Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts.
2019/12/17 10:18:59 parsed 1 programs
2019/12/17 10:18:59 executed programs: 0
[   55.615377] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready
[   55.623718] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready
[   55.632941] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready
[   55.641431] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready
[   55.649696] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready
[   55.660070] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready
[   55.675713] IPVS: Creating netns size=2712 id=2
[   55.680494] IPVS: ftp: loaded support on port[0] = 21
[   55.748663] IPVS: Creating netns size=2712 id=3
[   55.753568] IPVS: ftp: loaded support on port[0] = 21
[   55.889831] IPVS: Creating netns size=2712 id=4
[   55.895693] IPVS: ftp: loaded support on port[0] = 21
[   55.912174] chnl_net:caif_netlink_parms(): no params data found
[   56.121838] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.128602] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.137974] device bridge_slave_0 entered promiscuous mode
[   56.153730] chnl_net:caif_netlink_parms(): no params data found
[   56.167521] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.173969] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.183087] device bridge_slave_1 entered promiscuous mode
[   56.213578] IPVS: Creating netns size=2712 id=5
[   56.218417] IPVS: ftp: loaded support on port[0] = 21
[   56.294905] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   56.351441] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   56.492582] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.499117] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.509379] device bridge_slave_0 entered promiscuous mode
[   56.533774] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.540861] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.549877] device bridge_slave_1 entered promiscuous mode
[   56.573284] IPVS: Creating netns size=2712 id=6
[   56.578164] IPVS: ftp: loaded support on port[0] = 21
[   56.588103] chnl_net:caif_netlink_parms(): no params data found
[   56.665637] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   56.696874] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   56.711482] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   56.804745] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   56.879167] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   56.909756] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   56.919165] IPVS: Creating netns size=2712 id=7
[   56.924927] IPVS: ftp: loaded support on port[0] = 21
[   56.969964] chnl_net:caif_netlink_parms(): no params data found
[   57.014158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   57.044235] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.050788] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.059824] device bridge_slave_0 entered promiscuous mode
[   57.087187] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   57.128568] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.135515] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.144497] device bridge_slave_1 entered promiscuous mode
[   57.244170] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   57.363444] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   57.374207] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   57.412578] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   57.422820] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   57.483127] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.489730] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.498594] device bridge_slave_0 entered promiscuous mode
[   57.515798] chnl_net:caif_netlink_parms(): no params data found
[   57.550296] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.556722] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.567233] device bridge_slave_1 entered promiscuous mode
[   57.657147] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   57.724772] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   57.734009] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   57.742118] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   57.752969] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   57.945267] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   57.953715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   57.961843] chnl_net:caif_netlink_parms(): no params data found
[   57.977028] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.983974] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.993352] device bridge_slave_0 entered promiscuous mode
[   58.013344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   58.022311] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.028821] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.038205] device bridge_slave_1 entered promiscuous mode
[   58.045964] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   58.159629] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.182313] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.251936] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   58.279821] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   58.332167] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   58.339183] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.350368] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.359258] device bridge_slave_0 entered promiscuous mode
[   58.367376] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.373986] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.392544] device bridge_slave_1 entered promiscuous mode
[   58.412711] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   58.480754] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   58.522202] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.533234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   58.582898] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.595953] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.615353] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.648399] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.657897] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   58.687902] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   58.701745] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   58.748052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.759178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   58.767256] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   58.783830] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   58.805521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   58.934251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.942588] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.948941] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.956431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   58.964535] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.970924] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.978052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   58.985898] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.992361] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.006984] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.019299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.027315] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.035798] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.042303] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.071414] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   59.084734] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   59.098506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   59.111825] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.123321] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.138812] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   59.156434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   59.166501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   59.177806] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   59.212558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   59.219767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.227262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.245149] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   59.257482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.274419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.309797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.335933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.360612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.368498] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.375148] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.405952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.419913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.428635] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.435073] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.471171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.479212] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.485694] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.514144] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.531452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.538795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.549176] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.555583] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.571099] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   59.603217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.613723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   59.645654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   59.659109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   59.696663] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   59.719161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.733768] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.753147] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.791288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.799309] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.805714] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.829772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.838019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.845849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.857205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.866401] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.872803] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.891304] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.920161] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   59.941584] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   59.969484] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   59.992829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.015250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.047249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.183553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.193443] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.193496] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.204802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.222460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.223141] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.223198] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.302529] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   60.351419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   60.392884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.429318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
2019/12/17 10:19:04 executed programs: 9
** 56901 printk messages dropped ** [   64.122193]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122195]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122196]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122198]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122200]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.122201]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.122203]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122204]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.122207]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.122209]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.122211]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.122213]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.122215]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.122217]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.122219]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.122221]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.122223]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.122225]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.122227]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.122229]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122231]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.122234]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122236]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122238]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122240]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.122242]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.122243]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.122245]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.122246]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.122248]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.122249]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.122252]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.122253] Memory state around the buggy address:
[   64.122254]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122255]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.122256] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.122257]                                            ^
