program: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket(0x2a, 0x2, 0x0) (async) r1 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000010c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_PERTURB={0x8, 0xc, 0x9}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x8c30}]}}]}, 0x4c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202"], 0x0) (async) r4 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202"], 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000200)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$autofs(0xffffffffffffff9c, &(0x7f00000009c0), 0x4000, 0x0) (async) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000009c0), 0x4000, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f0000000a00)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r4) r7 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYRESOCT=r6], 0x0) syz_usb_disconnect(r7) (async) syz_usb_disconnect(r7) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000980)={@loopback, 0x38, r2}) syz_usb_control_io(r4, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="20236b0000006b0bd81244fa4bf315d6aecc5175ba4327cf9333504f1c31aa515d2f6e003cc85d403adfea6f10c46e07e0dd5b8ce31c5144fb299d52d678304817aa473ecd4b62b4f7670a283ee692d889156905f3d68101a8cfd8d28bd0bc06177a806aa0fee3678e04c2988b4b17cfc7"], &(0x7f00000002c0)={0x0, 0x3, 0xd6, @string={0xd6, 0x3, "a4bafe08bc0607575f8949cb545de03b1ed7d43ce2f96a5341bb33555b86236fd585012e83a74a52d4b8646a7dfbf31385f83b5b53b09b4bb1f37bb274d2f520d23efa844fc515dc4a5a877b9c6446241d60ae13bdf129bcd07c3cb5a7b3942592a2df76a1431f38f12592f806d37d9055ae7dc67c6ffddd5505c0dc284a11cd6a3e605e1aae1a9c2c3285675e512b2aa89182ea1870cc5c5845a6839168f3bcee8564e51f30c47acd7eaf4dee9c231e7d5666837550d74d594d740f5478a6b43be6e722fab5bc7586db4323944016904176b2ea"}}, &(0x7f0000000140)={0x0, 0xf, 0x62, {0x5, 0xf, 0x62, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x26, 0x8, 0xa, 0x8f3e}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "f65d8fd09941d5417db5b927196a3c58"}, @wireless={0xb, 0x10, 0x1, 0x8, 0xc, 0x1, 0x4, 0x2, 0x40}, @ssp_cap={0x1c, 0x10, 0xa, 0xc, 0x4, 0x7, 0xf00, 0x3, [0x30, 0xc000, 0xff00, 0x7ec0]}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0xc, 0x5, 0x2}, @ss_container_id={0x14, 0x10, 0x4, 0xf1, "9948f3a9c83f4748c074792d2b1e655e"}]}}, &(0x7f0000000040)={0x20, 0x29, 0xf, {0xf, 0x29, 0xfc, 0x2, 0x40, 0xb, "03dc0c7a", "91970bd2"}}, &(0x7f00000001c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x0, 0x6, 0x4, 0x0, 0x6, 0x8}}}, &(0x7f00000008c0)={0x84, &(0x7f0000000400)={0x20, 0x0, 0xad, "08519ab085959783a64d58a94c28bf5e4deb6fd34fd1f186e4685a518d7ca51a78d0b45adb420c3d8eedcf9cba6f1655c78da510594417a34eb240a10ce9ffa7eaabc5fe6c52d14d2e1fe5b3e83ce2e799d2d755db203d0db3e0a62ae2388ff945305bbd300ebaec2966583039eca2c9cf9db1e28b5aff558c8ce2b5618055aaf1cc2839d7159f56e08cf27ffd7e34e0e81dcf55881295b69f1336a44b1d06f01d888796471500d46e4396293f"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000000580)={0x20, 0x0, 0x4, {0x140, 0x10}}, &(0x7f0000000600)={0x40, 0x7, 0x2, 0x9b}, &(0x7f0000000640)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000680)={0x40, 0xb, 0x2, "1db9"}, &(0x7f00000006c0)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000700)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, &(0x7f0000000740)={0x40, 0x17, 0x6, @local}, &(0x7f0000000780)={0x40, 0x19, 0x2, "fe65"}, &(0x7f00000007c0)={0x40, 0x1a, 0x2, 0xc4c}, &(0x7f0000000800)={0x40, 0x1c, 0x1, 0x5}, &(0x7f0000000840)={0x40, 0x1e, 0x1, 0x48}, &(0x7f0000000880)={0x40, 0x21, 0x1, 0x4}}) [ 68.491141][ T5297] Bluetooth: hci0: command tx timeout [ 68.587784][ T5312] Zero length message leads to an empty skb [ 68.609926][ T5312] sysfs: cannot create duplicate filename '/module/raw_gadget' [ 68.613286][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 68.613302][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.613308][ T5312] Call Trace: [ 68.613313][ T5312] [ 68.613318][ T5312] dump_stack_lvl+0x189/0x250 [ 68.613427][ T5312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.613441][ T5312] ? __pfx__printk+0x10/0x10 [ 68.613451][ T5312] ? kernfs_path_from_node+0x2b/0x260 [ 68.613491][ T5312] ? kernfs_path_from_node+0x2b/0x260 [ 68.613502][ T5312] ? kernfs_path_from_node+0x2b/0x260 [ 68.613531][ T5312] ? kernfs_path_from_node+0x216/0x260 [ 68.613546][ T5312] sysfs_create_dir_ns+0x259/0x280 [ 68.613561][ T5312] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 68.613579][ T5312] ? do_raw_spin_unlock+0x4d/0x240 [ 68.613594][ T5312] kobject_add_internal+0x59f/0xb40 [ 68.613643][ T5312] kobject_init_and_add+0x125/0x190 [ 68.613658][ T5312] ? __pfx_kobject_init_and_add+0x10/0x10 [ 68.613671][ T5312] ? __kasan_kmalloc+0x22/0xb0 [ 68.613684][ T5312] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 68.613696][ T5312] ? lookup_or_create_module_kobject+0x75/0x170 [ 68.613708][ T5312] lookup_or_create_module_kobject+0xe3/0x170 [ 68.613720][ T5312] module_add_driver+0xb9/0x310 [ 68.613735][ T5312] bus_add_driver+0x391/0x640 [ 68.613748][ T5312] driver_register+0x23a/0x320 [ 68.613762][ T5312] usb_gadget_register_driver_owner+0xf9/0x270 [ 68.613781][ T5312] raw_ioctl+0x149a/0x3c90 [ 68.613797][ T5312] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.613814][ T5312] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.613828][ T5312] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 68.613842][ T5312] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.613857][ T5312] ? __pfx_raw_ioctl+0x10/0x10 [ 68.613872][ T5312] ? count_memcg_event_mm+0x92/0x3b0 [ 68.613888][ T5312] ? __lock_acquire+0xaac/0xd20 [ 68.613910][ T5312] ? __fget_files+0x2a/0x420 [ 68.613925][ T5312] ? __fget_files+0x3a0/0x420 [ 68.613936][ T5312] ? __fget_files+0x2a/0x420 [ 68.613948][ T5312] ? bpf_lsm_file_ioctl+0x9/0x20 [ 68.613961][ T5312] ? __pfx_raw_ioctl+0x10/0x10 [ 68.613973][ T5312] __se_sys_ioctl+0xf9/0x170 [ 68.613985][ T5312] do_syscall_64+0xf6/0x210 [ 68.613998][ T5312] ? clear_bhb_loop+0x45/0xa0 [ 68.614012][ T5312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.614021][ T5312] RIP: 0033:0x7effbbf8e56b [ 68.614030][ T5312] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 68.614038][ T5312] RSP: 002b:00007effbcdb6f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.614049][ T5312] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007effbbf8e56b [ 68.614056][ T5312] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000008 [ 68.614061][ T5312] RBP: 00007effbcdb7fe0 R08: 0000000000000000 R09: 00302e6364755f79 [ 68.614067][ T5312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.614073][ T5312] R13: 00007effbcdb6fb0 R14: 0000200000000080 R15: 00007effbc2e0b88 [ 68.614089][ T5312] [ 68.754443][ T5312] kobject: kobject_add_internal failed for raw_gadget with -EEXIST, don't try to register things with the same name in the same directory. [ 68.760527][ T5312] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN NOPTI [ 68.765403][ T5312] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 68.769034][ T5312] CPU: 0 UID: 0 PID: 5312 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00032-g0d8d44db295c #0 PREEMPT(full) [ 68.774082][ T5312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.778785][ T5312] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 68.781432][ T5312] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 68.789655][ T5312] RSP: 0018:ffffc9000d447840 EFLAGS: 00010002 [ 68.792261][ T5312] RAX: dffffc0000000000 RBX: ffffffff8b58a807 RCX: 32f99c79167f1200 [ 68.795738][ T5312] RDX: 0000000000000000 RSI: ffffffff8b58a807 RDI: 0000000000000004 [ 68.799105][ T5312] RBP: ffffffff819b49d8 R08: 0000000000000001 R09: 0000000000000000 [ 68.802431][ T5312] R10: dffffc0000000000 R11: fffffbfff1efdb2f R12: 0000000000000000 [ 68.805869][ T5312] R13: 0000000000000020 R14: 0000000000000020 R15: 0000000000000001 [ 68.809223][ T5312] FS: 00007effbcdb96c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000 [ 68.813023][ T5312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.815888][ T5312] CR2: 0000556f9d0ae008 CR3: 0000000043c6c000 CR4: 0000000000352ef0 [ 68.819251][ T5312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.822662][ T5312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.826009][ T5312] Call Trace: [ 68.827444][ T5312] [ 68.828746][ T5312] __kasan_check_byte+0x12/0x40 [ 68.830718][ T5312] lock_acquire+0x8d/0x360 [ 68.832679][ T5312] ? kobj_kset_leave+0x163/0x190 [ 68.834834][ T5312] _raw_spin_lock_irqsave+0xa7/0xf0 [ 68.837094][ T5312] ? complete+0x28/0x1b0 [ 68.838986][ T5312] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 68.841562][ T5312] ? kobject_init_and_add+0x125/0x190 [ 68.843870][ T5312] complete+0x28/0x1b0 [ 68.845665][ T5312] kobject_put+0x228/0x480 [ 68.847590][ T5312] lookup_or_create_module_kobject+0x150/0x170 [ 68.850196][ T5312] module_add_driver+0xb9/0x310 [ 68.852354][ T5312] bus_add_driver+0x391/0x640 [ 68.854472][ T5312] driver_register+0x23a/0x320 [ 68.856515][ T5312] usb_gadget_register_driver_owner+0xf9/0x270 [ 68.859120][ T5312] raw_ioctl+0x149a/0x3c90 [ 68.861003][ T5312] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.863406][ T5312] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.865885][ T5312] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 68.868276][ T5312] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.870637][ T5312] ? __pfx_raw_ioctl+0x10/0x10 [ 68.872766][ T5312] ? count_memcg_event_mm+0x92/0x3b0 [ 68.875032][ T5312] ? __lock_acquire+0xaac/0xd20 [ 68.877195][ T5312] ? __fget_files+0x2a/0x420 [ 68.879153][ T5312] ? __fget_files+0x3a0/0x420 [ 68.881193][ T5312] ? __fget_files+0x2a/0x420 [ 68.883184][ T5312] ? bpf_lsm_file_ioctl+0x9/0x20 [ 68.885346][ T5312] ? __pfx_raw_ioctl+0x10/0x10 [ 68.887412][ T5312] __se_sys_ioctl+0xf9/0x170 [ 68.889406][ T5312] do_syscall_64+0xf6/0x210 [ 68.891448][ T5312] ? clear_bhb_loop+0x45/0xa0 [ 68.893529][ T5312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.896095][ T5312] RIP: 0033:0x7effbbf8e56b [ 68.898082][ T5312] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 68.906117][ T5312] RSP: 002b:00007effbcdb6f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.909650][ T5312] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007effbbf8e56b [ 68.913100][ T5312] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000008 [ 68.916452][ T5312] RBP: 00007effbcdb7fe0 R08: 0000000000000000 R09: 00302e6364755f79 [ 68.919852][ T5312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.923261][ T5312] R13: 00007effbcdb6fb0 R14: 0000200000000080 R15: 00007effbc2e0b88 [ 68.926712][ T5312] [ 68.928109][ T5312] Modules linked in: [ 68.929832][ T5312] ---[ end trace 0000000000000000 ]--- [ 68.932297][ T5312] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 68.934889][ T5312] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 68.943159][ T5312] RSP: 0018:ffffc9000d447840 EFLAGS: 00010002 [ 68.945835][ T5312] RAX: dffffc0000000000 RBX: ffffffff8b58a807 RCX: 32f99c79167f1200 [ 68.949093][ T5312] RDX: 0000000000000000 RSI: ffffffff8b58a807 RDI: 0000000000000004 [ 68.952545][ T5312] RBP: ffffffff819b49d8 R08: 0000000000000001 R09: 0000000000000000 [ 68.955904][ T5312] R10: dffffc0000000000 R11: fffffbfff1efdb2f R12: 0000000000000000 [ 68.959232][ T5312] R13: 0000000000000020 R14: 0000000000000020 R15: 0000000000000001 [ 68.962562][ T5312] FS: 00007effbcdb96c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000 [ 68.966394][ T5312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.969176][ T5312] CR2: 0000556f9d0ae008 CR3: 0000000043c6c000 CR4: 0000000000352ef0 [ 68.972560][ T5312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.975926][ T5312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.979082][ T5312] Kernel panic - not syncing: Fatal exception [ 68.981791][ T5312] Kernel Offset: disabled [ 68.983513][ T5312] Rebooting in 86400 seconds..