond_string+0x3a0/0x3a0 [ 62.807516] [] ? mutex_unlock+0x9/0x10 [ 62.807519] [] ? tty_do_resize+0x47/0x150 [ 62.807522] [] vc_do_resize+0xd70/0x1350 [ 62.807526] [] ? vc_init+0x490/0x490 [ 62.807528] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.807532] [] vc_resize+0x3d/0x60 [ 62.807535] [] ? console_lock+0x4a/0x70 [ 62.807538] [] vt_ioctl+0x14fb/0x24e0 [ 62.807542] [] ? complete_change_console+0x300/0x300 [ 62.807545] [] ? plist_del+0xe9/0x1d0 [ 62.807549] [] ? wake_up_q+0x82/0xe0 [ 62.807552] [] ? futex_wake+0x110/0x500 [ 62.807556] [] ? get_futex_key+0xee0/0xee0 [ 62.807559] [] ? depot_save_stack+0x12f/0x480 [ 62.807562] [] tty_ioctl+0x5d4/0x20f0 [ 62.807566] [] ? no_tty+0x90/0x90 [ 62.807568] [] ? __lock_acquire+0xca1/0x5560 [ 62.807571] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807573] [] ? __lock_acquire+0x1985/0x5560 [ 62.807578] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807581] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807585] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807588] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807591] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.807594] [] ? __fget+0x1c2/0x320 [ 62.807597] [] ? __fget+0x1df/0x320 [ 62.807600] [] ? __fget+0x42/0x320 [ 62.807603] [] ? __fget_light+0x79/0x200 [ 62.807606] [] SyS_ioctl+0x74/0x80 [ 62.807609] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807611] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.807612] Object allocated with size 1040 bytes. [ 62.807613] Allocation: [ 62.807614] PID = 7735 [ 62.807618] [] save_stack_trace+0x26/0x50 [ 62.807621] [] save_stack+0x46/0xd0 [ 62.807625] [] kasan_kmalloc+0xc9/0xe0 [ 62.807628] [] __kmalloc+0x169/0x6d0 [ 62.807632] [] fbcon_set_font+0x269/0x820 [ 62.807635] [] con_font_op+0xc1d/0xfa0 [ 62.807638] [] vt_ioctl+0x434/0x24e0 [ 62.807640] [] tty_ioctl+0x5d4/0x20f0 [ 62.807644] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807647] [] SyS_ioctl+0x74/0x80 [ 62.807650] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807651] Memory state around the buggy address: [ 62.807653] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807655] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807658] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807659] ^ [ 62.807661] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807663] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807664] ================================================================== [ 62.807665] ================================================================== [ 62.807668] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491d9 [ 62.807669] Read of size 1 by task syz-executor.0/7739 [ 62.807672] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.807674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.807678] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.807682] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.807686] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.807687] Call Trace: [ 62.807690] [] dump_stack+0xe6/0x120 [ 62.807694] [] kasan_report_error+0x1e7/0x5c0 [ 62.807698] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.807700] [] ? bit_putcs+0xc43/0xd20 [ 62.807703] [] bit_putcs+0xc43/0xd20 [ 62.807707] [] ? bit_clear+0x6e0/0x6e0 [ 62.807711] [] ? get_color+0x30/0x380 [ 62.807715] [] fbcon_putcs+0x374/0x5a0 [ 62.807718] [] ? bit_clear+0x6e0/0x6e0 [ 62.807721] [] do_update_region+0x3f7/0x7c0 [ 62.807725] [] ? con_get_trans_old+0x180/0x180 [ 62.807729] [] ? fbcon_set_palette+0x387/0x580 [ 62.807733] [] redraw_screen+0x531/0x7d0 [ 62.807736] [] ? respond_string+0x3a0/0x3a0 [ 62.807740] [] ? mutex_unlock+0x9/0x10 [ 62.807743] [] ? tty_do_resize+0x47/0x150 [ 62.807747] [] vc_do_resize+0xd70/0x1350 [ 62.807752] [] ? vc_init+0x490/0x490 [ 62.807755] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.807758] [] vc_resize+0x3d/0x60 [ 62.807762] [] ? console_lock+0x4a/0x70 [ 62.807765] [] vt_ioctl+0x14fb/0x24e0 [ 62.807768] [] ? complete_change_console+0x300/0x300 [ 62.807771] [] ? plist_del+0xe9/0x1d0 [ 62.807775] [] ? wake_up_q+0x82/0xe0 [ 62.807778] [] ? futex_wake+0x110/0x500 [ 62.807782] [] ? get_futex_key+0xee0/0xee0 [ 62.807786] [] ? depot_save_stack+0x12f/0x480 [ 62.807789] [] tty_ioctl+0x5d4/0x20f0 [ 62.807792] [] ? no_tty+0x90/0x90 [ 62.807795] [] ? __lock_acquire+0xca1/0x5560 [ 62.807798] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807801] [] ? __lock_acquire+0x1985/0x5560 [ 62.807805] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807809] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.807813] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.807816] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807819] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.807822] [] ? __fget+0x1c2/0x320 [ 62.807825] [] ? __fget+0x1df/0x320 [ 62.807827] [] ? __fget+0x42/0x320 [ 62.807830] [] ? __fget_light+0x79/0x200 [ 62.807833] [] SyS_ioctl+0x74/0x80 [ 62.807837] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807839] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.807840] Object allocated with size 1040 bytes. [ 62.807841] Allocation: [ 62.807842] PID = 7735 [ 62.807846] [] save_stack_trace+0x26/0x50 [ 62.807849] [] save_stack+0x46/0xd0 [ 62.807853] [] kasan_kmalloc+0xc9/0xe0 [ 62.807856] [] __kmalloc+0x169/0x6d0 [ 62.807860] [] fbcon_set_font+0x269/0x820 [ 62.807863] [] con_font_op+0xc1d/0xfa0 [ 62.807866] [] vt_ioctl+0x434/0x24e0 [ 62.807876] [] tty_ioctl+0x5d4/0x20f0 [ 62.807879] [] do_vfs_ioctl+0x17f/0xe70 [ 62.807882] [] SyS_ioctl+0x74/0x80 [ 