program:
r0 = syz_open_dev$media(&(0x7f0000000040), 0x6, 0x100)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000000c00)={0x0, 0x6, 0x0, &(0x7f00000008c0)=[{}, {}, {}, {}, {}, {}], 0x0, 0x0, &(0x7f00000000c0), 0x5, 0x0, &(0x7f0000000300)=[{}, {}, {}, {}, {}], 0x0, 0x0, &(0x7f0000000b00)}) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000004c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="08000900ed9ff55a7e59"], 0x9)
syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb000000010902"], 0x0) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'veth0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@getqdisc={0x28, 0x26, 0x300, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xf, 0x8}, {0xfff1, 0xfff1}, {0xa, 0xe}}, [{0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x51}, 0x8000) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0) (async)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x705, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xfff1}, {0x10, 0x8}, {0x4, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c88b}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040))
r9 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$RNDGETENTCNT(r9, 0xc0045878, 0x0)
r10 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xd7, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0x10, 0x2c, [{{0x9, 0x4, 0x0, 0xd, 0x1, 0x7, 0x1, 0x2, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x0, 0x9, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x20, 0xff, 0xf9, 0x8}}]}}}]}}]}}, &(0x7f0000000140)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x300, 0xf3, 0x6, 0x5, 0x10, 0x5}, 0x8, &(0x7f0000000100)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x1, [{0x4b, &(0x7f00000001c0)=@string={0x4b, 0x3, "9594d7d9329fdb872bb623bc5db2d541c659592b86b449509b6e593a3b432376a9f08d54b835e06104cf80dbb1836f745d2d9ef4c78713df2c1c3d1252c127bfabb04ebb75e7f1e09f"}}]})
syz_usb_control_io(r10, &(0x7f0000000400)={0x2c, &(0x7f0000000240)={0x40, 0x10, 0x27, {0x27, 0x23, "48d645d7bd9f57318e7f08adad8bcbf4dbf8c4445e3495a4703c10885924effd23a52e1456"}}, &(0x7f0000000280)={0x0, 0x3, 0x95, @string={0x95, 0x3, "2dff996fbc9251f26d8cec983177848ec9da41c6964d1a1cc41148014d618d17d2349a201de251950d7f19ed2d49dfd9f12091171e6cdbd216d8257427d99346052f4ce0099f6d9cc1283cc90b4771dd3a8afc1bd709eab5e367dd883a0f316ae8dfea5856bf6e74aa9a3e87c7af395bcc1180f89f9cf8bb7b8a924bab28923573410263e4214f8ca6b7d4c5354d0e41e131fa"}}, &(0x7f0000000340)={0x0, 0xf, 0x1f, {0x5, 0xf, 0x1f, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x9, 0x20, 0x81, 0x1}, @ssp_cap={0x10, 0x10, 0xa, 0x81, 0x1, 0x3, 0x0, 0x6, [0x18000]}]}}, &(0x7f0000000380)={0x20, 0x29, 0xf, {0xf, 0x29, 0xc, 0x0, 0x16, 0x7, "c50b3c31", "3f24f082"}}, &(0x7f00000003c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x2, 0x9, 0xa, 0x7b, 0x4, 0xc0b6}}}, &(0x7f0000000880)={0x84, &(0x7f0000000440)={0x40, 0x17, 0x5b, "9baff448b122fefe272c0e6a3413745b110a0e29b0fc17b1f5fd4372b263bafa5ba7d09f0532a1e7e6ba40146984c5fbe2d824222ca8ae8d3c13cec6c7e260b8cd811208e08487f3c55ddc299a56d6e77459b0b919c2a99cc289a0"}, &(0x7f0000000580)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0xfd}, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x1, 0x4}}, &(0x7f0000000640)={0x20, 0x0, 0x8, {0x60, 0x20, [0xf]}}, &(0x7f00000005c0)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000600)={0x40, 0x9, 0x1, 0xb}, &(0x7f0000000940)={0x40, 0xb, 0x2, "73c5"}, &(0x7f0000000680)={0x40, 0xf, 0x2, 0x2}, &(0x7f00000006c0)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000700)={0x40, 0x17, 0x6, @local}, &(0x7f0000000740)={0x40, 0x19, 0x2, "d2f7"}, &(0x7f0000000780)={0x40, 0x1a, 0x2, 0x1}, &(0x7f00000007c0)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000800)={0x40, 0x1e, 0x1, 0x3}, &(0x7f0000000840)={0x40, 0x21, 0x1, 0xd}})
