bisecting cause commit starting from c79f46a282390e0f5b306007bf7b11a46d529538
building syzkaller on 53430d97195bc8dc0221eaa2ea913237d82e199d
testing commit c79f46a282390e0f5b306007bf7b11a46d529538 with gcc (GCC) 8.1.0
kernel signature: ea5510835a5ae205f2c2322b72fb1c0d54482335
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: ba04f1c72c251caf2b21b7162a2506d277632376
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 75550a5e88742293a07a0929f09a16745caf9d12
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 4ed6f131c64642b79b7feaf8eabe8ce9eea59f04
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: 6bc3f282e91e6b39690cbf881a2c3f486124e125
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: f83211b97d1af9f4f3ff990e8f8e9e2d22579afd
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: abecd6cbefde2e5a3d82022f5d395b02f0a46108
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 68abb11ca07fdf8fee30d8555ba0229982b7144f
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: 17925c9d0899271700c64541ccd59096e57a0007
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: f213fed30ce6db6b4a999fd132087ebb0a295b1e
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: c1216fec6b53d38b55caa34421b9d8e7f22949c6
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: e6019d9a27e43caaf4c5c3872be0fc75df9b5820
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: e260cf2681e7e796cec2ab843481bc5ec5f6e867
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: 9fc37db46955d01ebc583bc227038b8b736ec017
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: 3350c99091e29fc2088eec080c2eebef44e20601
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: 2b9aadc7261083bcc13c834fc292d01d378122ad
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: f584181af048a20c94fc277f5fd68264cc27477a
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
kernel signature: a46fc36e4d23931f95d599451fd5010821e0ab29
all runs: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
kernel signature: d126b7b10a8b550c849586f382220d26c1f1a5cd
run #0: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
run #1: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
run #2: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
run #3: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
run #4: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
run #5: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
run #6: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
run #7: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
run #8: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
run #9: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
kernel signature: 37d288c88672188c2e4b188e9b2cfe796256c303
all runs: crashed: KASAN: slab-out-of-bounds Read in bit_putcs
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
kernel signature: 3b78f03084cb8d0dd67efa11a43ad7622b778b27
all runs: crashed: KASAN: slab-out-of-bounds Read in soft_cursor
revisions tested: 21, total time: 3h1m49.883773165s (build: 1h46m41.572317949s, test: 1h13m0.861810697s)
the crash already happened on the oldest tested release
commit msg: Linux 4.6
crash: KASAN: slab-out-of-bounds Read in soft_cursor
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:318 at addr ffff8800b43494c0
Read of size 16 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Not tainted 4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487450 ffffffff82c7f386 0000000000000010
 ffff8801274874e0 ffff8800b4348d80 ffff88012bc00800 ffff8801274874d0
 ffffffff81740207 ffff8800add8e400 ffffffff86f0eda0 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff81740914>] kasan_report+0x34/0x40 mm/kasan/report.c:297
 [<ffffffff8173f1ca>] check_memory_region mm/kasan/kasan.c:285 [inline]
 [<ffffffff8173f1ca>] __asan_loadN+0x12a/0x180 mm/kasan/kasan.c:678
 [<ffffffff8173f88d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:318
 [<ffffffff82df793e>] soft_cursor+0x72e/0xc20 drivers/video/console/softcursor.c:70
 [<ffffffff82df511c>] bit_cursor+0x14ac/0x21a0 drivers/video/console/bitblit.c:386
 [<ffffffff82de4233>] fbcon_cursor+0x453/0x650 drivers/video/console/fbcon.c:1332
 [<ffffffff82ffb695>] hide_cursor+0x95/0x2d0 drivers/tty/vt/vt.c:605
 [<ffffffff82ffdf32>] redraw_screen+0x292/0x7d0 drivers/tty/vt/vt.c:688
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                           ^
 ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d0
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d0
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d0
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000246 ffff880127487450 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d1
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d1
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d1
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d2
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d2
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d2
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d3
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d3
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d3
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d4
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d4
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d4
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d5
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d5
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d5
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d6
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d6
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d6
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d7
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d7
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d7
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d8
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d8
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d8