62.807886] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.807887] Memory state around the buggy address: [ 62.807888] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807890] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.807892] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807893] ^ [ 62.807895] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807897] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.807898] ================================================================== [ 62.807900] ================================================================== [ 62.807903] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491da [ 62.807904] Read of size 1 by task syz-executor.0/7739 [ 62.807907] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.807908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.807913] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.807917] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.807921] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.807922] Call Trace: [ 62.807925] [] dump_stack+0xe6/0x120 [ 62.807929] [] kasan_report_error+0x1e7/0x5c0 [ 62.807933] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.807936] [] ? bit_putcs+0xc43/0xd20 [ 62.807938] [] bit_putcs+0xc43/0xd20 [ 62.807942] [] ? bit_clear+0x6e0/0x6e0 [ 62.807946] [] ? get_color+0x30/0x380 [ 62.807950] [] fbcon_putcs+0x374/0x5a0 [ 62.807953] [] ? bit_clear+0x6e0/0x6e0 [ 62.807957] [] do_update_region+0x3f7/0x7c0 [ 62.807960] [] ? con_get_trans_old+0x180/0x180 [ 62.807964] [] ? fbcon_set_palette+0x387/0x580 [ 62.807968] [] redraw_screen+0x531/0x7d0 [ 62.807972] [] ? respond_string+0x3a0/0x3a0 [ 62.807976] [] ? mutex_unlock+0x9/0x10 [ 62.807979] [] ? tty_do_resize+0x47/0x150 [ 62.807983] [] vc_do_resize+0xd70/0x1350 [ 62.807987] [] ? vc_init+0x490/0x490 [ 62.807990] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.807994] [] vc_resize+0x3d/0x60 [ 62.807998] [] ? console_lock+0x4a/0x70 [ 62.808001] [] vt_ioctl+0x14fb/0x24e0 [ 62.808004] [] ? complete_change_console+0x300/0x300 [ 62.808008] [] ? plist_del+0xe9/0x1d0 [ 62.808012] [] ? wake_up_q+0x82/0xe0 [ 62.808015] [] ? futex_wake+0x110/0x500 [ 62.808019] [] ? get_futex_key+0xee0/0xee0 [ 62.808022] [] ? depot_save_stack+0x12f/0x480 [ 62.808025] [] tty_ioctl+0x5d4/0x20f0 [ 62.808029] [] ? no_tty+0x90/0x90 [ 62.808032] [] ? __lock_acquire+0xca1/0x5560 [ 62.808034] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808037] [] ? __lock_acquire+0x1985/0x5560 [ 62.808041] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808045] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808048] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808051] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808054] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.808057] [] ? __fget+0x1c2/0x320 [ 62.808060] [] ? __fget+0x1df/0x320 [ 62.808063] [] ? __fget+0x42/0x320 [ 62.808066] [] ? __fget_light+0x79/0x200 [ 62.808069] [] SyS_ioctl+0x74/0x80 [ 62.808072] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808075] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.808076] Object allocated with size 1040 bytes. [ 62.808077] Allocation: [ 62.808078] PID = 7735 [ 62.808081] [] save_stack_trace+0x26/0x50 [ 62.808085] [] save_stack+0x46/0xd0 [ 62.808088] [] kasan_kmalloc+0xc9/0xe0 [ 62.808092] [] __kmalloc+0x169/0x6d0 [ 62.808096] [] fbcon_set_font+0x269/0x820 [ 62.808099] [] con_font_op+0xc1d/0xfa0 [ 62.808102] [] vt_ioctl+0x434/0x24e0 [ 62.808105] [] tty_ioctl+0x5d4/0x20f0 [ 62.808108] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808112] [] SyS_ioctl+0x74/0x80 [ 62.808115] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808116] Memory state around the buggy address: [ 62.808118] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808120] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808121] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808122] ^ [ 62.808125] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808127] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808128] ================================================================== [ 62.808129] ================================================================== [ 62.808132] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491db [ 62.808134] Read of size 1 by task syz-executor.0/7739 [ 62.808137] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.808138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.808143] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.808147] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.808151] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.808152] Call Trace: [ 62.808155] [] dump_stack+0xe6/0x120 [ 62.808159] [] kasan_report_error+0x1e7/0x5c0 [ 62.808162] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.808165] [] ? bit_putcs+0xc43/0xd20 [ 62.808168] [] bit_putcs+0xc43/0xd20 [ 62.808172] [] ? bit_clear+0x6e0/0x6e0 [ 62.808176] [] ? get_color+0x30/0x380 [ 62.808180] [] fbcon_putcs+0x374/0x5a0 [ 62.808183] [] ? bit_clear+0x6e0/0x6e0 [ 62.808186] [] do_update_region+0x3f7/0x7c0 [ 62.808190] [] ? con_get_trans_old+0x180/0x180 [ 62.808194] [] ? fbcon_set_palette+0x387/0x580 [ 62.808198] [] redraw_screen+0x531/0x7d0 [ 62.808202] [] ? respond_string+0x3a0/0x3a0 [ 62.808205] [] ? mutex_unlock+0x9/0x10 [ 62.808208] [] ? tty_do_resize+0x47/0x150 [ 62.808212] [] vc_do_resize+0xd70/0x1350 [ 62.808216] [] ? vc_init+0x490/0x490 [ 62.808219] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.808222] [] vc_resize+0x3d/0x60 [ 62.808226] [] ? console_lock+0x4a/0x70 [ 62.808229] [] vt_ioctl+0x14fb/0x24e0 [ 