^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c3 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c3 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c3 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10c3/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0c3 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c4 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c4 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c4 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10c4/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0c4 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c5 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c5 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c5 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10c5/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0c5 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c6 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c6 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c6 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10c6/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0c6 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c7 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c7 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c7 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10c7/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0c7 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c8 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c8 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c8 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10c8/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0c8 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0c9 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0c9 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0c9 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10c9/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0c9 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0ca BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0ca BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0ca Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10ca/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0ca dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cb BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cb BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cb Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10cb/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0cb dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cc BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cc BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cc Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10cc/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0cc dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cd BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cd BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cd Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10cd/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0cd dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0ce BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0ce BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0ce Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10ce/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0ce dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0cf BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0cf BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0cf Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10cf/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0cf dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d0 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d0 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d0 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d0/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d0 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d1 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d1 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d1 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d1/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d1 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d2 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d2 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d2 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d2/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d2 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d3 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d3 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d3 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d3/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d3 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d4 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d4 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d4 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d4/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d4 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d5 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d5 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d5 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d5/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d5 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d6 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d6 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d6 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d6/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d6 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d7 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d7 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d7 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d7/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d7 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d8 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d8 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d8 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d8/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d8 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0d9 BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0d9 BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0d9 Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10d9/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0d9 dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0da BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0da BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0da Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10da/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0da dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Memory state around the buggy address: ffffffff85fdcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd000: fa fa fa fa 06 fa fa fa fa fa fa fa 05 fa fa fa >ffffffff85fdd080: fa fa fa fa 00 00 03 fa fa fa fa fa 00 00 00 00 ^ ffffffff85fdd100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff85fdd180: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa ================================================================== ================================================================== BUG: KASAN: global-out-of-bounds in __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] at addr ffffffff85fdd0db BUG: KASAN: global-out-of-bounds in bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] at addr ffffffff85fdd0db BUG: KASAN: global-out-of-bounds in bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 at addr ffffffff85fdd0db Read of size 1 by task syz-executor.0/7588 Address belongs to variable fontdata_8x16+0x10db/0x10e0 CPU: 1 PID: 7588 Comm: syz-executor.0 Tainted: G B 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 1ffffffff0d9577e ffff8800af6c7348 ffffffff82c4c1e6 ffff8801dc884067 ffff8800af6c73d8 ffffffff85fdd0db dffffc0000000000 ffff8800af6c73c8 ffffffff8173ea4a 0000000000000010 ffff880000000000 0000000000000286 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xe6/0x120 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:190 [inline] [] kasan_report_error+0x59a/0x5c0 mm/kasan/report.c:275 [] kasan_report mm/kasan/report.c:297 [inline] [] __asan_report_load1_noabort+0x3e/0x40 mm/kasan/report.c:315 [] __fb_pad_aligned_buffer include/linux/fb.h:670 [inline] [] bit_putcs_aligned drivers/video/console/bitblit.c:96 [inline] [] bit_putcs+0xc43/0xd20 drivers/video/console/bitblit.c:185 [] fbcon_putcs+0x374/0x5a0 drivers/video/console/fbcon.c:1283 [] do_update_region+0x3f7/0x7c0 drivers/tty/vt/vt.c:383 [] redraw_screen+0x531/0x7d0 drivers/tty/vt/vt.c:713 [] fbcon_do_set_font+0x85d/0x1120 drivers/video/console/fbcon.c:2538 [] fbcon_copy_font+0x117/0x190 drivers/video/console/fbcon.c:2553 [] con_font_copy drivers/tty/vt/vt.c:4212 [inline] [] con_font_op+0x208/0xfa0 drivers/tty/vt/vt.c:4227 [] vt_ioctl+0x625/0x24e0 drivers/tty/vt/vt_ioctl.c:978 [] tty_ioctl+0x5d4/0x20f0 drivers/tty/tty_io.c:2988 [] vfs_ioctl fs/ioctl.c:43 [inline] [] do_vfs_ioctl+0x17f/0xe70 fs/ioctl.c:674 [] SYSC_ioctl fs/ioctl.c:689 [inline] [] SyS_ioctl+0x74/0x80 fs/ioctl.c:680