audit: type=1400 audit(1713287809.154:106): avc:  denied  { open } for  pid=3957 comm="syz-executor.4" path="/dev/loop4" dev="devtmpfs" ino=319 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
general protection fault: 0000 [#1] PREEMPT SMP KASAN
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
CPU: 0 PID: 4214 Comm: syz-executor.4 Not tainted 5.0.0-syzkaller #0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:sctp_sched_rr_dequeue+0xd3/0x170
Code: 03 80 3c 02 00 0f 85 a6 00 00 00 4d 8b 65 08 e8 f3 5c ec fa 49 8d 7c 24 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 56 4d 8b 64 24 30 48 89 df 49 83 ec 18 4c 89 e6 e8
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RSP: 0018:ffff8881d8e0f0f8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff8881d856f220 RCX: ffffffff867acd8f
RDX: 0000000000000006 RSI: ffffffff8682f96d RDI: 0000000000000030
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
RBP: ffff8881d8e0f110 R08: 000000000003fff0 R09: 0000000000000004
R10: 000000000001fff8 R11: ffff8881d88f8c30 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881d8a10900
FS:  00007fe688fd96c0(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f28d181ac70 CR3: 00000001d891e002 CR4: 00000000003606f0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
 sctp_outq_flush+0xcef/0x24a0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
device veth0_macvtap entered promiscuous mode
device veth1_macvtap entered promiscuous mode
 sctp_outq_uncork+0x6a/0x80
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
 sctp_do_sm+0x14be/0x5f50
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 sctp_assoc_bh_rcv+0x343/0x680
 sctp_inq_push+0x1e7/0x290
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
 sctp_backlog_rcv+0x126/0x450
 __release_sock+0x136/0x3a0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 release_sock+0x59/0x1c0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
 sctp_wait_for_connect+0x305/0x520
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
 sctp_sendmsg_to_asoc+0x1414/0x17d0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
 sctp_sendmsg+0xec2/0x1690
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
 inet_sendmsg+0x142/0x5d0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
 sock_sendmsg+0xd5/0x120
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
 ___sys_sendmsg+0x736/0x910
batman_adv: batadv0: Interface activated: batadv_slave_1
kobject: 'loop5' (00000000da1e7623): kobject_uevent_env
kobject: 'loop5' (00000000da1e7623): fill_kobj_path: path = '/devices/virtual/block/loop5'
 __x64_sys_sendmsg+0x149/0x230
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
 do_syscall_64+0xff/0x190
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fe689c58f69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe688fd90c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fe689d86f80 RCX: 00007fe689c58f69
RDX: 0000000000000000 RSI: 000000002001afc8 RDI: 0000000000000003
RBP: 00007fe689ca54a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fe689d86f80 R15: 00007ffd16d066e8
Modules linked in:
general protection fault: 0000 [#2] PREEMPT SMP KASAN
CPU: 1 PID: 4239 Comm: syz-executor.5 Tainted: G      D           5.0.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:sctp_sched_rr_dequeue+0xd3/0x170
Code: 03 80 3c 02 00 0f 85 a6 00 00 00 4d 8b 65 08 e8 f3 5c ec fa 49 8d 7c 24 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 56 4d 8b 64 24 30 48 89 df 49 83 ec 18 4c 89 e6 e8
audit: type=1400 audit(1713287809.154:107): avc:  denied  { ioctl } for  pid=3957 comm="syz-executor.4" path="/dev/loop4" dev="devtmpfs" ino=319 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
RSP: 0018:ffff8881db0bf0f8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff8881d7888860 RCX: ffffffff867acd8f
RDX: 0000000000000006 RSI: ffffffff8682f96d RDI: 0000000000000030
RBP: ffff8881db0bf110 R08: 000000000003fff0 R09: 0000000000000004
R10: 000000000001fff8 R11: ffff8881db0bf1d8 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881d8132940
FS:  00007fb16eada6c0(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005595c669ab18 CR3: 00000001d81ad006 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 sctp_outq_flush+0xcef/0x24a0