r11 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041)
ioctl$USBDEVFS_FREE_STREAMS(r11, 0x8008551d, &(0x7f0000000000)={0x8ee, 0x1, [{0x0, 0x1}]})

[   75.329916][ T5301] Bluetooth: hci0: command tx timeout
[   75.419910][ T5317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.423731][ T5317] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.440530][ T5316] sysfs: cannot create duplicate filename '/module/raw_gadget'
[   75.443852][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[   75.443865][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.443871][ T5316] Call Trace:
[   75.443875][ T5316]  <TASK>
[   75.443880][ T5316]  dump_stack_lvl+0x189/0x250
[   75.443995][ T5316]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.444009][ T5316]  ? __pfx__printk+0x10/0x10
[   75.444019][ T5316]  ? kernfs_path_from_node+0x2b/0x260
[   75.444061][ T5316]  ? kernfs_path_from_node+0x2b/0x260
[   75.444073][ T5316]  ? kernfs_path_from_node+0x2b/0x260
[   75.444082][ T5316]  ? kernfs_path_from_node+0x216/0x260
[   75.444091][ T5316]  sysfs_create_dir_ns+0x259/0x280
[   75.444101][ T5316]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   75.444110][ T5316]  ? do_raw_spin_unlock+0x4d/0x240
[   75.444123][ T5316]  kobject_add_internal+0x59f/0xb40
[   75.444176][ T5316]  kobject_init_and_add+0x125/0x190
[   75.444190][ T5316]  ? __pfx_kobject_init_and_add+0x10/0x10
[   75.444204][ T5316]  ? __kasan_kmalloc+0x93/0xb0
[   75.444216][ T5316]  ? __kmalloc_cache_noprof+0x230/0x3d0
[   75.444229][ T5316]  ? lookup_or_create_module_kobject+0x75/0x170
[   75.444248][ T5316]  lookup_or_create_module_kobject+0xe3/0x170
[   75.444265][ T5316]  module_add_driver+0xb9/0x310
[   75.444282][ T5316]  bus_add_driver+0x391/0x640
[   75.444297][ T5316]  driver_register+0x23a/0x320
[   75.444311][ T5316]  usb_gadget_register_driver_owner+0xf9/0x270
[   75.444328][ T5316]  raw_ioctl+0x149a/0x3c90
[   75.444343][ T5316]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.444360][ T5316]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.444374][ T5316]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[   75.444388][ T5316]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.444402][ T5316]  ? __pfx_raw_ioctl+0x10/0x10
[   75.444418][ T5316]  ? count_memcg_event_mm+0x92/0x3b0
[   75.444432][ T5316]  ? __lock_acquire+0xaac/0xd20
[   75.444456][ T5316]  ? __fget_files+0x2a/0x420
[   75.444471][ T5316]  ? __fget_files+0x3a0/0x420
[   75.444482][ T5316]  ? __fget_files+0x2a/0x420
[   75.444494][ T5316]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.444508][ T5316]  ? __pfx_raw_ioctl+0x10/0x10
[   75.444519][ T5316]  __se_sys_ioctl+0xf9/0x170
[   75.444530][ T5316]  do_syscall_64+0xf6/0x210
[   75.444543][ T5316]  ? clear_bhb_loop+0x45/0xa0
[   75.444556][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.444566][ T5316] RIP: 0033:0x7fb20858e56b
[   75.444577][ T5316] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   75.444586][ T5316] RSP: 002b:00007fb209310f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.444598][ T5316] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00007fb20858e56b
[   75.444605][ T5316] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 000000000000000a
[   75.444610][ T5316] RBP: 00007fb209311fe0 R08: 0000000000000000 R09: 00302e6364755f79
[   75.444617][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.444623][ T5316] R13: 00007fb209310fb0 R14: 00002000000000c0 R15: 00007fb2088e0320
[   75.444638][ T5316]  </TASK>
[   75.444659][ T5316] kobject: kobject_add_internal failed for raw_gadget with -EEXIST, don't try to register things with the same name in the same directory.
