==================================================================
BUG: KASAN: global-out-of-bounds in memcmp+0xc0/0xca lib/string.c:687
Read of size 1 at addr ffffffff89a26cc0 by task syz.0.163/5225

CPU: 0 UID: 0 PID: 5225 Comm: syz.0.163 Not tainted 6.14.0-rc1-syzkaller-g245aece3750d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80074518>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:132
[<ffffffff80003206>] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:138
[<ffffffff8005fa4c>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff8005fa4c>] dump_stack_lvl+0x12e/0x1a6 lib/dump_stack.c:120
[<ffffffff8000eac8>] print_address_description mm/kasan/report.c:378 [inline]
[<ffffffff8000eac8>] print_report+0x28e/0x5aa mm/kasan/report.c:489
[<ffffffff80a6e636>] kasan_report+0xf0/0x214 mm/kasan/report.c:602
[<ffffffff80a70424>] __asan_report_load1_noabort+0x12/0x1a mm/kasan/report_generic.c:378
[<ffffffff862196ca>] memcmp+0xc0/0xca lib/string.c:687
[<ffffffff84fb59d6>] __hw_addr_add_ex+0xee/0x676 net/core/dev_addr_lists.c:88
[<ffffffff84fb7c1c>] __dev_mc_add net/core/dev_addr_lists.c:868 [inline]
[<ffffffff84fb7c1c>] dev_mc_add+0xac/0x108 net/core/dev_addr_lists.c:886
[<ffffffff8515d568>] mrp_init_applicant+0xe8/0x56e net/802/mrp.c:873
[<ffffffff85d7dc92>] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57
[<ffffffff85d73d42>] register_vlan_dev+0x1b4/0x922 net/8021q/vlan.c:170
[<ffffffff85d749fe>] register_vlan_device net/8021q/vlan.c:277 [inline]
[<ffffffff85d749fe>] vlan_ioctl_handler+0x54e/0x956 net/8021q/vlan.c:621
[<ffffffff84ed8088>] sock_ioctl+0x1fa/0x938 net/socket.c:1277
[<ffffffff80bb831c>] vfs_ioctl fs/ioctl.c:51 [inline]
[<ffffffff80bb831c>] __do_sys_ioctl fs/ioctl.c:906 [inline]
[<ffffffff80bb831c>] __se_sys_ioctl fs/ioctl.c:892 [inline]
[<ffffffff80bb831c>] __riscv_sys_ioctl+0x18e/0x1e2 fs/ioctl.c:892
[<ffffffff80072b1e>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff86242a5a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff86268776>] handle_exception+0x146/0x152 arch/riscv/kernel/entry.S:197

The buggy address belongs to the variable:
 vlan_mrp_app+0x60/0x3e80

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x89c26
flags: 0xffe000000002000(reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000002000 ffff8d8000270988 ffff8d8000270988 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff89a26b80: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
 ffffffff89a26c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89a26c80: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00
                                           ^
 ffffffff89a26d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89a26d80: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00
==================================================================