[   64.122258]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122259]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.122259] ==================================================================
[   64.122260] ==================================================================
[   64.122262] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0c3
[   64.122263] Read of size 1 by task syz-executor.0/7588
[   64.122264] Address belongs to variable fontdata_8x16+0x10c3/0x10e0
[   64.122265] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.122266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.122269]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.122271]  ffff8800af6c73d8 ffffffff85fdd0c3 dffffc0000000000 ffff8800af6c73c8
[   64.122273]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.122274] Call Trace:
[   64.122275]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.122277]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.122280]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.122281]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.122283]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.122285]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122287]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.122290]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.122291]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122294]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.122296]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.122299]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.122301]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.122303]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.122305]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.122307]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122308]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122310]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122312]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122313]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.122315]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.122316]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122318]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.122320]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.122322]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.122324]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.122326]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.122328]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.122330]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.122333]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.122335]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.122337]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.122339]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.122341]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.122343]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122345]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.122348]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122350]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122352]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122353]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.122355]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.122357]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.122358]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.122360]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.122361]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.122363]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.122365]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.122366] Memory state around the buggy address:
[   64.122367]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122368]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.122370] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.122370]                                            ^
[   64.122371]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122372]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.122373] ==================================================================
[   64.122374] ==================================================================
[   64.122375] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0c4
[   64.122376] Read of size 1 by task syz-executor.0/7588
[   64.122378] Address belongs to variable fontdata_8x16+0x10c4/0x10e0
[   64.122379] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.122380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.122382]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.122384]  ffff8800af6c73d8 ffffffff85fdd0c4 dffffc0000000000 ffff8800af6c73c8
[   64.122387]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.122387] Call Trace:
[   64.122389]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.122391]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.122393]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.122395]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.122396]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.122398]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122401]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.122403]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.122405]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122407]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.122409]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.122412]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.122414]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.122416]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.122418]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.122420]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122422]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122423]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122425]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122426]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.122428]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.122430]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122431]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.122433]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.122435]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.122438]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.122440]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.122442]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.122444]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.122446]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.122448]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.122450]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.122452]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.122454]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.122456]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122458]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.122461]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122463]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122465]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122467]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.122468]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.122470]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.122471]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.122473]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.122474]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.122476]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.122478]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.122479] Memory state around the buggy address:
[   64.122481]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122482]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.122483] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.122483]                                            ^
[   64.122485]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122486]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.122486] ==================================================================
[   64.122487] ==================================================================
[   64.122489] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0c5
[   64.122489] Read of size 1 by task syz-executor.0/7588
[   64.122491] Address belongs to variable fontdata_8x16+0x10c5/0x10e0
[   64.122492] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.122493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.122495]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.122498]  ffff8800af6c73d8 ffffffff85fdd0c5 dffffc0000000000 ffff8800af6c73c8
[   64.122500]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.122500] Call Trace:
[   64.122502]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.122504]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.122506]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.122508]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.122509]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.122512]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122514]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.122516]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.122518]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122520]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.122523]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.122525]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.122528]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.122529]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.122531]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.122533]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122535]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122537]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122538]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122540]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.122541]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.122543]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122545]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.122547]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.122549]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.122551]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.122553]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.122555]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.122557]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.122559]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.122561]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.122563]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.122565]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.122568]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.122569]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122571]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.122574]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122576]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122578]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122580]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.122582]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.122583]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.122585]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.122586]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.122588]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.122589]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.122592]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.122593] Memory state around the buggy address:
[   64.122594]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122595]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.122596] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.122597]                                            ^
[   64.122598]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122599]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.122600] ==================================================================
[   64.122600] ==================================================================
[   64.122602] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0c6
[   64.122603] Read of size 1 by task syz-executor.0/7588
[   64.122604] Address belongs to variable fontdata_8x16+0x10c6/0x10e0
[   64.122606] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.122606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.122609]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.122611]  ffff8800af6c73d8 ffffffff85fdd0c6 dffffc0000000000 ffff8800af6c73c8
[   64.122613]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.122614] Call Trace:
