syzbot

netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
==================================================================
BUG: KASAN: global-out-of-bounds in memcmp+0xc0/0xca lib/string.c:676
Read of size 1 at addr ffffffff890770c0 by task syz-executor.0/7543

CPU: 1 PID: 7543 Comm: syz-executor.0 Not tainted 6.10.0-rc3-syzkaller-g83a7eefedc9b #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000f6f8>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:129
[<ffffffff85c2e35c>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:135
[<ffffffff85c880ee>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff85c880ee>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:114
[<ffffffff85c386c4>] print_address_description mm/kasan/report.c:377 [inline]
[<ffffffff85c386c4>] print_report+0x288/0x596 mm/kasan/report.c:488
[<ffffffff8091ed4c>] kasan_report+0xec/0x118 mm/kasan/report.c:601
[<ffffffff80920b96>] __asan_report_load1_noabort+0x12/0x1a mm/kasan/report_generic.c:378
[<ffffffff85c0521a>] memcmp+0xc0/0xca lib/string.c:676
[<ffffffff84a241e6>] __hw_addr_add_ex+0xee/0x676 net/core/dev_addr_lists.c:88
[<ffffffff84a271e6>] __dev_mc_add net/core/dev_addr_lists.c:867 [inline]
[<ffffffff84a271e6>] dev_mc_add+0xac/0x108 net/core/dev_addr_lists.c:885
[<ffffffff84bb95c2>] mrp_init_applicant+0xe8/0x56e net/802/mrp.c:873
[<ffffffff8578d152>] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57
[<ffffffff8578342a>] register_vlan_dev+0x1b4/0x922 net/8021q/vlan.c:170
[<ffffffff8578b820>] vlan_newlink+0x3d2/0x5fc net/8021q/vlan_netlink.c:193
[<ffffffff84a6f21a>] rtnl_newlink_create net/core/rtnetlink.c:3510 [inline]
[<ffffffff84a6f21a>] __rtnl_newlink+0xfe4/0x1770 net/core/rtnetlink.c:3730
[<ffffffff84a6fa12>] rtnl_newlink+0x6c/0xa2 net/core/rtnetlink.c:3743
[<ffffffff84a5e564>] rtnetlink_rcv_msg+0x428/0xdb2 net/core/rtnetlink.c:6635
[<ffffffff84d8f2f4>] netlink_rcv_skb+0x216/0x3dc net/netlink/af_netlink.c:2564
[<ffffffff84a505b6>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6653
[<ffffffff84d8d58e>] netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
[<ffffffff84d8d58e>] netlink_unicast+0x508/0x862 net/netlink/af_netlink.c:1361
[<ffffffff84d8e14c>] netlink_sendmsg+0x864/0xdc2 net/netlink/af_netlink.c:1905
[<ffffffff849533a4>] sock_sendmsg_nosec net/socket.c:730 [inline]
[<ffffffff849533a4>] __sock_sendmsg+0xcc/0x162 net/socket.c:745
[<ffffffff84953fb2>] ____sys_sendmsg+0x5ce/0x79e net/socket.c:2585
[<ffffffff8495b302>] ___sys_sendmsg+0x144/0x1e6 net/socket.c:2639
[<ffffffff8495bdda>] __sys_sendmsg+0x130/0x1f0 net/socket.c:2668
[<ffffffff8495bf0a>] __do_sys_sendmsg net/socket.c:2677 [inline]
[<ffffffff8495bf0a>] __se_sys_sendmsg net/socket.c:2675 [inline]
[<ffffffff8495bf0a>] __riscv_sys_sendmsg+0x70/0xa2 net/socket.c:2675
[<ffffffff8000e200>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85c8a3a8>] do_trap_ecall_u+0x14c/0x214 arch/riscv/kernel/traps.c:330
[<ffffffff85caccb0>] ret_from_exception+0x0/0x64 arch/riscv/kernel/entry.S:112

The buggy address belongs to the variable:
 vlan_mrp_app+0x60/0x3e80

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89277
flags: 0xffe000000002000(reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000002000 ff1c000000249dc8 ff1c000000249dc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff89076f80: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
 ffffffff89077000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89077080: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
                                           ^
 ffffffff89077100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89077180: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00
==================================================================