==================================================================
BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:381 [inline]
BUG: KASAN: stack-out-of-bounds in packet_recvmsg+0x58d/0x1130 net/packet/af_packet.c:3416
Write of size 131 at addr ffffc900077bfa38 by task syz-executor.1/6596
CPU: 1 PID: 6596 Comm: syz-executor.1 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
print_address_description.constprop.0.cold+0x5/0x413 mm/kasan/report.c:383
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x141/0x190 mm/kasan/generic.c:192
memcpy+0x39/0x60 mm/kasan/common.c:106
memcpy include/linux/string.h:381 [inline]
packet_recvmsg+0x58d/0x1130 net/packet/af_packet.c:3416
sock_recvmsg_nosec net/socket.c:886 [inline]
____sys_recvmsg+0x4b0/0x580 net/socket.c:2573
___sys_recvmsg+0xe4/0x150 net/socket.c:2617
do_recvmmsg+0x24a/0x720 net/socket.c:2715
__sys_recvmmsg+0xd5/0x250 net/socket.c:2796
__do_sys_recvmmsg net/socket.c:2817 [inline]
__se_sys_recvmmsg net/socket.c:2810 [inline]
__x64_sys_recvmmsg+0xde/0x130 net/socket.c:2810
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45ca59
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f1ebe04ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00000000004fc0e0 RCX: 000000000045ca59
RDX: 0000000000000009 RSI: 0000000020004b80 RDI: 0000000000000004
RBP: 000000000078bfa0 R08: 0000000020004e00 R09: 0000000000000000
R10: 0000000000010000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000008b9 R14: 00000000004cb95e R15: 00007f1ebe04b6d4
addr ffffc900077bfa38 is located in stack of task syz-executor.1/6596 at offset 32 in frame:
____sys_recvmsg+0x0/0x580 net/socket.c:927
this frame has 1 object:
[32, 160) 'addr'
Memory state around the buggy address:
ffffc900077bf980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffc900077bfa00: 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00
>ffffc900077bfa80: 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00
^
ffffc900077bfb00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2
ffffc900077bfb80: 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================