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491d9
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491d9
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491d9
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491da
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491da
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491da
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491db
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491db
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491db
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491dc
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491dc
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491dc
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491dd
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491dd
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491dd
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491de
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491de
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491de
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43491df
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43491df
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43491df
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba6357e2
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8800b4349100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8800b4349180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                    ^
 ffff8800b4349200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43494c0
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43494c0
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43494c0
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880127487450 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                           ^
 ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43494c1
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43494c1
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43494c1
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                           ^
 ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43494c2
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43494c2
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43494c2
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                           ^
 ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43494c3
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43494c3
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43494c3
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735
 [<ffffffff81205056>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:67
 [<ffffffff8173f3e6>] save_stack+0x46/0xd0 mm/kasan/kasan.c:450
 [<ffffffff8173f7a9>] set_track mm/kasan/kasan.c:462 [inline]
 [<ffffffff8173f7a9>] kasan_kmalloc+0xc9/0xe0 mm/kasan/kasan.c:532
 [<ffffffff8173bb09>] __do_kmalloc mm/slab.c:3545 [inline]
 [<ffffffff8173bb09>] __kmalloc+0x169/0x6d0 mm/slab.c:3554
 [<ffffffff82de6cf9>] kmalloc include/linux/slab.h:483 [inline]
 [<ffffffff82de6cf9>] fbcon_set_font+0x269/0x820 drivers/video/console/fbcon.c:2595
 [<ffffffff8301040d>] con_font_set drivers/tty/vt/vt.c:4156 [inline]
 [<ffffffff8301040d>] con_font_op+0xc1d/0xfa0 drivers/tty/vt/vt.c:4221
 [<ffffffff82fe51e4>] vt_ioctl+0x434/0x24e0 drivers/tty/vt/vt_ioctl.c:915
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Memory state around the buggy address:
 ffff8800b4349380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8800b4349480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                           ^
 ffff8800b4349500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8800b4349580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffff8800b43494c4
BUG: KASAN: slab-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffff8800b43494c4
BUG: KASAN: slab-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffff8800b43494c4
Read of size 1 by task syz-executor.0/7739
CPU: 1 PID: 7739 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 1ffffffff0dd577e ffff880127487398 ffffffff82c7f386 ffff8800ba635802
 ffff880127487428 ffff8800b4348d80 ffff88012bc00800 ffff880127487418
 ffffffff81740207 0000000000000010 ffff880100000000 0000000000000286
Call Trace:
 [<ffffffff82c7f386>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff82c7f386>] dump_stack+0xe6/0x120 lib/dump_stack.c:51
 [<ffffffff81740207>] object_err mm/kasan/report.c:139 [inline]
 [<ffffffff81740207>] print_address_description mm/kasan/report.c:179 [inline]
 [<ffffffff81740207>] kasan_report_error+0x1e7/0x5c0 mm/kasan/report.c:275
 [<ffffffff8174061e>] kasan_report mm/kasan/report.c:297 [inline]
 [<ffffffff8174061e>] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315
 [<ffffffff82df7133>] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline]
 [<ffffffff82df7133>] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline]
 [<ffffffff82df7133>] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185
 [<ffffffff82ddbf04>] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283
 [<ffffffff82ffa717>] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383
 [<ffffffff82ffe1d1>] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713
 [<ffffffff830006b0>] vc_do_resize+0xd70/0x1350 drivers/tty/vt/vt.c:953
 [<ffffffff83000ccd>] vc_resize+0x3d/0x60 drivers/tty/vt/vt.c:972
 [<ffffffff82fe62ab>] vt_ioctl+0x14fb/0x24e0 drivers/tty/vt/vt_ioctl.c:900
 [<ffffffff82fb33e4>] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988
 [<ffffffff817d312f>] vfs_ioctl fs/ioctl.c:43 [inline]
 [<ffffffff817d312f>] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674
 [<ffffffff817d3e94>] SYSC_ioctl fs/ioctl.c:689 [inline]
 [<ffffffff817d3e94>] SyS_ioctl+0x74/0x80 fs/ioctl.c:680
 [<ffffffff85bb80c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Object at ffff8800b4348d80, in cache kmalloc-2048
Object allocated with size 1040 bytes.
Allocation:
PID = 7735