[   64.122615]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.122617]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.122620]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.122621]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.122623]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.122625]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122633]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.122636]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.122637]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122639]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.122642]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.122644]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.122647]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.122648]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.122651]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.122652]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122654]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122656]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122657]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122659]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.122660]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.122662]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122664]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.122666]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.122668]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.122670]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.122672]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.122674]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.122676]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.122678]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.122681]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.122683]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.122684]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.122687]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.122688]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122691]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.122694]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122696]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122698]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122700]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.122701]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.122703]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.122704]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.122706]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.122707]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.122709]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.122711]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.122712] Memory state around the buggy address:
[   64.122713]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122715]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.122716] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.122716]                                            ^
[   64.122717]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122718]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.122719] ==================================================================
[   64.122720] ==================================================================
[   64.122721] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0c7
[   64.122722] Read of size 1 by task syz-executor.0/7588
[   64.122724] Address belongs to variable fontdata_8x16+0x10c7/0x10e0
[   64.122725] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.122726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.122728]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.122730]  ffff8800af6c73d8 ffffffff85fdd0c7 dffffc0000000000 ffff8800af6c73c8
[   64.122733]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.122733] Call Trace:
[   64.122735]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.122737]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.122739]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.122741]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.122742]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.122744]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122747]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.122749]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.122751]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122753]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.122755]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.122758]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.122760]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.122762]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.122764]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.122766]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122768]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122769]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122771]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122772]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.122774]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.122776]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122777]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.122780]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.122782]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.122784]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.122786]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.122788]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.122790]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.122792]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.122794]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.122796]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.122798]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.122800]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.122802]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122804]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.122807]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122809]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122811]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122813]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.122815]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.122816]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.122818]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.122819]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.122821]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.122822]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.122825]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.122826] Memory state around the buggy address:
[   64.122827]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122828]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.122829] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.122830]                                            ^
[   64.122831]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122832]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.122832] ==================================================================
[   64.122833] ==================================================================
[   64.122835] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0c8
[   64.122835] Read of size 1 by task syz-executor.0/7588
[   64.122837] Address belongs to variable fontdata_8x16+0x10c8/0x10e0
[   64.122838] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.122839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.122841]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.122844]  ffff8800af6c73d8 ffffffff85fdd0c8 dffffc0000000000 ffff8800af6c73c8
[   64.122846]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.122846] Call Trace:
[   64.122848]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.122850]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.122852]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.122854]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.122855]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.122858]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122860]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.122862]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.122864]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122866]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.122869]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.122871]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.122874]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.122875]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.122877]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.122879]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122881]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122883]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122884]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122886]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.122887]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.122889]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122891]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.122893]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.122895]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.122897]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.122899]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.122901]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.122903]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.122905]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.122907]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.122909]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.122911]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.122914]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.122915]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122917]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.122920]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122922]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.122924]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122926]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.122928]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.122929]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.122931]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.122932]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.122934]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.122935]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.122938]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.122939] Memory state around the buggy address:
[   64.122940]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122941]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.122942] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.122943]                                               ^
[   64.122944]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.122945]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.122945] ==================================================================
[   64.122946] ==================================================================
[   64.122948] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0c9
[   64.122949] Read of size 1 by task syz-executor.0/7588
[   64.122950] Address belongs to variable fontdata_8x16+0x10c9/0x10e0
[   64.122951] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.122952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.122954]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.122957]  ffff8800af6c73d8 ffffffff85fdd0c9 dffffc0000000000 ffff8800af6c73c8
[   64.122959]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.122959] Call Trace:
[   64.122961]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.122963]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.122965]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.122967]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.122969]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.122971]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122973]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.122976]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.122977]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.122979]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.122982]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.122984]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.122987]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.122988]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.122990]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.122992]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.122994]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.122996]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.122997]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.122999]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123000]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123002]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123004]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123006]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123008]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123010]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123013]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123017]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123020]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123023]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123026]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123030]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123032]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123036]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123039]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123042]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123046]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123050]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123053]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123055]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123058]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123061]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123063]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123066]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123069]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123071]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123075]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123077] Memory state around the buggy address:
[   64.123079]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123081]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123083] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123084]                                               ^
[   64.123086]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123088]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123089] ==================================================================