[   75.593771][ T5316] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN NOPTI
[   75.598872][ T5316] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[   75.602261][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) 
[   75.606952][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.611377][ T5316] RIP: 0010:kasan_byte_accessible+0x12/0x30
[   75.613842][ T5316] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[   75.622053][ T5316] RSP: 0018:ffffc9000d587840 EFLAGS: 00010002
[   75.624618][ T5316] RAX: dffffc0000000000 RBX: ffffffff8b589807 RCX: 1f951b26b631f800
[   75.627903][ T5316] RDX: 0000000000000000 RSI: ffffffff8b589807 RDI: 0000000000000004
[   75.630922][ T5316] RBP: ffffffff819b39d8 R08: 0000000000000001 R09: 0000000000000000
[   75.634187][ T5316] R10: dffffc0000000000 R11: fffffbfff1efdb2f R12: 0000000000000000
[   75.637104][ T5316] R13: 0000000000000020 R14: 0000000000000020 R15: 0000000000000001
[   75.640261][ T5316] FS:  00007fb2093136c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000
[   75.643928][ T5316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.646695][ T5316] CR2: 00007fb2049f3fe0 CR3: 0000000035c77000 CR4: 0000000000352ef0
[   75.649971][ T5316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   75.653284][ T5316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   75.656768][ T5316] Call Trace:
[   75.658338][ T5316]  <TASK>
[   75.659585][ T5316]  __kasan_check_byte+0x12/0x40
[   75.661670][ T5316]  lock_acquire+0x8d/0x360
[   75.663673][ T5316]  ? kobj_kset_leave+0x163/0x190
[   75.665676][ T5316]  _raw_spin_lock_irqsave+0xa7/0xf0
[   75.667853][ T5316]  ? complete+0x28/0x1b0
[   75.669664][ T5316]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   75.672205][ T5316]  ? kobject_init_and_add+0x125/0x190
[   75.674521][ T5316]  complete+0x28/0x1b0
[   75.676267][ T5316]  kobject_put+0x228/0x480
[   75.678166][ T5316]  lookup_or_create_module_kobject+0x150/0x170
[   75.680710][ T5316]  module_add_driver+0xb9/0x310
[   75.682867][ T5316]  bus_add_driver+0x391/0x640
[   75.684851][ T5316]  driver_register+0x23a/0x320
[   75.686990][ T5316]  usb_gadget_register_driver_owner+0xf9/0x270
[   75.689695][ T5316]  raw_ioctl+0x149a/0x3c90
[   75.691575][ T5316]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.693893][ T5316]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.696243][ T5316]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[   75.698566][ T5316]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   75.700867][ T5316]  ? __pfx_raw_ioctl+0x10/0x10
[   75.702929][ T5316]  ? count_memcg_event_mm+0x92/0x3b0
[   75.705153][ T5316]  ? __lock_acquire+0xaac/0xd20
[   75.707191][ T5316]  ? __fget_files+0x2a/0x420
[   75.709067][ T5316]  ? __fget_files+0x3a0/0x420
[   75.711063][ T5316]  ? __fget_files+0x2a/0x420
[   75.712939][ T5316]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.714943][ T5316]  ? __pfx_raw_ioctl+0x10/0x10
[   75.716938][ T5316]  __se_sys_ioctl+0xf9/0x170
[   75.718860][ T5316]  do_syscall_64+0xf6/0x210
[   75.720770][ T5316]  ? clear_bhb_loop+0x45/0xa0
[   75.722791][ T5316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.725241][ T5316] RIP: 0033:0x7fb20858e56b
[   75.727164][ T5316] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   75.735021][ T5316] RSP: 002b:00007fb209310f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.738616][ T5316] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00007fb20858e56b
[   75.741927][ T5316] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 000000000000000a
[   75.745171][ T5316] RBP: 00007fb209311fe0 R08: 0000000000000000 R09: 00302e6364755f79
[   75.748699][ T5316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.752134][ T5316] R13: 00007fb209310fb0 R14: 00002000000000c0 R15: 00007fb2088e0320
[   75.755368][ T5316]  </TASK>
[   75.756681][ T5316] Modules linked in:
[   75.758287][ T5316] ---[ end trace 0000000000000000 ]---
[   75.760588][ T5316] RIP: 0010:kasan_byte_accessible+0x12/0x30
[   75.762940][ T5316] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e
[   75.770585][ T5316] RSP: 0018:ffffc9000d587840 EFLAGS: 00010002
[   75.773065][ T5316] RAX: dffffc0000000000 RBX: ffffffff8b589807 RCX: 1f951b26b631f800
[   75.777146][ T5316] RDX: 0000000000000000 RSI: ffffffff8b589807 RDI: 0000000000000004
[   75.780622][ T5316] RBP: ffffffff819b39d8 R08: 0000000000000001 R09: 0000000000000000
[   75.783782][ T5316] R10: dffffc0000000000 R11: fffffbfff1efdb2f R12: 0000000000000000
[   75.786875][ T5316] R13: 0000000000000020 R14: 0000000000000020 R15: 0000000000000001
[   75.790169][ T5316] FS:  00007fb2093136c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000
[   75.794048][ T5316] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.796922][ T5316] CR2: 00007fb2049f3fe0 CR3: 0000000035c77000 CR4: 0000000000352ef0
[   75.800237][ T5316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   75.803450][ T5316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   75.806650][ T5316] Kernel panic - not syncing: Fatal exception
[   75.809537][ T5316] Kernel Offset: disabled
[   75.811361][ T5316] Rebooting in 86400 seconds..