program:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lc\x00', 0x1, 0x4, 0x8}, 0x2c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x8040)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x1d, &(0x7f00000000c0)={&(0x7f0000000240)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0xffffff68, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0)
r3 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
r4 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x1c, "3ac071ff6d398df0f558125211b40c65fd0000000000001900"}})
r5 = socket$kcm(0xa, 0x2, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETIFINDEX(r6, 0x400454da, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lc\x00', 0x1, 0x4, 0x8}, 0x2c) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x8040) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x1d, &(0x7f00000000c0)={&(0x7f0000000240)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0xffffff68, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0) (async)
syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) (async)
syz_usb_control_io$uac1(r3, 0x0, 0x0) (async)
syz_usb_control_io$printer(r3, 0x0, 0x0) (async)
syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) (async)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x1c, "3ac071ff6d398df0f558125211b40c65fd0000000000001900"}}) (async)
socket$kcm(0xa, 0x2, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
ioctl$TUNSETIFINDEX(r6, 0x400454da, 0x0) (async)
socket$inet_sctp(0x2, 0x1, 0x84) (async)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x10000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) (async)
sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) (async)

[   91.826433][   T47] Bluetooth: hci0: command tx timeout
[   91.832295][  T786] cfg80211: failed to load regulatory.db
[   91.989481][ T5318] IPVS: starting estimator thread 0...
[   92.002560][ T5334] netlink: 56 bytes leftover after parsing attributes in process `syz.0.0'.
[   92.095141][ T5343] IPVS: using max 62 ests per chain, 148800 per kthread
[   92.293170][ T5330] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   92.443238][ T5330] usb 5-1: Using ep0 maxpacket: 16
[   92.452430][ T5330] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   92.456924][ T5330] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.461751][ T5330] usb 5-1: Product: syz
[   92.464223][ T5330] usb 5-1: Manufacturer: syz
[   92.466363][ T5330] usb 5-1: SerialNumber: syz
[   92.472324][ T5330] usb 5-1: config 0 descriptor??
[   92.883358][ T5330] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   92.898165][ T5330] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   92.903914][ T5330] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   92.907233][ T5330] usb 5-1: media controller created
[   92.921412][ T5330] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   93.084903][ T5330] zl10353_read_register: readreg error (reg=127, ret==0)
[   93.089102][ T5330] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   93.092867][ T5330] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   93.453706][ T5335] ------------[ cut here ]------------
[   93.456182][ T5335] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   93.459843][ T5335] WARNING: drivers/usb/core/urb.c:414 at 0x0, CPU#0: syz.0.0/5335
[   93.463566][ T5335] Modules linked in:
[   93.465498][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   93.469407][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.474125][ T5335] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   93.476783][ T5335] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   93.485327][ T5335] RSP: 0018:ffffc9000e8c7560 EFLAGS: 00010246
[   93.488022][ T5335] RAX: 0000000000000000 RBX: ffff888011b86500 RCX: 0000000080000280
[   93.492067][ T5335] RDX: ffff888031af33a0 RSI: ffffffff8c341140 RDI: ffffffff8faedb20
[   93.495864][ T5335] RBP: 1ffff1100b650400 R08: 00000000000000c0 R09: 0000000000000000
[   93.499667][ T5335] R10: ffffc9000e8c7660 R11: fffff52001d18ed8 R12: ffff88803b4db100
[   93.503488][ T5335] R13: ffff88805b282000 R14: 0000000080000280 R15: ffff888031af33a0
[   93.507053][ T5335] FS:  00007f3a9ff596c0(0000) GS:ffff88808d22f000(0000) knlGS:0000000000000000
[   93.511077][ T5335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   93.513982][ T5335] CR2: 00007f3a9ff58fc8 CR3: 0000000043454000 CR4: 0000000000352ef0
[   93.517512][ T5335] Call Trace:
[   93.519052][ T5335]  <TASK>
[   93.520396][ T5335]  ? __init_swait_queue_head+0xa9/0x150
[   93.523066][ T5335]  usb_start_wait_urb+0x115/0x4f0
[   93.525419][ T5335]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   93.527949][ T5335]  usb_control_msg+0x232/0x3e0
[   93.530205][ T5335]  dtv5100_i2c_msg+0x231/0x2f0
[   93.532496][ T5335]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   93.534896][ T5335]  ? __pfx_hlock_conflict+0x10/0x10
[   93.537334][ T5335]  __i2c_transfer+0x871/0x2110
[   93.539627][ T5335]  ? check_noncircular+0xda/0x150
[   93.541727][ T5335]  ? __pfx___i2c_transfer+0x10/0x10
[   93.543958][ T5335]  __i2c_smbus_xfer+0xf80/0x1e40
[   93.546129][ T5335]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   93.548608][ T5335]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   93.551375][ T5335]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.554303][ T5335]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.557165][ T5335]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   93.559451][ T5335]  i2c_smbus_xfer+0x275/0x3c0
[   93.561430][ T5335]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   93.563598][ T5335]  i2cdev_ioctl_smbus+0x3db/0x750