audit: type=1400 audit(1713287809.164:108): avc:  denied  { create } for  pid=4213 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
 sctp_outq_uncork+0x6a/0x80
 sctp_do_sm+0x14be/0x5f50
audit: type=1400 audit(1713287809.164:109): avc:  denied  { bind } for  pid=4213 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
audit: type=1400 audit(1713287809.164:110): avc:  denied  { name_bind } for  pid=4213 comm="syz-executor.4" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
audit: type=1400 audit(1713287809.164:111): avc:  denied  { node_bind } for  pid=4213 comm="syz-executor.4" saddr=127.0.0.1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
 sctp_assoc_bh_rcv+0x343/0x680
 sctp_inq_push+0x1e7/0x290
 sctp_backlog_rcv+0x126/0x450
 __release_sock+0x136/0x3a0
 release_sock+0x59/0x1c0
 sctp_wait_for_connect+0x305/0x520
 sctp_sendmsg_to_asoc+0x1414/0x17d0
audit: type=1400 audit(1713287809.174:112): avc:  denied  { setopt } for  pid=4213 comm="syz-executor.4" laddr=127.0.0.1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
audit: type=1400 audit(1713287809.174:113): avc:  denied  { write } for  pid=4213 comm="syz-executor.4" laddr=127.0.0.1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
 sctp_sendmsg+0xec2/0x1690
---[ end trace e2b6c8be4b2ea467 ]---
 inet_sendmsg+0x142/0x5d0
 sock_sendmsg+0xd5/0x120
 ___sys_sendmsg+0x736/0x910
 __x64_sys_sendmsg+0x149/0x230
 do_syscall_64+0xff/0x190
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb16f759f69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb16eada0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fb16f887f80 RCX: 00007fb16f759f69
RDX: 0000000000000000 RSI: 000000002001afc8 RDI: 0000000000000003
RBP: 00007fb16f7a64a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fb16f887f80 R15: 00007ffee864b098
Modules linked in:
RIP: 0010:sctp_sched_rr_dequeue+0xd3/0x170
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
Code: 03 80 3c 02 00 0f 85 a6 00 00 00 4d 8b 65 08 e8 f3 5c ec fa 49 8d 7c 24 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 56 4d 8b 64 24 30 48 89 df 49 83 ec 18 4c 89 e6 e8
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RSP: 0018:ffff8881d8e0f0f8 EFLAGS: 00010206
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
RAX: dffffc0000000000 RBX: ffff8881d856f220 RCX: ffffffff867acd8f
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RDX: 0000000000000006 RSI: ffffffff8682f96d RDI: 0000000000000030
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
RBP: ffff8881d8e0f110 R08: 000000000003fff0 R09: 0000000000000004
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
R10: 000000000001fff8 R11: ffff8881d88f8c30 R12: 0000000000000000
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881d8a10900
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
FS:  00007fe688fd96c0(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
CR2: 00007f77e2f44440 CR3: 00000001d891e003 CR4: 00000000003606f0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
---[ end trace e2b6c8be4b2ea468 ]---
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
RIP: 0010:sctp_sched_rr_dequeue+0xd3/0x170
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Code: 03 80 3c 02 00 0f 85 a6 00 00 00 4d 8b 65 08 e8 f3 5c ec fa 49 8d 7c 24 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 56 4d 8b 64 24 30 48 89 df 49 83 ec 18 4c 89 e6 e8
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
RSP: 0018:ffff8881d8e0f0f8 EFLAGS: 00010206
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
RAX: dffffc0000000000 RBX: ffff8881d856f220 RCX: ffffffff867acd8f
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
RDX: 0000000000000006 RSI: ffffffff8682f96d RDI: 0000000000000030
----------------
Code disassembly (best guess):
   0:	03 80 3c 02 00 0f    	add    0xf00023c(%rax),%eax
   6:	85 a6 00 00 00 4d    	test   %esp,0x4d000000(%rsi)
   c:	8b 65 08             	mov    0x8(%rbp),%esp
   f:	e8 f3 5c ec fa       	call   0xfaec5d07
  14:	49 8d 7c 24 30       	lea    0x30(%r12),%rdi
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	75 56                	jne    0x86
  30:	4d 8b 64 24 30       	mov    0x30(%r12),%r12
  35:	48 89 df             	mov    %rbx,%rdi
  38:	49 83 ec 18          	sub    $0x18,%r12
  3c:	4c 89 e6             	mov    %r12,%rsi
  3f:	e8                   	.byte 0xe8