[   64.123090] ==================================================================
[   64.123093] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0ca
[   64.123094] Read of size 1 by task syz-executor.0/7588
[   64.123097] Address belongs to variable fontdata_8x16+0x10ca/0x10e0
[   64.123099] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123109]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123113]  ffff8800af6c73d8 ffffffff85fdd0ca dffffc0000000000 ffff8800af6c73c8
[   64.123117]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123118] Call Trace:
[   64.123121]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123124]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123128]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123130]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123133]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123136]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123140]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123144]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123146]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123150]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.123153]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.123157]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.123161]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.123163]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.123167]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.123169]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123172]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.123175]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.123178]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.123181]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123183]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123186]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123189]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123192]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123195]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123198]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123201]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123205]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123208]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123212]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123215]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123217]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123220]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123223]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123226]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123229]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123234]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123237]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123240]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123243]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123246]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123249]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123252]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123254]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123257]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123260]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123264]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123265] Memory state around the buggy address:
[   64.123267]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123269]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123272] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123273]                                               ^
[   64.123275]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123277]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123278] ==================================================================
[   64.123279] ==================================================================
[   64.123281] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0cb
[   64.123283] Read of size 1 by task syz-executor.0/7588
[   64.123285] Address belongs to variable fontdata_8x16+0x10cb/0x10e0
[   64.123287] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123291]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123293]  ffff8800af6c73d8 ffffffff85fdd0cb dffffc0000000000 ffff8800af6c73c8
[   64.123295]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123296] Call Trace:
[   64.123297]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123299]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123302]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123303]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123305]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123307]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123310]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123312]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123314]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123316]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.123318]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.123321]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.123323]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.123325]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.123327]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.123329]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123330]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.123332]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.123334]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.123335]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123337]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123339]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123340]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123342]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123344]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123347]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123348]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123351]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123352]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123355]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123357]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123359]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123361]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123363]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123365]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123367]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123370]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123372]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123374]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123376]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123377]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123379]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123380]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123382]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123383]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123385]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123387]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123388] Memory state around the buggy address:
[   64.123389]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123390]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123392] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123392]                                               ^
[   64.123393]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123394]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123395] ==================================================================
[   64.123396] ==================================================================
[   64.123397] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0cc
[   64.123398] Read of size 1 by task syz-executor.0/7588
[   64.123400] Address belongs to variable fontdata_8x16+0x10cc/0x10e0
[   64.123401] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123404]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123406]  ffff8800af6c73d8 ffffffff85fdd0cc dffffc0000000000 ffff8800af6c73c8
[   64.123409]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123409] Call Trace:
[   64.123411]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123413]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123415]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123417]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123418]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123420]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123423]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123425]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123427]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123429]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.123432]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.123434]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.123437]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.123438]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.123440]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.123442]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123444]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.123445]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.123447]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.123449]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123450]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123452]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123454]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123456]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123458]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123460]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123462]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123464]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123466]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123468]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123470]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123472]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123474]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123477]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123478]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123480]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123483]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123485]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123487]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123489]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123491]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123492]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123494]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123495]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123497]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123498]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123501]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123502] Memory state around the buggy address:
[   64.123503]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123504]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123505] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123506]                                               ^
[   64.123507]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123508]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123508] ==================================================================
[   64.123509] ==================================================================
[   64.123511] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0cd
[   64.123512] Read of size 1 by task syz-executor.0/7588
[   64.123513] Address belongs to variable fontdata_8x16+0x10cd/0x10e0
[   64.123514] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123517]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123520]  ffff8800af6c73d8 ffffffff85fdd0cd dffffc0000000000 ffff8800af6c73c8
[   64.123522]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123522] Call Trace:
[   64.123524]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123526]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123529]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123530]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123532]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123534]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123536]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123539]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123540]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123543]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.123545]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.123547]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.123550]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.123551]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.123554]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.123555]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123557]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.123559]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.123560]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.123562]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123564]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123565]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123567]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123569]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123571]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123573]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123575]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123577]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123579]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123582]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123584]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123586]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123587]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123590]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123591]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123594]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123596]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123599]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123600]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123602]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123604]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123605]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123607]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123608]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123610]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123612]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123614]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123615] Memory state around the buggy address:
[   64.123616]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123617]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123618] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123619]                                               ^
[   64.123620]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123621]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123622] ==================================================================
[   64.123622] ==================================================================
[   64.123624] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0ce
[   64.123625] Read of size 1 by task syz-executor.0/7588
[   64.123626] Address belongs to variable fontdata_8x16+0x10ce/0x10e0
[   64.123628] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123631]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123633]  ffff8800af6c73d8 ffffffff85fdd0ce dffffc0000000000 ffff8800af6c73c8
[   64.123635]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123636] Call Trace:
[   64.123637]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123640]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123642]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123643]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123645]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123647]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123650]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123652]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123653]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123656]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.123658]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.123661]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.123663]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.123665]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.123667]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.123669]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123670]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.123672]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.123674]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.123675]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123677]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123679]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123680]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123682]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123684]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123686]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123688]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123690]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123692]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123695]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123697]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123699]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123701]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123703]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123705]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123707]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123710]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123712]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123714]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123715]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123717]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123719]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123720]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123722]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123723]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123725]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123727]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123728] Memory state around the buggy address:
[   64.123729]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123730]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123732] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123732]                                               ^
[   64.123733]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123734]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123735] ==================================================================
[   64.123736] ==================================================================
[   64.123737] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0cf
[   64.123738] Read of size 1 by task syz-executor.0/7588
[   64.123740] Address belongs to variable fontdata_8x16+0x10cf/0x10e0
[   64.123741] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123744]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123746]  ffff8800af6c73d8 ffffffff85fdd0cf dffffc0000000000 ffff8800af6c73c8
[   64.123748]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123749] Call Trace:
[   64.123751]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123753]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123755]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123757]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123758]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123760]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123763]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123765]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123767]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123769]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.123771]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.123774]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.123776]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.123778]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.123780]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.123782]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123783]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.123785]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.123787]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.123788]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123790]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123792]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123793]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123795]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123797]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123800]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123801]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123804]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123806]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123808]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123810]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123812]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123814]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123816]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123818]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123820]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123823]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123825]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123827]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123829]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123830]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123832]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123833]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123835]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123836]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123838]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123840]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123841] Memory state around the buggy address:
[   64.123842]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123844]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123845] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123845]                                               ^
[   64.123846]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123848]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123848] ==================================================================
[   64.123849] ==================================================================
[   64.123850] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d0
[   64.123856] Read of size 1 by task syz-executor.0/7588
[   64.123858] Address belongs to variable fontdata_8x16+0x10d0/0x10e0
[   64.123859] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123862]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123864]  ffff8800af6c73d8 ffffffff85fdd0d0 dffffc0000000000 ffff8800af6c73c8
[   64.123867]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123867] Call Trace:
[   64.123869]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123871]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123873]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123875]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123876]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123878]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123881]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123883]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123885]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123887]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.123889]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.123892]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.123894]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.123896]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.123898]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.123900]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123902]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.123903]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.123905]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.123907]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.123908]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.123910]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123911]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.123914]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.123916]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.123918]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.123920]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.123922]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.123924]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.123926]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.123928]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.123930]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.123932]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.123934]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.123936]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123938]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.123941]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123943]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.123945]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.123947]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.123949]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.123950]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.123952]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.123953]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.123955]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.123956]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.123959]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.123960] Memory state around the buggy address:
[   64.123961]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123962]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.123963] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.123964]                                                  ^
[   64.123965]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.123966]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.123966] ==================================================================
[   64.123967] ==================================================================
[   64.123969] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d1
[   64.123970] Read of size 1 by task syz-executor.0/7588
[   64.123971] Address belongs to variable fontdata_8x16+0x10d1/0x10e0
[   64.123972] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.123973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.123976]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.123978]  ffff8800af6c73d8 ffffffff85fdd0d1 dffffc0000000000 ffff8800af6c73c8
[   64.123980]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.123981] Call Trace:
