================================================================== BUG: KASAN: stack-out-of-bounds in bitmap_from_arr32+0x14b/0x1d0 lib/bitmap.c:1272 Write of size 8 at addr ffffc9000a1075a0 by task syz-executor.5/10891 CPU: 0 PID: 10891 Comm: syz-executor.5 Not tainted 5.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x96/0xe0 lib/dump_stack.c:118 print_address_description.constprop.4.cold.6+0x62/0x373 mm/kasan/report.c:374 __kasan_report.cold.7+0x7a/0x92 mm/kasan/report.c:506 kasan_report+0xe/0x20 mm/kasan/common.c:641 bitmap_from_arr32+0x14b/0x1d0 lib/bitmap.c:1272 ethnl_parse_bitset+0x3ea/0x680 net/ethtool/bitset.c:633 ethnl_set_features+0x293/0x8e8 net/ethtool/features.c:252 genl_family_rcv_msg_doit net/netlink/genetlink.c:673 [inline] genl_family_rcv_msg net/netlink/genetlink.c:718 [inline] genl_rcv_msg+0x5e7/0xf10 net/netlink/genetlink.c:735 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2478 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:746 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x761/0xc90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xac/0xf0 net/socket.c:672 ____sys_sendmsg+0x54e/0x760 net/socket.c:2343 ___sys_sendmsg+0xe4/0x160 net/socket.c:2397 __sys_sendmsg+0xce/0x170 net/socket.c:2430 do_syscall_64+0x8e/0x4f0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45deb9 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fbc90d73c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000000291c0 RCX: 000000000045deb9 RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003 RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007fff8001026f R14: 00007fbc90d749c0 R15: 000000000118bf2c addr ffffc9000a1075a0 is located in stack of task syz-executor.5/10891 at offset 360 in frame: ethnl_set_features+0x0/0x8e8 net/ethtool/features.c:51 this frame has 8 objects: [32, 40) 'reply_payload' [96, 112) 'req_info' [160, 168) 'wanted_diff_mask' [224, 232) 'active_diff_mask' [288, 296) 'new_active' [352, 360) 'req_wanted' [416, 424) 'req_mask' [480, 528) 'tb' Memory state around the buggy address: ffffc9000a107480: f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 ffffc9000a107500: f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 >ffffc9000a107580: f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 ^ ffffc9000a107600: f2 f2 f2 00 00 00 00 00 00 f2 f2 00 00 00 00 00 ffffc9000a107680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 ==================================================================