================================================================== BUG: KASAN: global-out-of-bounds in memcmp+0xc0/0xca lib/string.c:676 Read of size 1 at addr ffffffff897cc9c0 by task syz.1.3437/18787 CPU: 1 UID: 0 PID: 18787 Comm: syz.1.3437 Not tainted 6.12.0-rc6-syzkaller-g57f7c7dc78cd #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136 [] __dump_stack lib/dump_stack.c:94 [inline] [] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120 [] print_address_description mm/kasan/report.c:377 [inline] [] print_report+0x290/0x5a0 mm/kasan/report.c:488 [] kasan_report+0xec/0x118 mm/kasan/report.c:601 [] __asan_report_load1_noabort+0x12/0x1a mm/kasan/report_generic.c:378 [] memcmp+0xc0/0xca lib/string.c:676 [] __hw_addr_add_ex+0xee/0x676 net/core/dev_addr_lists.c:88 [] __dev_mc_add net/core/dev_addr_lists.c:867 [inline] [] dev_mc_add+0xac/0x108 net/core/dev_addr_lists.c:885 [] mrp_init_applicant+0xe8/0x56e net/802/mrp.c:873 [] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57 [] register_vlan_dev+0x1b4/0x922 net/8021q/vlan.c:170 [] vlan_newlink+0x3d2/0x5fc net/8021q/vlan_netlink.c:193 [] rtnl_newlink_create net/core/rtnetlink.c:3539 [inline] [] __rtnl_newlink+0xfe2/0x1738 net/core/rtnetlink.c:3759 [] rtnl_newlink+0x6c/0xa2 net/core/rtnetlink.c:3772 [] rtnetlink_rcv_msg+0x428/0xdbe net/core/rtnetlink.c:6675 [] netlink_rcv_skb+0x216/0x3dc net/netlink/af_netlink.c:2551 [] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6693 [] netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] [] netlink_unicast+0x4f0/0x82c net/netlink/af_netlink.c:1357 [] netlink_sendmsg+0x864/0xdc6 net/netlink/af_netlink.c:1901 [] sock_sendmsg_nosec net/socket.c:729 [inline] [] __sock_sendmsg+0xcc/0x160 net/socket.c:744 [] ____sys_sendmsg+0x5ce/0x79e net/socket.c:2607 [] ___sys_sendmsg+0x144/0x1e6 net/socket.c:2661 [] __sys_sendmsg+0x130/0x1f0 net/socket.c:2690 [] __do_sys_sendmsg net/socket.c:2699 [inline] [] __se_sys_sendmsg net/socket.c:2697 [inline] [] __riscv_sys_sendmsg+0x70/0xa2 net/socket.c:2697 [] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90 [] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331 [] _new_vmalloc_restore_context_a0+0xc2/0xce The buggy address belongs to the variable: vlan_mrp_app+0x60/0x3e80 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x899cc flags: 0xffe000000002000(reserved|node=0|zone=0|lastcpupid=0x7ff) raw: 0ffe000000002000 ff1c000000267308 ff1c000000267308 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff897cc880: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 ffffffff897cc900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff897cc980: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 ^ ffffffff897cca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff897cca80: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00 ==================================================================