program: socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) socket(0x10, 0x3, 0x0) (async) r3 = socket(0x10, 0x3, 0x0) sendmsg$GTP_CMD_DELPDP(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) socket$nl_route(0x10, 0x3, 0x0) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000c80)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}}}, 0x24}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b000100000000090400fb015c291d00090509"], 0x0) (async) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b000100000000090400fb015c291d00090509"], 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x800) r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x8108551b, &(0x7f0000000300)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae000034aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a9eee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) r8 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={0x1}, 0x4) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={0x1, 0xffffffffffffffff}, 0x4) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0380000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r12], 0x3c}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x22, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}}, @exit, @map_idx={0x18, 0xb, 0x5, 0x0, 0x9}, @call={0x85, 0x0, 0x0, 0x37}, @jmp={0x5, 0x1, 0x9, 0xb, 0x8, 0xfffffffffffffff4, 0xfffffffffffffffc}, @kfunc={0x85, 0x0, 0x2, 0x0, 0xffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r12, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x34}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="2b4300001e000200300012800b00010067656e6576650000200002800800010001000000140007000000000000000005000000000000000108000a00", @ANYRES32=r13, @ANYBLOB], 0x58}}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), r1) (async) r14 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100), r1) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r14, 0x6724631cc3cb83b6, 0xcd, 0x25dfdbfb, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4008808) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r1, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, 0x140a, 0x2, 0x70bd25, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r1, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, 0x140a, 0x2, 0x70bd25, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) [ 68.780296][ T4658] Bluetooth: hci0: command tx timeout [ 68.848371][ T5317] sysfs: cannot create duplicate filename '/module/raw_gadget' [ 68.852274][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 68.852287][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.852294][ T5317] Call Trace: [ 68.852299][ T5317] [ 68.852304][ T5317] dump_stack_lvl+0x189/0x250 [ 68.852431][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.852444][ T5317] ? __pfx__printk+0x10/0x10 [ 68.852453][ T5317] ? kernfs_path_from_node+0x2b/0x260 [ 68.852498][ T5317] ? kernfs_path_from_node+0x2b/0x260 [ 68.852509][ T5317] ? kernfs_path_from_node+0x2b/0x260 [ 68.852522][ T5317] ? kernfs_path_from_node+0x216/0x260 [ 68.852536][ T5317] sysfs_create_dir_ns+0x259/0x280 [ 68.852551][ T5317] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 68.852564][ T5317] ? do_raw_spin_unlock+0x4d/0x240 [ 68.852582][ T5317] kobject_add_internal+0x59f/0xb40 [ 68.852637][ T5317] kobject_init_and_add+0x125/0x190 [ 68.852652][ T5317] ? __pfx_kobject_init_and_add+0x10/0x10 [ 68.852666][ T5317] ? __kasan_kmalloc+0x93/0xb0 [ 68.852678][ T5317] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 68.852689][ T5317] ? lookup_or_create_module_kobject+0x75/0x170 [ 68.852706][ T5317] lookup_or_create_module_kobject+0xe3/0x170 [ 68.852723][ T5317] module_add_driver+0xb9/0x310 [ 68.852738][ T5317] bus_add_driver+0x391/0x640 [ 68.852753][ T5317] driver_register+0x23a/0x320 [ 68.852768][ T5317] usb_gadget_register_driver_owner+0xf9/0x270 [ 68.852787][ T5317] raw_ioctl+0x149a/0x3c90 [ 68.852805][ T5317] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.852821][ T5317] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.852836][ T5317] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 68.852849][ T5317] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 68.852864][ T5317] ? __pfx_raw_ioctl+0x10/0x10 [ 68.852879][ T5317] ? count_memcg_event_mm+0x92/0x3b0 [ 68.852894][ T5317] ? __lock_acquire+0xaac/0xd20 [ 68.852919][ T5317] ? __fget_files+0x2a/0x420 [ 68.852932][ T5317] ? __fget_files+0x3a0/0x420 [ 68.852942][ T5317] ? __fget_files+0x2a/0x420 [ 68.852956][ T5317] ? bpf_lsm_file_ioctl+0x9/0x20 [ 68.852968][ T5317] ? __pfx_raw_ioctl+0x10/0x10 [ 68.852981][ T5317] __se_sys_ioctl+0xf9/0x170 [ 68.852993][ T5317] do_syscall_64+0xf6/0x210 [ 68.853005][ T5317] ? clear_bhb_loop+0x45/0xa0 [ 68.853018][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.853028][ T5317] RIP: 0033:0x7f4da118e56b [ 68.853046][ T5317] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 68.853054][ T5317] RSP: 002b:00007f4da20daf10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.853067][ T5317] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f4da118e56b [ 68.853074][ T5317] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 000000000000000c [ 68.853079][ T5317] RBP: 00007f4da20dbfe0 R08: 0000000000000000 R09: 00302e6364755f79 [ 68.853085][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.853095][ T5317] R13: 00007f4da20dafb0 R14: 0000200000000080 R15: 00007f4da14e0b88 [ 68.853110][ T5317] [ 68.853130][ T5317] kobject: kobject_add_internal failed for raw_gadget with -EEXIST, don't try to register things with the same name in the same directory. [ 69.019296][ T5317] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN NOPTI [ 69.024394][ T5317] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 69.027882][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT(full) [ 69.032735][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.037252][ T5317] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 69.039848][ T5317] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 69.047643][ T5317] RSP: 0018:ffffc9000ff17840 EFLAGS: 00010002 [ 69.050333][ T5317] RAX: dffffc0000000000 RBX: ffffffff8b589807 RCX: c08c2e9b7b398d00 [ 69.053636][ T5317] RDX: 0000000000000000 RSI: ffffffff8b589807 RDI: 0000000000000004 [ 69.056821][ T5317] RBP: ffffffff819b39d8 R08: 0000000000000001 R09: 0000000000000000 [ 69.059845][ T5317] R10: dffffc0000000000 R11: fffffbfff1efdb2f R12: 0000000000000000 [ 69.063169][ T5317] R13: 0000000000000020 R14: 0000000000000020 R15: 0000000000000001 [ 69.066509][ T5317] FS: 00007f4da20dd6c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000 [ 69.070235][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.073565][ T5317] CR2: 00007fff990e3ff8 CR3: 000000003ef26000 CR4: 0000000000352ef0 [ 69.076946][ T5317] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.080095][ T5317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.083262][ T5317] Call Trace: [ 69.084634][ T5317] [ 69.085906][ T5317] __kasan_check_byte+0x12/0x40 [ 69.087974][ T5317] lock_acquire+0x8d/0x360 [ 69.089842][ T5317] ? kobj_kset_leave+0x163/0x190 [ 69.091938][ T5317] _raw_spin_lock_irqsave+0xa7/0xf0 [ 69.094136][ T5317] ? complete+0x28/0x1b0 [ 69.096005][ T5317] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 69.098824][ T5317] ? kobject_init_and_add+0x125/0x190 [ 69.101142][ T5317] complete+0x28/0x1b0 [ 69.102937][ T5317] kobject_put+0x228/0x480 [ 69.104843][ T5317] lookup_or_create_module_kobject+0x150/0x170 [ 69.107466][ T5317] module_add_driver+0xb9/0x310 [ 69.109596][ T5317] bus_add_driver+0x391/0x640 [ 69.111578][ T5317] driver_register+0x23a/0x320 [ 69.113676][ T5317] usb_gadget_register_driver_owner+0xf9/0x270 [ 69.116278][ T5317] raw_ioctl+0x149a/0x3c90 [ 69.118245][ T5317] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 69.120827][ T5317] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 69.123139][ T5317] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 69.125639][ T5317] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 69.128094][ T5317] ? __pfx_raw_ioctl+0x10/0x10 [ 69.130135][ T5317] ? count_memcg_event_mm+0x92/0x3b0 [ 69.132345][ T5317] ? __lock_acquire+0xaac/0xd20 [ 69.134436][ T5317] ? __fget_files+0x2a/0x420 [ 69.136464][ T5317] ? __fget_files+0x3a0/0x420 [ 69.138851][ T5317] ? __fget_files+0x2a/0x420 [ 69.141044][ T5317] ? bpf_lsm_file_ioctl+0x9/0x20 [ 69.143145][ T5317] ? __pfx_raw_ioctl+0x10/0x10 [ 69.145140][ T5317] __se_sys_ioctl+0xf9/0x170 [ 69.147112][ T5317] do_syscall_64+0xf6/0x210 [ 69.149100][ T5317] ? clear_bhb_loop+0x45/0xa0 [ 69.151172][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.153965][ T5317] RIP: 0033:0x7f4da118e56b [ 69.156141][ T5317] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 69.164321][ T5317] RSP: 002b:00007f4da20daf10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.167923][ T5317] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f4da118e56b [ 69.171363][ T5317] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 000000000000000c [ 69.174797][ T5317] RBP: 00007f4da20dbfe0 R08: 0000000000000000 R09: 00302e6364755f79 [ 69.178234][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.181942][ T5317] R13: 00007f4da20dafb0 R14: 0000200000000080 R15: 00007f4da14e0b88 [ 69.185655][ T5317] [ 69.187277][ T5317] Modules linked in: [ 69.189107][ T5317] ---[ end trace 0000000000000000 ]--- [ 69.191518][ T5317] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 69.194154][ T5317] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 69.203507][ T5317] RSP: 0018:ffffc9000ff17840 EFLAGS: 00010002 [ 69.206762][ T5317] RAX: dffffc0000000000 RBX: ffffffff8b589807 RCX: c08c2e9b7b398d00 [ 69.211026][ T5317] RDX: 0000000000000000 RSI: ffffffff8b589807 RDI: 0000000000000004 [ 69.214958][ T5317] RBP: ffffffff819b39d8 R08: 0000000000000001 R09: 0000000000000000 [ 69.218526][ T5317] R10: dffffc0000000000 R11: fffffbfff1efdb2f R12: 0000000000000000 [ 69.221892][ T5317] R13: 0000000000000020 R14: 0000000000000020 R15: 0000000000000001 [ 69.225829][ T5317] FS: 00007f4da20dd6c0(0000) GS:ffff88808d6cb000(0000) knlGS:0000000000000000 [ 69.229805][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.232453][ T5317] CR2: 00007fff990e3ff8 CR3: 000000003ef26000 CR4: 0000000000352ef0 [ 69.236058][ T5317] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.239587][ T5317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.242788][ T5317] Kernel panic - not syncing: Fatal exception [ 69.245765][ T5317] Kernel Offset: disabled [ 69.247686][ T5317] Rebooting in 86400 seconds..