62.808232] [] ? complete_change_console+0x300/0x300 [ 62.808235] [] ? plist_del+0xe9/0x1d0 [ 62.808239] [] ? wake_up_q+0x82/0xe0 [ 62.808243] [] ? futex_wake+0x110/0x500 [ 62.808246] [] ? get_futex_key+0xee0/0xee0 [ 62.808250] [] ? depot_save_stack+0x12f/0x480 [ 62.808253] [] tty_ioctl+0x5d4/0x20f0 [ 62.808257] [] ? no_tty+0x90/0x90 [ 62.808260] [] ? __lock_acquire+0xca1/0x5560 [ 62.808263] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808266] [] ? __lock_acquire+0x1985/0x5560 [ 62.808271] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808274] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808278] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808281] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808284] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.808287] [] ? __fget+0x1c2/0x320 [ 62.808290] [] ? __fget+0x1df/0x320 [ 62.808292] [] ? __fget+0x42/0x320 [ 62.808295] [] ? __fget_light+0x79/0x200 [ 62.808298] [] SyS_ioctl+0x74/0x80 [ 62.808301] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808304] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.808305] Object allocated with size 1040 bytes. [ 62.808306] Allocation: [ 62.808307] PID = 7735 [ 62.808310] [] save_stack_trace+0x26/0x50 [ 62.808314] [] save_stack+0x46/0xd0 [ 62.808317] [] kasan_kmalloc+0xc9/0xe0 [ 62.808321] [] __kmalloc+0x169/0x6d0 [ 62.808324] [] fbcon_set_font+0x269/0x820 [ 62.808328] [] con_font_op+0xc1d/0xfa0 [ 62.808331] [] vt_ioctl+0x434/0x24e0 [ 62.808334] [] tty_ioctl+0x5d4/0x20f0 [ 62.808337] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808340] [] SyS_ioctl+0x74/0x80 [ 62.808344] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808345] Memory state around the buggy address: [ 62.808347] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808348] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808350] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808351] ^ [ 62.808353] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808356] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808357] ================================================================== [ 62.808358] ================================================================== [ 62.808361] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491dc [ 62.808362] Read of size 1 by task syz-executor.0/7739 [ 62.808365] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.808366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.808370] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.808374] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.808378] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.808379] Call Trace: [ 62.808382] [] dump_stack+0xe6/0x120 [ 62.808385] [] kasan_report_error+0x1e7/0x5c0 [ 62.808389] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.808392] [] ? bit_putcs+0xc43/0xd20 [ 62.808395] [] bit_putcs+0xc43/0xd20 [ 62.808399] [] ? bit_clear+0x6e0/0x6e0 [ 62.808403] [] ? get_color+0x30/0x380 [ 62.808406] [] fbcon_putcs+0x374/0x5a0 [ 62.808409] [] ? bit_clear+0x6e0/0x6e0 [ 62.808413] [] do_update_region+0x3f7/0x7c0 [ 62.808417] [] ? con_get_trans_old+0x180/0x180 [ 62.808421] [] ? fbcon_set_palette+0x387/0x580 [ 62.808425] [] redraw_screen+0x531/0x7d0 [ 62.808429] [] ? respond_string+0x3a0/0x3a0 [ 62.808433] [] ? mutex_unlock+0x9/0x10 [ 62.808436] [] ? tty_do_resize+0x47/0x150 [ 62.808440] [] vc_do_resize+0xd70/0x1350 [ 62.808445] [] ? vc_init+0x490/0x490 [ 62.808447] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.808451] [] vc_resize+0x3d/0x60 [ 62.808455] [] ? console_lock+0x4a/0x70 [ 62.808458] [] vt_ioctl+0x14fb/0x24e0 [ 62.808461] [] ? complete_change_console+0x300/0x300 [ 62.808465] [] ? plist_del+0xe9/0x1d0 [ 62.808469] [] ? wake_up_q+0x82/0xe0 [ 62.808473] [] ? futex_wake+0x110/0x500 [ 62.808476] [] ? get_futex_key+0xee0/0xee0 [ 62.808480] [] ? depot_save_stack+0x12f/0x480 [ 62.808483] [] tty_ioctl+0x5d4/0x20f0 [ 62.808487] [] ? no_tty+0x90/0x90 [ 62.808490] [] ? __lock_acquire+0xca1/0x5560 [ 62.808493] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808496] [] ? __lock_acquire+0x1985/0x5560 [ 62.808501] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808505] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808508] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808511] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808515] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.808517] [] ? __fget+0x1c2/0x320 [ 62.808520] [] ? __fget+0x1df/0x320 [ 62.808523] [] ? __fget+0x42/0x320 [ 62.808526] [] ? __fget_light+0x79/0x200 [ 62.808529] [] SyS_ioctl+0x74/0x80 [ 62.808532] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808535] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.808536] Object allocated with size 1040 bytes. [ 62.808537] Allocation: [ 62.808538] PID = 7735 [ 62.808542] [] save_stack_trace+0x26/0x50 [ 62.808545] [] save_stack+0x46/0xd0 [ 62.808548] [] kasan_kmalloc+0xc9/0xe0 [ 62.808551] [] __kmalloc+0x169/0x6d0 [ 62.808555] [] fbcon_set_font+0x269/0x820 [ 62.808558] [] con_font_op+0xc1d/0xfa0 [ 62.808561] [] vt_ioctl+0x434/0x24e0 [ 62.808564] [] tty_ioctl+0x5d4/0x20f0 [ 62.808567] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808570] [] SyS_ioctl+0x74/0x80 [ 62.808574] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808575] Memory state around the buggy address: [ 62.808577] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808579] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808581] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808583] ^ [ 