[   64.123982]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.123984]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.123987]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.123988]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.123990]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.123992]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.123994]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.123997]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.123998]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124001]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124003]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124005]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124008]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124009]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124012]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124013]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124015]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124017]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124019]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124020]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124022]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124023]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124025]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124027]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124029]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124031]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124033]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124035]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124037]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124040]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124042]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124044]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124046]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124048]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124050]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124052]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124055]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124057]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124059]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124060]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124062]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124064]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124065]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124066]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124068]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124070]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124072]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124073] Memory state around the buggy address:
[   64.124074]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124075]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124077] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124077]                                                  ^
[   64.124078]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124079]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124080] ==================================================================
[   64.124081] ==================================================================
[   64.124082] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d2
[   64.124083] Read of size 1 by task syz-executor.0/7588
[   64.124084] Address belongs to variable fontdata_8x16+0x10d2/0x10e0
[   64.124086] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124089]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124091]  ffff8800af6c73d8 ffffffff85fdd0d2 dffffc0000000000 ffff8800af6c73c8
[   64.124093]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124094] Call Trace:
[   64.124096]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124098]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124100]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124106]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124107]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124109]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124112]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124114]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124116]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124118]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124120]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124123]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124125]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124127]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124129]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124131]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124133]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124134]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124136]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124137]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124139]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124141]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124142]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124144]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124146]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124149]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124151]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124153]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124155]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124157]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124159]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124161]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124163]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124165]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124167]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124169]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124172]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124174]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124176]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124178]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124179]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124181]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124182]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124184]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124185]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124187]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124189]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124190] Memory state around the buggy address:
[   64.124192]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124193]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124194] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124194]                                                  ^
[   64.124196]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124197]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124197] ==================================================================
[   64.124198] ==================================================================
[   64.124199] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d3
[   64.124200] Read of size 1 by task syz-executor.0/7588
[   64.124202] Address belongs to variable fontdata_8x16+0x10d3/0x10e0
[   64.124203] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124206]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124208]  ffff8800af6c73d8 ffffffff85fdd0d3 dffffc0000000000 ffff8800af6c73c8
[   64.124211]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124211] Call Trace:
[   64.124213]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124215]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124217]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124219]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124220]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124222]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124225]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124227]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124229]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124231]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124234]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124236]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124238]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124240]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124242]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124244]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124246]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124247]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124249]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124251]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124252]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124254]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124255]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124258]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124260]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124262]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124264]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124266]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124268]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124270]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124272]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124274]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124276]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124279]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124281]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124284]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124288]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124292]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124295]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124298]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124301]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124304]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124307]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124310]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124312]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124315]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124319]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124320] Memory state around the buggy address:
[   64.124322]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124324]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124326] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124327]                                                  ^
[   64.124329]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124331]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124332] ==================================================================
[   64.124334] ==================================================================
[   64.124336] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d4
[   64.124338] Read of size 1 by task syz-executor.0/7588
[   64.124340] Address belongs to variable fontdata_8x16+0x10d4/0x10e0
[   64.124343] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124349]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124353]  ffff8800af6c73d8 ffffffff85fdd0d4 dffffc0000000000 ffff8800af6c73c8
[   64.124357]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124357] Call Trace:
[   64.124360]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124364]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124367]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124370]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124372]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124375]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124379]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124382]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124384]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124386]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124388]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124391]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124393]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124395]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124397]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124399]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124400]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124402]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124404]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124405]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124407]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124408]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124410]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124412]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124414]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124416]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124418]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124421]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124422]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124425]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124427]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124429]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124431]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124433]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124435]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124437]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124440]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124442]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124444]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124446]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124447]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124449]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124450]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124452]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124453]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124455]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124457]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124458] Memory state around the buggy address:
