================================================================== BUG: KASAN: stack-out-of-bounds in bitmap_from_arr32+0x199/0x1f0 lib/bitmap.c:1278 Write of size 8 at addr ffffc9000151f5b0 by task syz-executor624/8469 CPU: 0 PID: 8469 Comm: syz-executor624 Not tainted 5.10.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x4c8 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562 bitmap_from_arr32+0x199/0x1f0 lib/bitmap.c:1278 ethnl_parse_bitset+0x448/0x7a0 net/ethtool/bitset.c:631 ethnl_set_features+0x2ac/0xa70 net/ethtool/features.c:240 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494 genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2331 ___sys_sendmsg+0xf3/0x170 net/socket.c:2385 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2418 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x440899 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffe5de83088 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440899 RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 RBP: 00000000006cb018 R08: 0000000000000000 R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e80 R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000 addr ffffc9000151f5b0 is located in stack of task syz-executor624/8469 at offset 264 in frame: ethnl_set_features+0x0/0xa70 net/ethtool/features.c:58 this frame has 9 objects: [32, 40) 'reply_payload' [64, 80) 'req_info' [96, 104) 'wanted_diff_mask' [128, 136) 'active_diff_mask' [160, 168) 'old_active' [192, 200) 'old_wanted' [224, 232) 'new_active' [256, 264) 'req_wanted' [288, 296) 'req_mask' Memory state around the buggy address: ffffc9000151f480: 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 f2 ffffc9000151f500: f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 f2 00 f2 f2 >ffffc9000151f580: f2 00 f2 f2 f2 00 f2 f2 f2 00 f3 f3 f3 00 00 00 ^ ffffc9000151f600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 ffffc9000151f680: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 ==================================================================