==================================================================
BUG: KASAN: global-out-of-bounds in memcmp+0x2a/0x6c lib/string.c:692
Read of size 1 at addr ffffffff85e0a820 by task syz-executor.0/13089

CPU: 0 PID: 13089 Comm: syz-executor.0 Not tainted 6.5.0-rc1-syzkaller-00004-gab2dbc7acced #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000b676>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:121
[<ffffffff8354dfce>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:127
[<ffffffff8358db96>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff8358db96>] dump_stack_lvl+0xe8/0x154 lib/dump_stack.c:106
[<ffffffff83555144>] print_address_description mm/kasan/report.c:364 [inline]
[<ffffffff83555144>] print_report+0x1e4/0x4f4 mm/kasan/report.c:475
[<ffffffff8055caae>] kasan_report+0xf0/0x1b8 mm/kasan/report.c:588
[<ffffffff8055d91e>] check_region_inline mm/kasan/generic.c:181 [inline]
[<ffffffff8055d91e>] __asan_load1+0x68/0x80 mm/kasan/generic.c:257
[<ffffffff835349ba>] memcmp+0x2a/0x6c lib/string.c:692
[<ffffffff82a4ffec>] __hw_addr_add_ex+0xce/0x3f6 net/core/dev_addr_lists.c:88
[<ffffffff82a51f72>] __dev_mc_add net/core/dev_addr_lists.c:867 [inline]
[<ffffffff82a51f72>] dev_mc_add+0x7c/0xc4 net/core/dev_addr_lists.c:885
[<ffffffff82b3b0e8>] mrp_init_applicant+0xc4/0x3c0 net/802/mrp.c:872
[<ffffffff83284104>] vlan_mvrp_init_applicant+0x26/0x30 net/8021q/vlan_mvrp.c:57
[<ffffffff8327e0d6>] register_vlan_dev+0x142/0x59c net/8021q/vlan.c:170
[<ffffffff83283174>] vlan_newlink+0x2a6/0x34c net/8021q/vlan_netlink.c:191
[<ffffffff82a80f56>] rtnl_newlink_create net/core/rtnetlink.c:3472 [inline]
[<ffffffff82a80f56>] __rtnl_newlink+0xc58/0xff6 net/core/rtnetlink.c:3689
[<ffffffff82a81354>] rtnl_newlink+0x60/0x8c net/core/rtnetlink.c:3702
[<ffffffff82a7570c>] rtnetlink_rcv_msg+0x34c/0xb10 net/core/rtnetlink.c:6424
[<ffffffff82c5d950>] netlink_rcv_skb+0xfc/0x2ac net/netlink/af_netlink.c:2549
[<ffffffff82a6c4ac>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:6442
[<ffffffff82c5c19a>] netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
[<ffffffff82c5c19a>] netlink_unicast+0x40a/0x68a net/netlink/af_netlink.c:1365
[<ffffffff82c5c92c>] netlink_sendmsg+0x512/0x9da net/netlink/af_netlink.c:1914
[<ffffffff829cdf16>] sock_sendmsg_nosec net/socket.c:725 [inline]
[<ffffffff829cdf16>] sock_sendmsg+0xa0/0xf2 net/socket.c:748
[<ffffffff829ce6de>] ____sys_sendmsg+0x49c/0x54c net/socket.c:2494
[<ffffffff829d5890>] ___sys_sendmsg+0x140/0x1d4 net/socket.c:2548
[<ffffffff829d5b14>] __sys_sendmsg+0x130/0x1da net/socket.c:2577
[<ffffffff829d5bea>] __do_sys_sendmsg net/socket.c:2586 [inline]
[<ffffffff829d5bea>] sys_sendmsg+0x2c/0x3a net/socket.c:2584
[<ffffffff8000a670>] syscall_handler+0xfa/0x148 arch/riscv/include/asm/syscall.h:90
[<ffffffff8358ef58>] do_trap_ecall_u+0x96/0x98 arch/riscv/kernel/traps.c:310
[<ffffffff80005b28>] ret_from_exception+0x0/0x64 arch/riscv/kernel/entry.S:102

The buggy address belongs to the variable:
 vlan_mrp_app+0x60/0x2060

The buggy address belongs to the physical page:
page:ff1c000002180280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8600a
flags: 0xffe000000001000(reserved|node=0|zone=0|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 0ffe000000001000 ff1c000002180288 ff1c000002180288 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffffffff85e0a700: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
 ffffffff85e0a780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff85e0a800: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
                               ^
 ffffffff85e0a880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff85e0a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================