bisecting cause commit starting from b0d4beaa5a4b7d31070c41c2e50740304a3f1138
building syzkaller on 98b4ef2d37d8a54ac96f1b117764446945e46505
testing commit b0d4beaa5a4b7d31070c41c2e50740304a3f1138 with gcc (GCC) 8.1.0
kernel signature: b02d688d11350ffef518c1c7384094b6c034f661
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 60a672ea00ae17dc8f8165c35ccd57b0da9066cc
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: e237c53bb46c4bf20fdd3f16f9d3e3e22f04c730
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: cdea48e4183c4f06b16386d68893ec030f55964b
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: ad0fc00f0fe42899b56356f1de1b43ecff99c0a9
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 25395f211a07fd53d218d08412f43c2f15a3dd02
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: ac4fdacdb5f3dc1cf7952bc3da7d291a0a8e76d4
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: f308329d6ba90bf8d89a967a86a9c7dfa3b1771d
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: 969f3db5c52e497a3177d2b10b6a3aac083fbba3
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: f581006530215c1c26031d083ec8eed4bea2234a
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 0f0c2334bf3e7931ea0f305abbe1b5b8415bb2bf
run #0: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #1: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #2: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #3: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #4: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #5: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #6: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #7: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #8: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #9: crashed: KASAN: global-out-of-bounds Read in soft_cursor
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: 2b6e1db0d1036cdf2a6538f4008b41fead2b4474
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: effd66a3deb4d8271b8ea32ec285a0ae1e6d4bd0
run #0: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #1: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #2: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #3: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #4: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #5: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #6: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #7: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #8: OK
run #9: OK
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: dd894c4aa9e56a48574b16d305284b2b9fc847f7
run #0: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #1: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #2: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #3: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #4: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #5: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #6: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #7: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #8: OK
run #9: OK
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: 5dbe6d550bbf9b83dd6cb645d09ab2ce0d939432
run #0: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #1: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #2: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #3: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #4: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #5: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #6: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #7: OK
run #8: OK
run #9: OK
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: 0e26dd4dd7abe5cb13fe140746109089c3f8677c
run #0: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #1: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #2: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #3: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #4: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #5: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #6: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #7: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #8: OK
run #9: OK
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: f1ce2084c9e7546ce6f70015228f7910012b7dc3
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
kernel signature: 96bb5f94caf3e9b6ad71614cf071a156c9d8dac2
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
kernel signature: 1f5f539e141181e0c962ad9ab6b4f2f1a93ba044
run #0: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #1: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #2: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #3: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #4: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #5: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #6: crashed: KASAN: global-out-of-bounds Read in bit_putcs
run #7: OK
run #8: OK
run #9: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
kernel signature: b0bf5b565c75b84fba8fb717ff6e1180ff98bc0f
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
kernel signature: 048720aa3ffb13796d417f4fdfe9c1dba45ca58c
all runs: crashed: KASAN: global-out-of-bounds Read in bit_putcs
revisions tested: 21, total time: 3h57m57.846814701s (build: 1h46m55.610414404s, test: 2h8m19.344393867s)
the crash already happened on the oldest tested release
commit msg: Linux 4.6
crash: KASAN: global-out-of-bounds Read in bit_putcs
                                           ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c3
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c3
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c3
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10c3/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0c3 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                           ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c4
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c4
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c4
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10c4/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0c4 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                           ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c5
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c5
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c5
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10c5/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0c5 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                           ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c6
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c6
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c6
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10c6/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0c6 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                           ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c7
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c7
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c7
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10c7/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0c7 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                           ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c8
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c8
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c8
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10c8/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0c8 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c9
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c9
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c9
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10c9/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0c9 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0ca
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0ca
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0ca
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10ca/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0ca dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cb
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cb
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cb
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10cb/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0cb dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cc
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cc
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cc
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10cc/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0cc dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cd
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cd
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cd
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10cd/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0cd dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0ce
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0ce
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0ce
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10ce/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0ce dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cf
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cf
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cf
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10cf/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0cf dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                              ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d0
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d0
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d0
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d0/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d0 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d1
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d1
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d1
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d1/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d1 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d2
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d2
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d2
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d2/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d2 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d3
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d3
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d3
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d3/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d3 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d4
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d4
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d4
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d4/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d4 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d5
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d5
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d5
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d5/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d5 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d6
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d6
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d6
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d6/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d6 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d7
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d7
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d7
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d7/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d7 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                 ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d8
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d8
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d8
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d8/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d8 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                    ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d9
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d9
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d9
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10d9/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0d9 dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                    ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0da
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0da
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0da
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10da/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0da dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
>ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
                                                    ^
 ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0db
BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0db
BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0db
Read of size 1 by task syz-executor.0/7588
Address belongs to variable fontdata_8x16+0x10db/0x10e0
CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
 ffff8800af6c73d8 ffffffff85fdd0db dffffc0000000000 ffff8800af6c73c8
 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
Call Trace:
 [<ffffffff82c4c1e6>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff8173ea4a>] print_address_description mm/kasan/report.c:190 [inline]
 [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275
 [<ffffffff8173eaae>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82dc3f93>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82dc3f93>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538
 [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553
 [<ffffffff82fdc858>] con_font_copy drivers/tty/vt/vt.c:4212 [inline]
 [<ffffffff82fdc858>] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227
 [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978
 [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d15bf>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d2324>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d2324>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680