==================================================================
BUG: KASAN: stack-out-of-bounds in bitmap_from_arr32+0x199/0x1f0 lib/bitmap.c:1278
Write of size 8 at addr ffffc9000161f5b0 by task syz-executor540/8494
CPU: 0 PID: 8494 Comm: syz-executor540 Not tainted 5.10.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x163 lib/dump_stack.c:118
print_address_description.constprop.0.cold+0x5/0x4c8 mm/kasan/report.c:385
__kasan_report mm/kasan/report.c:545 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562
bitmap_from_arr32+0x199/0x1f0 lib/bitmap.c:1278
ethnl_parse_bitset+0x448/0x7a0 net/ethtool/bitset.c:631
ethnl_set_features+0x2ac/0xa70 net/ethtool/features.c:240
genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739
genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]
genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
genl_rcv+0x24/0x40 net/netlink/genetlink.c:811
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
____sys_sendmsg+0x6e8/0x810 net/socket.c:2353
___sys_sendmsg+0xf3/0x170 net/socket.c:2407
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2440
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440899
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe4df86e28 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440899
RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e80
R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000
addr ffffc9000161f5b0 is located in stack of task syz-executor540/8494 at offset 264 in frame:
ethnl_set_features+0x0/0xa70 net/ethtool/features.c:58
this frame has 9 objects:
[32, 40) 'reply_payload'
[64, 80) 'req_info'
[96, 104) 'wanted_diff_mask'
[128, 136) 'active_diff_mask'
[160, 168) 'old_active'
[192, 200) 'old_wanted'
[224, 232) 'new_active'
[256, 264) 'req_wanted'
[288, 296) 'req_mask'
Memory state around the buggy address:
ffffc9000161f480: 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 f2
ffffc9000161f500: f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2
>ffffc9000161f580: f2 00 f2 f2 f2 00 f2 f2 f2 00 f3 f3 f3 00 00 00
^
ffffc9000161f600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1
ffffc9000161f680: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00
==================================================================