62.808585] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808587] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808588] ================================================================== [ 62.808589] ================================================================== [ 62.808592] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491dd [ 62.808594] Read of size 1 by task syz-executor.0/7739 [ 62.808597] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.808598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.808603] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.808606] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.808610] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.808610] Call Trace: [ 62.808613] [] dump_stack+0xe6/0x120 [ 62.808617] [] kasan_report_error+0x1e7/0x5c0 [ 62.808621] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.808624] [] ? bit_putcs+0xc43/0xd20 [ 62.808626] [] bit_putcs+0xc43/0xd20 [ 62.808630] [] ? bit_clear+0x6e0/0x6e0 [ 62.808634] [] ? get_color+0x30/0x380 [ 62.808638] [] fbcon_putcs+0x374/0x5a0 [ 62.808640] [] ? bit_clear+0x6e0/0x6e0 [ 62.808644] [] do_update_region+0x3f7/0x7c0 [ 62.808648] [] ? con_get_trans_old+0x180/0x180 [ 62.808652] [] ? fbcon_set_palette+0x387/0x580 [ 62.808656] [] redraw_screen+0x531/0x7d0 [ 62.808660] [] ? respond_string+0x3a0/0x3a0 [ 62.808664] [] ? mutex_unlock+0x9/0x10 [ 62.808667] [] ? tty_do_resize+0x47/0x150 [ 62.808671] [] vc_do_resize+0xd70/0x1350 [ 62.808675] [] ? vc_init+0x490/0x490 [ 62.808678] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.808682] [] vc_resize+0x3d/0x60 [ 62.808686] [] ? console_lock+0x4a/0x70 [ 62.808689] [] vt_ioctl+0x14fb/0x24e0 [ 62.808692] [] ? complete_change_console+0x300/0x300 [ 62.808696] [] ? plist_del+0xe9/0x1d0 [ 62.808700] [] ? wake_up_q+0x82/0xe0 [ 62.808703] [] ? futex_wake+0x110/0x500 [ 62.808707] [] ? get_futex_key+0xee0/0xee0 [ 62.808710] [] ? depot_save_stack+0x12f/0x480 [ 62.808713] [] tty_ioctl+0x5d4/0x20f0 [ 62.808717] [] ? no_tty+0x90/0x90 [ 62.808720] [] ? __lock_acquire+0xca1/0x5560 [ 62.808723] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808726] [] ? __lock_acquire+0x1985/0x5560 [ 62.808730] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808734] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808737] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808740] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808743] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.808745] [] ? __fget+0x1c2/0x320 [ 62.808748] [] ? __fget+0x1df/0x320 [ 62.808750] [] ? __fget+0x42/0x320 [ 62.808753] [] ? __fget_light+0x79/0x200 [ 62.808755] [] SyS_ioctl+0x74/0x80 [ 62.808758] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808760] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.808762] Object allocated with size 1040 bytes. [ 62.808762] Allocation: [ 62.808763] PID = 7735 [ 62.808766] [] save_stack_trace+0x26/0x50 [ 62.808770] [] save_stack+0x46/0xd0 [ 62.808773] [] kasan_kmalloc+0xc9/0xe0 [ 62.808776] [] __kmalloc+0x169/0x6d0 [ 62.808780] [] fbcon_set_font+0x269/0x820 [ 62.808783] [] con_font_op+0xc1d/0xfa0 [ 62.808786] [] vt_ioctl+0x434/0x24e0 [ 62.808789] [] tty_ioctl+0x5d4/0x20f0 [ 62.808792] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808795] [] SyS_ioctl+0x74/0x80 [ 62.808798] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808799] Memory state around the buggy address: [ 62.808801] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808803] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.808805] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808806] ^ [ 62.808809] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808811] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.808812] ================================================================== [ 62.808813] ================================================================== [ 62.808816] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491de [ 62.808818] Read of size 1 by task syz-executor.0/7739 [ 62.808821] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.808822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.808827] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.808831] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.808835] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.808836] Call Trace: [ 62.808839] [] dump_stack+0xe6/0x120 [ 62.808842] [] kasan_report_error+0x1e7/0x5c0 [ 62.808846] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.808849] [] ? bit_putcs+0xc43/0xd20 [ 62.808852] [] bit_putcs+0xc43/0xd20 [ 62.808856] [] ? bit_clear+0x6e0/0x6e0 [ 62.808859] [] ? get_color+0x30/0x380 [ 62.808863] [] fbcon_putcs+0x374/0x5a0 [ 62.808865] [] ? bit_clear+0x6e0/0x6e0 [ 62.808869] [] do_update_region+0x3f7/0x7c0 [ 62.808879] [] ? con_get_trans_old+0x180/0x180 [ 62.808883] [] ? fbcon_set_palette+0x387/0x580 [ 62.808887] [] redraw_screen+0x531/0x7d0 [ 62.808891] [] ? respond_string+0x3a0/0x3a0 [ 62.808894] [] ? mutex_unlock+0x9/0x10 [ 62.808898] [] ? tty_do_resize+0x47/0x150 [ 62.808902] [] vc_do_resize+0xd70/0x1350 [ 62.808906] [] ? vc_init+0x490/0x490 [ 62.808909] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.808912] [] vc_resize+0x3d/0x60 [ 62.808916] [] ? console_lock+0x4a/0x70 [ 62.808919] [] vt_ioctl+0x14fb/0x24e0 [ 62.808922] [] ? complete_change_console+0x300/0x300 [ 62.808926] [] ? plist_del+0xe9/0x1d0 [ 62.808930] [] ? wake_up_q+0x82/0xe0 [ 62.808933] [] ? futex_wake+0x110/0x500 [ 62.808937] [] ? get_futex_key+0xee0/0xee0 [ 62.808940] [] ? depot_save_stack+0x12f/0x480 [ 62.808943] [] tty_ioctl+0x5d4/0x20f0 [ 62.808946] [] ? no_tty+0x90/0x90 [ 62.808949] [] ? __lock_acquire+0xca1/0x5560 [ 