[   64.124459]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124461]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124462] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124462]                                                  ^
[   64.124463]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124465]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124465] ==================================================================
[   64.124466] ==================================================================
[   64.124467] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d5
[   64.124468] Read of size 1 by task syz-executor.0/7588
[   64.124470] Address belongs to variable fontdata_8x16+0x10d5/0x10e0
[   64.124471] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124474]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124477]  ffff8800af6c73d8 ffffffff85fdd0d5 dffffc0000000000 ffff8800af6c73c8
[   64.124479]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124479] Call Trace:
[   64.124481]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124483]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124485]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124487]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124488]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124491]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124493]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124495]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124497]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124499]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124502]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124504]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124507]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124508]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124511]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124512]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124514]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124516]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124517]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124519]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124520]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124522]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124524]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124526]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124528]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124530]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124532]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124534]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124536]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124539]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124541]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124543]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124544]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124547]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124548]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124551]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124553]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124556]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124557]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124559]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124561]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124562]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124564]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124565]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124567]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124569]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124571]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124572] Memory state around the buggy address:
[   64.124573]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124574]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124575] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124576]                                                  ^
[   64.124577]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124578]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124579] ==================================================================
[   64.124580] ==================================================================
[   64.124581] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d6
[   64.124582] Read of size 1 by task syz-executor.0/7588
[   64.124583] Address belongs to variable fontdata_8x16+0x10d6/0x10e0
[   64.124585] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124588]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124590]  ffff8800af6c73d8 ffffffff85fdd0d6 dffffc0000000000 ffff8800af6c73c8
[   64.124592]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124593] Call Trace:
[   64.124595]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124597]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124599]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124600]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124602]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124604]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124607]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124609]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124611]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124613]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124615]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124618]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124620]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124622]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124624]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124626]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124627]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124629]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124631]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124632]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124634]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124635]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124637]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124639]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124641]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124643]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124645]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124647]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124649]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124652]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124654]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124656]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124658]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124660]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124662]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124664]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124667]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124669]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124671]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124673]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124674]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124676]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124677]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124679]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124680]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124682]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124684]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124685] Memory state around the buggy address:
[   64.124686]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124687]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124689] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124689]                                                  ^
[   64.124690]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124692]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124692] ==================================================================
[   64.124693] ==================================================================
[   64.124694] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d7
[   64.124695] Read of size 1 by task syz-executor.0/7588
[   64.124697] Address belongs to variable fontdata_8x16+0x10d7/0x10e0
[   64.124698] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124701]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124703]  ffff8800af6c73d8 ffffffff85fdd0d7 dffffc0000000000 ffff8800af6c73c8
[   64.124706]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124706] Call Trace:
[   64.124708]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124710]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124712]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124714]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124715]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124717]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124720]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124722]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124724]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124726]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124728]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124731]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124733]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124735]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124737]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124739]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124741]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124742]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124744]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124745]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124747]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124749]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124750]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124752]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124754]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124757]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124758]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124761]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124762]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124765]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124767]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124769]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124771]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124773]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124775]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124777]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124780]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124782]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124784]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124786]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124787]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124789]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124790]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124792]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124793]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124795]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124797]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124798] Memory state around the buggy address:
[   64.124799]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124800]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124802] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124802]                                                  ^
[   64.124803]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124805]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124805] ==================================================================
[   64.124806] ==================================================================
[   64.124807] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d8
[   64.124808] Read of size 1 by task syz-executor.0/7588
[   64.124810] Address belongs to variable fontdata_8x16+0x10d8/0x10e0
[   64.124811] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124814]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124816]  ffff8800af6c73d8 ffffffff85fdd0d8 dffffc0000000000 ffff8800af6c73c8
[   64.124819]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124819] Call Trace:
