==================================================================
BUG: KASAN: global-out-of-bounds in memcmp+0xc0/0xca lib/string.c:676
Read of size 1 at addr ffffffff89077b00 by task syz.1.358/6430

CPU: 1 PID: 6430 Comm: syz.1.358 Not tainted 6.10.0-rc5-syzkaller-gcc2c169e34b4 #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000f6fc>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:129
[<ffffffff85c31d74>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:135
[<ffffffff85c8bb7e>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff85c8bb7e>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:114
[<ffffffff85c3c0e4>] print_address_description mm/kasan/report.c:377 [inline]
[<ffffffff85c3c0e4>] print_report+0x288/0x596 mm/kasan/report.c:488
[<ffffffff8091e97c>] kasan_report+0xec/0x118 mm/kasan/report.c:601
[<ffffffff809207c6>] __asan_report_load1_noabort+0x12/0x1a mm/kasan/report_generic.c:378
[<ffffffff85c08c2e>] memcmp+0xc0/0xca lib/string.c:676
[<ffffffff84a26f92>] __hw_addr_add_ex+0xee/0x676 net/core/dev_addr_lists.c:88
[<ffffffff84a29f92>] __dev_mc_add net/core/dev_addr_lists.c:867 [inline]
[<ffffffff84a29f92>] dev_mc_add+0xac/0x108 net/core/dev_addr_lists.c:885
[<ffffffff84bbc40a>] mrp_init_applicant+0xe8/0x56e net/802/mrp.c:873
[<ffffffff8579083e>] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57
[<ffffffff85786b16>] register_vlan_dev+0x1b4/0x922 net/8021q/vlan.c:170
[<ffffffff8578ef0c>] vlan_newlink+0x3d2/0x5fc net/8021q/vlan_netlink.c:193
[<ffffffff84a71fc6>] rtnl_newlink_create net/core/rtnetlink.c:3510 [inline]
[<ffffffff84a71fc6>] __rtnl_newlink+0xfe4/0x1770 net/core/rtnetlink.c:3730
[<ffffffff84a727be>] rtnl_newlink+0x6c/0xa2 net/core/rtnetlink.c:3743
[<ffffffff84a61310>] rtnetlink_rcv_msg+0x428/0xdb2 net/core/rtnetlink.c:6635
[<ffffffff84d92340>] netlink_rcv_skb+0x216/0x3dc net/netlink/af_netlink.c:2564
[<ffffffff84a53362>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6653
[<ffffffff84d905da>] netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
[<ffffffff84d905da>] netlink_unicast+0x508/0x862 net/netlink/af_netlink.c:1361
[<ffffffff84d91198>] netlink_sendmsg+0x864/0xdc2 net/netlink/af_netlink.c:1905
[<ffffffff84955f58>] sock_sendmsg_nosec net/socket.c:730 [inline]
[<ffffffff84955f58>] __sock_sendmsg+0xcc/0x162 net/socket.c:745
[<ffffffff84956b66>] ____sys_sendmsg+0x5ce/0x79e net/socket.c:2585
[<ffffffff8495deb6>] ___sys_sendmsg+0x144/0x1e6 net/socket.c:2639
[<ffffffff8495e98e>] __sys_sendmsg+0x130/0x1f0 net/socket.c:2668
[<ffffffff8495eabe>] __do_sys_sendmsg net/socket.c:2677 [inline]
[<ffffffff8495eabe>] __se_sys_sendmsg net/socket.c:2675 [inline]
[<ffffffff8495eabe>] __riscv_sys_sendmsg+0x70/0xa2 net/socket.c:2675
[<ffffffff8000e204>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85c8de38>] do_trap_ecall_u+0x14c/0x214 arch/riscv/kernel/traps.c:330
[<ffffffff85cb0784>] ret_from_exception+0x0/0x64 arch/riscv/kernel/entry.S:112

The buggy address belongs to the variable:
 vlan_mrp_app+0x60/0x3e80

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89277
flags: 0xffe000000002000(reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000002000 ff1c000000249dc8 ff1c000000249dc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff89077a00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89077a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89077b00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
                   ^
 ffffffff89077b80: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
 ffffffff89077c00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================