62.808952] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808955] [] ? __lock_acquire+0x1985/0x5560 [ 62.808959] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808963] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.808966] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.808969] [] do_vfs_ioctl+0x17f/0xe70 [ 62.808972] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.808974] [] ? __fget+0x1c2/0x320 [ 62.808977] [] ? __fget+0x1df/0x320 [ 62.808979] [] ? __fget+0x42/0x320 [ 62.808982] [] ? __fget_light+0x79/0x200 [ 62.808985] [] SyS_ioctl+0x74/0x80 [ 62.808988] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.808990] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.808992] Object allocated with size 1040 bytes. [ 62.808992] Allocation: [ 62.808993] PID = 7735 [ 62.808997] [] save_stack_trace+0x26/0x50 [ 62.809000] [] save_stack+0x46/0xd0 [ 62.809004] [] kasan_kmalloc+0xc9/0xe0 [ 62.809007] [] __kmalloc+0x169/0x6d0 [ 62.809010] [] fbcon_set_font+0x269/0x820 [ 62.809013] [] con_font_op+0xc1d/0xfa0 [ 62.809016] [] vt_ioctl+0x434/0x24e0 [ 62.809019] [] tty_ioctl+0x5d4/0x20f0 [ 62.809022] [] do_vfs_ioctl+0x17f/0xe70 [ 62.809025] [] SyS_ioctl+0x74/0x80 [ 62.809028] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.809029] Memory state around the buggy address: [ 62.809031] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.809033] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.809035] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809037] ^ [ 62.809039] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809041] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809041] ================================================================== [ 62.809043] ================================================================== [ 62.809045] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43491df [ 62.809047] Read of size 1 by task syz-executor.0/7739 [ 62.809049] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.809051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.809055] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2 [ 62.809059] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.809063] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.809064] Call Trace: [ 62.809067] [] dump_stack+0xe6/0x120 [ 62.809071] [] kasan_report_error+0x1e7/0x5c0 [ 62.809075] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.809078] [] ? bit_putcs+0xc43/0xd20 [ 62.809080] [] bit_putcs+0xc43/0xd20 [ 62.809084] [] ? bit_clear+0x6e0/0x6e0 [ 62.809088] [] ? get_color+0x30/0x380 [ 62.809092] [] fbcon_putcs+0x374/0x5a0 [ 62.809095] [] ? bit_clear+0x6e0/0x6e0 [ 62.809098] [] do_update_region+0x3f7/0x7c0 [ 62.809102] [] ? con_get_trans_old+0x180/0x180 [ 62.809106] [] ? fbcon_set_palette+0x387/0x580 [ 62.809110] [] redraw_screen+0x531/0x7d0 [ 62.809114] [] ? respond_string+0x3a0/0x3a0 [ 62.809117] [] ? mutex_unlock+0x9/0x10 [ 62.809121] [] ? tty_do_resize+0x47/0x150 [ 62.809124] [] vc_do_resize+0xd70/0x1350 [ 62.809129] [] ? vc_init+0x490/0x490 [ 62.809132] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.809135] [] vc_resize+0x3d/0x60 [ 62.809139] [] ? console_lock+0x4a/0x70 [ 62.809142] [] vt_ioctl+0x14fb/0x24e0 [ 62.809146] [] ? complete_change_console+0x300/0x300 [ 62.809149] [] ? plist_del+0xe9/0x1d0 [ 62.809153] [] ? wake_up_q+0x82/0xe0 [ 62.809156] [] ? futex_wake+0x110/0x500 [ 62.809160] [] ? get_futex_key+0xee0/0xee0 [ 62.809163] [] ? depot_save_stack+0x12f/0x480 [ 62.809166] [] tty_ioctl+0x5d4/0x20f0 [ 62.809170] [] ? no_tty+0x90/0x90 [ 62.809173] [] ? __lock_acquire+0xca1/0x5560 [ 62.809176] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.809179] [] ? __lock_acquire+0x1985/0x5560 [ 62.809183] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.809186] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.809190] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.809193] [] do_vfs_ioctl+0x17f/0xe70 [ 62.809196] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.809199] [] ? __fget+0x1c2/0x320 [ 62.809201] [] ? __fget+0x1df/0x320 [ 62.809203] [] ? __fget+0x42/0x320 [ 62.809206] [] ? __fget_light+0x79/0x200 [ 62.809209] [] SyS_ioctl+0x74/0x80 [ 62.809212] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.809215] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.809216] Object allocated with size 1040 bytes. [ 62.809217] Allocation: [ 62.809218] PID = 7735 [ 62.809222] [] save_stack_trace+0x26/0x50 [ 62.809225] [] save_stack+0x46/0xd0 [ 62.809229] [] kasan_kmalloc+0xc9/0xe0 [ 62.809232] [] __kmalloc+0x169/0x6d0 [ 62.809236] [] fbcon_set_font+0x269/0x820 [ 62.809239] [] con_font_op+0xc1d/0xfa0 [ 62.809242] [] vt_ioctl+0x434/0x24e0 [ 62.809245] [] tty_ioctl+0x5d4/0x20f0 [ 62.809248] [] do_vfs_ioctl+0x17f/0xe70 [ 62.809251] [] SyS_ioctl+0x74/0x80 [ 62.809254] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.809255] Memory state around the buggy address: [ 62.809258] ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.809260] ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.809262] >ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809263] ^ [ 62.809265] ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809268] ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809269] ================================================================== [ 62.809478] ================================================================== [ 62.809482] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43494c0 [ 62.809484] Read of size 1 by task syz-executor.0/7739 [ 62.809487] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.809489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.809493] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802 [ 62.809497] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.809500] ffffffff81740207 0000000000000010 ffff880127487450 0000000000000286 [ 62.809501] Call Trace: [ 62.809504] [] dump_stack+0xe6/0x120 [ 62.809508] [] kasan_report_error+0x1e7/0x5c0 [ 62.809512] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.809515] [] ? bit_putcs+0xc43/0xd20 [ 62.809518] [] bit_putcs+0xc43/0xd20 [ 62.809521] [] ? bit_clear+0x6e0/0x6e0 [ 62.809525] [] ? get_color+0x30/0x380 [ 62.809529] [] fbcon_putcs+0x374/0x5a0 [ 62.809532] [] ? bit_clear+0x6e0/0x6e0 [ 62.809536] [] do_update_region+0x3f7/0x7c0 [ 62.809540] [] ? con_get_trans_old+0x180/0x180 [ 62.809544] [] ? fbcon_set_palette+0x387/0x580 [ 62.809548] [] redraw_screen+0x531/0x7d0 [ 62.809552] [] ? respond_string+0x3a0/0x3a0 [ 62.809555] [] ? mutex_unlock+0x9/0x10 [ 62.809559] [] ? tty_do_resize+0x47/0x150 [ 62.809563] [] vc_do_resize+0xd70/0x1350 [ 62.809568] [] ? vc_init+0x490/0x490 [ 62.809570] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.809574] [] vc_resize+0x3d/0x60 [ 62.809578] [] ? console_lock+0x4a/0x70 [ 62.809592] [] vt_ioctl+0x14fb/0x24e0 [ 62.809595] [] ? complete_change_console+0x300/0x300 [ 62.809599] [] ? plist_del+0xe9/0x1d0 [ 62.809602] [] ? wake_up_q+0x82/0xe0 [ 62.809606] [] ? futex_wake+0x110/0x500 [ 62.809610] [] ? get_futex_key+0xee0/0xee0 [ 62.809613] [] ? depot_save_stack+0x12f/0x480 [ 62.809617] [] tty_ioctl+0x5d4/0x20f0 [ 62.809620] [] ? no_tty+0x90/0x90 [ 62.809623] [] ? __lock_acquire+0xca1/0x5560 [ 62.809626] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.809629] [] ? __lock_acquire+0x1985/0x5560 [ 62.809633] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.809637] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.809640] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.809643] [] do_vfs_ioctl+0x17f/0xe70 [ 62.809647] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.809649] [] ? __fget+0x1c2/0x320 [ 62.809652] [] ? __fget+0x1df/0x320 [ 62.809655] [] ? __fget+0x42/0x320 [ 62.809658] [] ? __fget_light+0x79/0x200 [ 62.809661] [] SyS_ioctl+0x74/0x80 [ 62.809664] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.809666] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.809668] Object allocated with size 1040 bytes. [ 62.809668] Allocation: [ 62.809669] PID = 7735 [ 62.809673] [] save_stack_trace+0x26/0x50 [ 62.809677] [] save_stack+0x46/0xd0 [ 62.809680] [] kasan_kmalloc+0xc9/0xe0 [ 62.809683] [] __kmalloc+0x169/0x6d0 [ 62.809687] [] fbcon_set_font+0x269/0x820 [ 62.809690] [] con_font_op+0xc1d/0xfa0 [ 62.809693] [] vt_ioctl+0x434/0x24e0 [ 62.809696] [] tty_ioctl+0x5d4/0x20f0 [ 62.809699] [] do_vfs_ioctl+0x17f/0xe70 [ 62.809702] [] SyS_ioctl+0x74/0x80 [ 62.809705] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.809706] Memory state around the buggy address: [ 62.809708] ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809710] ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809712] >ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809713] ^ [ 62.809715] ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809716] ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809717] ================================================================== [ 62.809719] ================================================================== [ 62.809722] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43494c1 [ 62.809723] Read of size 1 by task syz-executor.0/7739 [ 62.809726] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.809728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.809732] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802 [ 62.809736] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.809740] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.809741] Call Trace: [ 62.809744] [] dump_stack+0xe6/0x120 [ 62.809748] [] kasan_report_error+0x1e7/0x5c0 [ 62.809752] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.809754] [] ? bit_putcs+0xc43/0xd20 [ 62.809757] [] bit_putcs+0xc43/0xd20 [ 62.809761] [] ? bit_clear+0x6e0/0x6e0 [ 62.809783] [] ? get_color+0x30/0x380 [ 62.809787] [] fbcon_putcs+0x374/0x5a0 [ 62.809790] [] ? bit_clear+0x6e0/0x6e0 [ 62.809793] [] do_update_region+0x3f7/0x7c0 [ 62.809797] [] ? con_get_trans_old+0x180/0x180 [ 62.809801] [] ? fbcon_set_palette+0x387/0x580 [ 62.809805] [] redraw_screen+0x531/0x7d0 [ 62.809809] [] ? respond_string+0x3a0/0x3a0 [ 62.809812] [] ? mutex_unlock+0x9/0x10 [ 62.809816] [] ? tty_do_resize+0x47/0x150 [ 62.809820] [] vc_do_resize+0xd70/0x1350 [ 62.809824] [] ? vc_init+0x490/0x490 [ 62.809827] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.809831] [] vc_resize+0x3d/0x60 [ 62.809834] [] ? console_lock+0x4a/0x70 [ 62.809837] [] vt_ioctl+0x14fb/0x24e0 [ 62.809840] [] ? complete_change_console+0x300/0x300 [ 62.809843] [] ? plist_del+0xe9/0x1d0 [ 62.809847] [] ? wake_up_q+0x82/0xe0 [ 62.809851] [] ? futex_wake+0x110/0x500 [ 62.809855] [] ? get_futex_key+0xee0/0xee0 [ 62.809859] [] ? depot_save_stack+0x12f/0x480 [ 62.809862] [] tty_ioctl+0x5d4/0x20f0 [ 62.809866] [] ? no_tty+0x90/0x90 [ 62.809869] [] ? __lock_acquire+0xca1/0x5560 [ 62.809879] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.809882] [] ? __lock_acquire+0x1985/0x5560 [ 62.809886] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.809890] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.809892] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.809895] [] do_vfs_ioctl+0x17f/0xe70 [ 62.809898] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.809901] [] ? __fget+0x1c2/0x320 [ 62.809903] [] ? __fget+0x1df/0x320 [ 62.809906] [] ? __fget+0x42/0x320 [ 62.809908] [] ? __fget_light+0x79/0x200 [ 62.809912] [] SyS_ioctl+0x74/0x80 [ 62.809915] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.809917] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.809918] Object allocated with size 1040 bytes. [ 62.809919] Allocation: [ 62.809920] PID = 7735 [ 62.809923] [] save_stack_trace+0x26/0x50 [ 62.809926] [] save_stack+0x46/0xd0 [ 62.809930] [] kasan_kmalloc+0xc9/0xe0 [ 62.809933] [] __kmalloc+0x169/0x6d0 [ 62.809937] [] fbcon_set_font+0x269/0x820 [ 62.809940] [] con_font_op+0xc1d/0xfa0 [ 62.809944] [] vt_ioctl+0x434/0x24e0 [ 62.809947] [] tty_ioctl+0x5d4/0x20f0 [ 62.809950] [] do_vfs_ioctl+0x17f/0xe70 [ 62.809953] [] SyS_ioctl+0x74/0x80 [ 62.809956] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.809958] Memory state around the buggy address: [ 62.809960] ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809962] ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809964] >ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809965] ^ [ 62.809968] ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809970] ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.809971] ================================================================== [ 62.809972] ================================================================== [ 62.809975] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43494c2 [ 62.809977] Read of size 1 by task syz-executor.0/7739 [ 62.809980] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.809981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.809986] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802 [ 62.809990] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.809994] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.809995] Call Trace: [ 62.809998] [] dump_stack+0xe6/0x120 [ 62.810002] [] kasan_report_error+0x1e7/0x5c0 [ 62.810006] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.810009] [] ? bit_putcs+0xc43/0xd20 [ 62.810011] [] bit_putcs+0xc43/0xd20 [ 62.810014] [] ? bit_clear+0x6e0/0x6e0 [ 62.810018] [] ? get_color+0x30/0x380 [ 62.810022] [] fbcon_putcs+0x374/0x5a0 [ 62.810024] [] ? bit_clear+0x6e0/0x6e0 [ 62.810028] [] do_update_region+0x3f7/0x7c0 [ 62.810031] [] ? con_get_trans_old+0x180/0x180 [ 62.810035] [] ? fbcon_set_palette+0x387/0x580 [ 62.810039] [] redraw_screen+0x531/0x7d0 [ 62.810042] [] ? respond_string+0x3a0/0x3a0 [ 62.810045] [] ? mutex_unlock+0x9/0x10 [ 62.810048] [] ? tty_do_resize+0x47/0x150 [ 62.810052] [] vc_do_resize+0xd70/0x1350 [ 62.810056] [] ? vc_init+0x490/0x490 [ 62.810058] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.810062] [] vc_resize+0x3d/0x60 [ 62.810065] [] ? console_lock+0x4a/0x70 [ 62.810068] [] vt_ioctl+0x14fb/0x24e0 [ 62.810071] [] ? complete_change_console+0x300/0x300 [ 62.810075] [] ? plist_del+0xe9/0x1d0 [ 62.810078] [] ? wake_up_q+0x82/0xe0 [ 62.810082] [] ? futex_wake+0x110/0x500 [ 62.810085] [] ? get_futex_key+0xee0/0xee0 [ 62.810089] [] ? depot_save_stack+0x12f/0x480 [ 62.810092] [] tty_ioctl+0x5d4/0x20f0 [ 62.810096] [] ? no_tty+0x90/0x90 [ 62.810099] [] ? __lock_acquire+0xca1/0x5560 [ 62.810102] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.810105] [] ? __lock_acquire+0x1985/0x5560 [ 62.810109] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.810113] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.810116] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.810120] [] do_vfs_ioctl+0x17f/0xe70 [ 62.810123] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.810126] [] ? __fget+0x1c2/0x320 [ 62.810128] [] ? __fget+0x1df/0x320 [ 62.810130] [] ? __fget+0x42/0x320 [ 62.810134] [] ? __fget_light+0x79/0x200 [ 62.810137] [] SyS_ioctl+0x74/0x80 [ 62.810140] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.810142] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.810144] Object allocated with size 1040 bytes. [ 62.810145] Allocation: [ 62.810146] PID = 7735 [ 62.810149] [] save_stack_trace+0x26/0x50 [ 62.810153] [] save_stack+0x46/0xd0 [ 62.810156] [] kasan_kmalloc+0xc9/0xe0 [ 62.810160] [] __kmalloc+0x169/0x6d0 [ 62.810164] [] fbcon_set_font+0x269/0x820 [ 62.810167] [] con_font_op+0xc1d/0xfa0 [ 62.810170] [] vt_ioctl+0x434/0x24e0 [ 62.810173] [] tty_ioctl+0x5d4/0x20f0 [ 62.810176] [] do_vfs_ioctl+0x17f/0xe70 [ 62.810179] [] SyS_ioctl+0x74/0x80 [ 62.810183] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.810184] Memory state around the buggy address: [ 62.810186] ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810188] ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810190] >ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810191] ^ [ 62.810193] ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810196] ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810197] ================================================================== [ 62.810198] ================================================================== [ 62.810200] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43494c3 [ 62.810202] Read of size 1 by task syz-executor.0/7739 [ 62.810205] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.810207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.810211] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802 [ 62.810215] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.810219] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.810220] Call Trace: [ 62.810223] [] dump_stack+0xe6/0x120 [ 62.810227] [] kasan_report_error+0x1e7/0x5c0 [ 62.810230] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.810233] [] ? bit_putcs+0xc43/0xd20 [ 62.810236] [] bit_putcs+0xc43/0xd20 [ 62.810240] [] ? bit_clear+0x6e0/0x6e0 [ 62.810244] [] ? get_color+0x30/0x380 [ 62.810247] [] fbcon_putcs+0x374/0x5a0 [ 62.810250] [] ? bit_clear+0x6e0/0x6e0 [ 62.810254] [] do_update_region+0x3f7/0x7c0 [ 62.810258] [] ? con_get_trans_old+0x180/0x180 [ 62.810262] [] ? fbcon_set_palette+0x387/0x580 [ 62.810266] [] redraw_screen+0x531/0x7d0 [ 62.810270] [] ? respond_string+0x3a0/0x3a0 [ 62.810273] [] ? mutex_unlock+0x9/0x10 [ 62.810277] [] ? tty_do_resize+0x47/0x150 [ 62.810280] [] vc_do_resize+0xd70/0x1350 [ 62.810285] [] ? vc_init+0x490/0x490 [ 62.810288] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.810292] [] vc_resize+0x3d/0x60 [ 62.810295] [] ? console_lock+0x4a/0x70 [ 62.810298] [] vt_ioctl+0x14fb/0x24e0 [ 62.810302] [] ? complete_change_console+0x300/0x300 [ 62.810305] [] ? plist_del+0xe9/0x1d0 [ 62.810309] [] ? wake_up_q+0x82/0xe0 [ 62.810313] [] ? futex_wake+0x110/0x500 [ 62.810316] [] ? get_futex_key+0xee0/0xee0 [ 62.810320] [] ? depot_save_stack+0x12f/0x480 [ 62.810323] [] tty_ioctl+0x5d4/0x20f0 [ 62.810327] [] ? no_tty+0x90/0x90 [ 62.810330] [] ? __lock_acquire+0xca1/0x5560 [ 62.810333] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.810336] [] ? __lock_acquire+0x1985/0x5560 [ 62.810340] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.810344] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.810347] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.810351] [] do_vfs_ioctl+0x17f/0xe70 [ 62.810354] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.810356] [] ? __fget+0x1c2/0x320 [ 62.810359] [] ? __fget+0x1df/0x320 [ 62.810362] [] ? __fget+0x42/0x320 [ 62.810365] [] ? __fget_light+0x79/0x200 [ 62.810368] [] SyS_ioctl+0x74/0x80 [ 62.810371] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.810373] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.810374] Object allocated with size 1040 bytes. [ 62.810375] Allocation: [ 62.810376] PID = 7735 [ 62.810380] [] save_stack_trace+0x26/0x50 [ 62.810383] [] save_stack+0x46/0xd0 [ 62.810386] [] kasan_kmalloc+0xc9/0xe0 [ 62.810390] [] __kmalloc+0x169/0x6d0 [ 62.810394] [] fbcon_set_font+0x269/0x820 [ 62.810397] [] con_font_op+0xc1d/0xfa0 [ 62.810400] [] vt_ioctl+0x434/0x24e0 [ 62.810403] [] tty_ioctl+0x5d4/0x20f0 [ 62.810406] [] do_vfs_ioctl+0x17f/0xe70 [ 62.810409] [] SyS_ioctl+0x74/0x80 [ 62.810413] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.810413] Memory state around the buggy address: [ 62.810416] ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810418] ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810420] >ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810421] ^ [ 62.810423] ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810425] ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.810426] ================================================================== [ 62.810428] ================================================================== [ 62.810430] BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffff8800b43494c4 [ 62.810432] Read of size 1 by task syz-executor.0/7739 [ 62.810435] CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 [ 62.810436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.810441] 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802 [ 62.810445] ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418 [ 62.810449] ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286 [ 62.810450] Call Trace: [ 62.810453] [] dump_stack+0xe6/0x120 [ 62.810456] [] kasan_report_error+0x1e7/0x5c0 [ 62.810460] [] __asan_report_load1_noabort+0x3e/0x40 [ 62.810463] [] ? bit_putcs+0xc43/0xd20 [ 62.810465] [] bit_putcs+0xc43/0xd20 [ 62.810469] [] ? bit_clear+0x6e0/0x6e0 [ 62.810473] [] ? get_color+0x30/0x380 [ 62.810477] [] fbcon_putcs+0x374/0x5a0 [ 62.810480] [] ? bit_clear+0x6e0/0x6e0 [ 62.810484] [] do_update_region+0x3f7/0x7c0 [ 62.810487] [] ? con_get_trans_old+0x180/0x180 [ 62.810491] [] ? fbcon_set_palette+0x387/0x580 [ 62.810495] [] redraw_screen+0x531/0x7d0 [ 62.810499] [] ? respond_string+0x3a0/0x3a0 [ 62.810503] [] ? mutex_unlock+0x9/0x10 [ 62.810506] [] ? tty_do_resize+0x47/0x150 [ 62.810510] [] vc_do_resize+0xd70/0x1350 [ 62.810514] [] ? vc_init+0x490/0x490 [ 62.810516] [] ? vt_ioctl+0x13d3/0x24e0 [ 62.810519] [] vc_resize+0x3d/0x60 [ 62.810523] [] ? console_lock+0x4a/0x70 [ 62.810526] [] vt_ioctl+0x14fb/0x24e0 [ 62.810529] [] ? complete_change_console+0x300/0x300 [ 62.810533] [] ? plist_del+0xe9/0x1d0 [ 62.810537] [] ? wake_up_q+0x82/0xe0 [ 62.810540] [] ? futex_wake+0x110/0x500 [ 62.810544] [] ? get_futex_key+0xee0/0xee0 [ 62.810547] [] ? depot_save_stack+0x12f/0x480 [ 62.810550] [] tty_ioctl+0x5d4/0x20f0 [ 62.810554] [] ? no_tty+0x90/0x90 [ 62.810557] [] ? __lock_acquire+0xca1/0x5560 [ 62.810560] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.810563] [] ? __lock_acquire+0x1985/0x5560 [ 62.810567] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.810571] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 62.810574] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 62.810578] [] do_vfs_ioctl+0x17f/0xe70 [ 62.810581] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 62.810583] [] ? __fget+0x1c2/0x320 [ 62.810586] [] ? __fget+0x1df/0x320 [ 62.810589] [] ? __fget+0x42/0x320 [ 62.810592] [] ? __fget_light+0x79/0x200 [ 62.810595] [] SyS_ioctl+0x74/0x80 [ 62.810598] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 62.810601] Object at ffff8800b4348d80, in cache kmalloc-2048 [ 62.810602] Object allocated with size 1040 bytes. [ 62.810603] Allocation: [ 62.810604] PID = 7735