[   93.565729][ T5335]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   93.568316][ T5335]  i2cdev_ioctl+0x5d3/0x820
[   93.570370][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.572554][ T5335]  ? __fget_files+0x2a/0x420
[   93.574767][ T5335]  ? bpf_lsm_file_ioctl+0x9/0x20
[   93.577136][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.579472][ T5335]  __se_sys_ioctl+0xfc/0x170
[   93.581623][ T5335]  do_syscall_64+0xfa/0xf80
[   93.583732][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.586811][ T5335]  ? clear_bhb_loop+0x60/0xb0
[   93.588908][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.591865][ T5335] RIP: 0033:0x7f3a9f18f7c9
[   93.593943][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.602487][ T5335] RSP: 002b:00007f3a9ff59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.606430][ T5335] RAX: ffffffffffffffda RBX: 00007f3a9f3e6090 RCX: 00007f3a9f18f7c9
[   93.609984][ T5335] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000007
[   93.613560][ T5335] RBP: 00007f3a9f213f91 R08: 0000000000000000 R09: 0000000000000000
[   93.617203][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.620870][ T5335] R13: 00007f3a9f3e6128 R14: 00007f3a9f3e6090 R15: 00007ffd12b33e98
[   93.624461][ T5335]  </TASK>
[   93.625880][ T5335] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   93.629053][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   93.633215][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.637889][ T5335] Call Trace:
[   93.639366][ T5335]  <TASK>
[   93.640662][ T5335]  dump_stack_lvl+0x99/0x250
[   93.642756][ T5335]  ? __asan_memcpy+0x40/0x70
[   93.644796][ T5335]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.647131][ T5335]  ? __pfx__printk+0x10/0x10
[   93.649186][ T5335]  vpanic+0x237/0x6d0
[   93.650983][ T5335]  ? __pfx_vpanic+0x10/0x10
[   93.653058][ T5335]  ? is_bpf_text_address+0x292/0x2b0
[   93.655414][ T5335]  ? is_bpf_text_address+0x26/0x2b0
[   93.657767][ T5335]  panic+0xb9/0xc0
[   93.659468][ T5335]  ? __pfx_panic+0x10/0x10
[   93.661469][ T5335]  __warn+0x317/0x4b0
[   93.663219][ T5335]  __report_bug+0x288/0x500
[   93.665258][ T5335]  ? __pfx___report_bug+0x10/0x10
[   93.667486][ T5335]  report_bug_entry+0x16a/0x220
[   93.669766][ T5335]  ? usb_submit_urb+0x111c/0x18d0
[   93.672007][ T5335]  ? usb_submit_urb+0x1121/0x18d0
[   93.674169][ T5335]  handle_bug+0xca/0x200
[   93.675977][ T5335]  exc_invalid_op+0x1a/0x50
[   93.678035][ T5335]  asm_exc_invalid_op+0x1a/0x20
[   93.680193][ T5335] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   93.682622][ T5335] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   93.691365][ T5335] RSP: 0018:ffffc9000e8c7560 EFLAGS: 00010246
[   93.694160][ T5335] RAX: 0000000000000000 RBX: ffff888011b86500 RCX: 0000000080000280
[   93.697662][ T5335] RDX: ffff888031af33a0 RSI: ffffffff8c341140 RDI: ffffffff8faedb20
[   93.701150][ T5335] RBP: 1ffff1100b650400 R08: 00000000000000c0 R09: 0000000000000000
[   93.704644][ T5335] R10: ffffc9000e8c7660 R11: fffff52001d18ed8 R12: ffff88803b4db100
[   93.708056][ T5335] R13: ffff88805b282000 R14: 0000000080000280 R15: ffff888031af33a0
[   93.712286][ T5335]  ? __init_swait_queue_head+0xa9/0x150
[   93.715479][ T5335]  usb_start_wait_urb+0x115/0x4f0
[   93.718271][ T5335]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   93.720951][ T5335]  usb_control_msg+0x232/0x3e0
[   93.723172][ T5335]  dtv5100_i2c_msg+0x231/0x2f0
[   93.725375][ T5335]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   93.727495][ T5335]  ? __pfx_hlock_conflict+0x10/0x10
[   93.729777][ T5335]  __i2c_transfer+0x871/0x2110
[   93.731875][ T5335]  ? check_noncircular+0xda/0x150
[   93.734219][ T5335]  ? __pfx___i2c_transfer+0x10/0x10
[   93.736592][ T5335]  __i2c_smbus_xfer+0xf80/0x1e40
[   93.738865][ T5335]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   93.741310][ T5335]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   93.743904][ T5335]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.746546][ T5335]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.749358][ T5335]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   93.751861][ T5335]  i2c_smbus_xfer+0x275/0x3c0
[   93.753901][ T5335]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   93.756249][ T5335]  i2cdev_ioctl_smbus+0x3db/0x750
[   93.758582][ T5335]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   93.761138][ T5335]  i2cdev_ioctl+0x5d3/0x820
[   93.763273][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.765298][ T5335]  ? __fget_files+0x2a/0x420
[   93.767165][ T5335]  ? bpf_lsm_file_ioctl+0x9/0x20
[   93.769140][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.771215][ T5335]  __se_sys_ioctl+0xfc/0x170
[   93.773158][ T5335]  do_syscall_64+0xfa/0xf80
[   93.775210][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.777992][ T5335]  ? clear_bhb_loop+0x60/0xb0
[   93.780140][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.782689][ T5335] RIP: 0033:0x7f3a9f18f7c9
[   93.784735][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.792910][ T5335] RSP: 002b:00007f3a9ff59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.796791][ T5335] RAX: ffffffffffffffda RBX: 00007f3a9f3e6090 RCX: 00007f3a9f18f7c9
[   93.800340][ T5335] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000007
[   93.803992][ T5335] RBP: 00007f3a9f213f91 R08: 0000000000000000 R09: 0000000000000000
[   93.807511][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.811002][ T5335] R13: 00007f3a9f3e6128 R14: 00007f3a9f3e6090 R15: 00007ffd12b33e98
[   93.814748][ T5335]  </TASK>
[   93.816666][ T5335] Kernel Offset: disabled
[   93.818586][ T5335] Rebooting in 86400 seconds..