[   64.124821]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124823]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124825]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124827]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124828]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124830]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124833]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124835]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124837]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124839]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124841]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124844]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124846]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124848]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124850]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124852]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124854]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124855]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124857]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124858]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124860]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124862]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124863]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124865]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124867]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124870]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124872]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124874]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124876]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124878]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124880]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124882]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124884]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124886]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.124888]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124890]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.124893]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124895]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.124897]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124899]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.124900]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.124902]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.124903]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.124905]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.124906]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.124908]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.124910]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.124911] Memory state around the buggy address:
[   64.124913]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124914]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.124915] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.124916]                                                     ^
[   64.124917]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.124918]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.124918] ==================================================================
[   64.124919] ==================================================================
[   64.124921] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0d9
[   64.124921] Read of size 1 by task syz-executor.0/7588
[   64.124923] Address belongs to variable fontdata_8x16+0x10d9/0x10e0
[   64.124924] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.124925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.124927]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.124929]  ffff8800af6c73d8 ffffffff85fdd0d9 dffffc0000000000 ffff8800af6c73c8
[   64.124932]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.124932] Call Trace:
[   64.124934]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.124936]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.124938]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.124940]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.124941]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.124943]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124946]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.124948]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.124950]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.124952]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.124954]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.124957]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.124959]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.124961]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.124963]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.124965]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124967]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.124968]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.124970]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.124972]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.124973]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.124975]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.124976]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.124979]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.124981]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.124983]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.124985]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.124987]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.124989]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.124991]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.124993]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.124995]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.124997]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.124999]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.125001]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125003]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.125006]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.125008]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.125010]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125012]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.125014]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.125015]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.125017]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.125018]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.125020]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.125021]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.125024]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.125024] Memory state around the buggy address:
[   64.125026]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.125027]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.125028] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.125029]                                                     ^
[   64.125030]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.125031]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.125031] ==================================================================
[   64.125032] ==================================================================
[   64.125034] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0da
[   64.125034] Read of size 1 by task syz-executor.0/7588
[   64.125036] Address belongs to variable fontdata_8x16+0x10da/0x10e0
[   64.125037] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.125038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.125040]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.125042]  ffff8800af6c73d8 ffffffff85fdd0da dffffc0000000000 ffff8800af6c73c8
[   64.125045]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.125045] Call Trace:
[   64.125047]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.125049]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.125051]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.125053]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.125054]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.125056]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.125059]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.125061]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.125063]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.125065]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.125068]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.125070]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.125072]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.125074]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.125076]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.125078]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125080]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.125081]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.125083]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.125085]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.125086]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.125088]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125089]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.125092]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.125094]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.125096]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.125098]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.125100]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.125105]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.125108]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.125110]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.125112]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.125114]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.125116]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.125118]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125120]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.125123]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.125125]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.125127]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125129]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.125130]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.125132]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.125133]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.125135]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.125136]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.125138]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80
[   64.125140]  [<ffffffff85b6e300>] entry_SYSCALL_64_fastpath+0x23/0xc1
[   64.125141] Memory state around the buggy address:
[   64.125142]  ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.125144]  ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa
[   64.125145] >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00
[   64.125145]                                                     ^
[   64.125146]  ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.125148]  ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
[   64.125148] ==================================================================
[   64.125149] ==================================================================
[   64.125150] BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 at addr ffffffff85fdd0db
[   64.125151] Read of size 1 by task syz-executor.0/7588
[   64.125153] Address belongs to variable fontdata_8x16+0x10db/0x10e0
[   64.125154] CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G    B           4.6.0-syzkaller #0
[   64.125155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.125157]  1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067
[   64.125159]  ffff8800af6c73d8 ffffffff85fdd0db dffffc0000000000 ffff8800af6c73c8
[   64.125162]  ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286
[   64.125162] Call Trace:
[   64.125164]  [<ffffffff82c4c1e6>] dump_stack+0xe6/0x120
[   64.125166]  [<ffffffff8173ea4a>] kasan_report_error+0x59a/0x5c0
[   64.125168]  [<ffffffff8173eaae>] __asan_report_load1_noabort+0x3e/0x40
[   64.125170]  [<ffffffff82dc3f93>] ? bit_putcs+0xc43/0xd20
[   64.125171]  [<ffffffff82dc3f93>] bit_putcs+0xc43/0xd20
[   64.125173]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.125176]  [<ffffffff82da82c0>] ? get_color+0x30/0x380
[   64.125178]  [<ffffffff82da8d64>] fbcon_putcs+0x374/0x5a0
[   64.125180]  [<ffffffff82dc3350>] ? bit_clear+0x6e0/0x6e0
[   64.125182]  [<ffffffff82fc7577>] do_update_region+0x3f7/0x7c0
[   64.125184]  [<ffffffff82fc7180>] ? con_get_trans_old+0x180/0x180
[   64.125187]  [<ffffffff82da9ed7>] ? fbcon_set_palette+0x387/0x580
[   64.125189]  [<ffffffff82fcb031>] redraw_screen+0x531/0x7d0
[   64.125191]  [<ffffffff82dc0040>] ? bit_bmove+0x200/0x200
[   64.125193]  [<ffffffff82fcab00>] ? respond_string+0x3a0/0x3a0
[   64.125195]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125197]  [<ffffffff82db2b3d>] fbcon_do_set_font+0x85d/0x1120
[   64.125198]  [<ffffffff82fdc735>] ? con_font_op+0xe5/0xfa0
[   64.125200]  [<ffffffff82db3400>] ? fbcon_do_set_font+0x1120/0x1120
[   64.125201]  [<ffffffff82db3517>] fbcon_copy_font+0x117/0x190
[   64.125203]  [<ffffffff82fdc858>] con_font_op+0x208/0xfa0
[   64.125205]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125206]  [<ffffffff82fdc650>] ? con_write+0x90/0x90
[   64.125208]  [<ffffffff816ae1e1>] ? __might_fault+0xf1/0x1b0
[   64.125210]  [<ffffffff82fb2235>] vt_ioctl+0x625/0x24e0
[   64.125213]  [<ffffffff814d1894>] ? futex_wait+0x4b4/0x570
[   64.125215]  [<ffffffff82fb1c10>] ? complete_change_console+0x300/0x300
[   64.125217]  [<ffffffff814d13e0>] ? futex_wait_setup+0x2c0/0x2c0
[   64.125219]  [<ffffffff82c578b9>] ? plist_del+0xe9/0x1d0
[   64.125221]  [<ffffffff813c7b92>] ? wake_up_q+0x82/0xe0
[   64.125223]  [<ffffffff814d0d30>] ? futex_wake+0x110/0x500
[   64.125225]  [<ffffffff82f80244>] tty_ioctl+0x5d4/0x20f0
[   64.125227]  [<ffffffff82f7fc70>] ? no_tty+0x90/0x90
[   64.125229]  [<ffffffff81435291>] ? __lock_acquire+0xca1/0x5560
[   64.125231]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125233]  [<ffffffff81435f75>] ? __lock_acquire+0x1985/0x5560
[   64.125236]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.125238]  [<ffffffff814345f0>] ? debug_check_no_locks_freed+0x3c0/0x3c0
[   64.125240]  [<ffffffff8147e0b7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   64.125242]  [<ffffffff817d15bf>] do_vfs_ioctl+0x17f/0xe70
[   64.125243]  [<ffffffff817d1440>] ? ioctl_preallocate+0x1a0/0x1a0
[   64.125245]  [<ffffffff817ee892>] ? __fget+0x1c2/0x320
[   64.125246]  [<ffffffff817ee8af>] ? __fget+0x1df/0x320
[   64.125248]  [<ffffffff817ee712>] ? __fget+0x42/0x320
[   64.125249]  [<ffffffff817eea89>] ? __fget_light+0x79/0x200
[   64.125251]  [<ffffffff817d2324>] SyS_ioctl+0x74/0x80