program:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="0000000000000000500eefaa50f1fe76ab40f66f7eea00000073013100000000009500"/46], &(0x7f0000000240)='GPL\x00', 0x4}, 0x94)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x14)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
ioctl$sock_SIOCSIFBR(r3, 0x8941, &(0x7f0000000000)=@generic={0x1, 0x8000000000000001})
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f0000000140)={0x6, 'bond_slave_1\x00', {0x8}, 0x3154})
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000003340)={0xffffffffffffffff, 0x200}, 0xc)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000003480)={'gretap0\x00', &(0x7f0000003380)={'syztnl1\x00', <r5=>r1, 0x10, 0x8000, 0x5, 0x3, {{0x2f, 0x4, 0x0, 0x2f, 0xbc, 0x64, 0x0, 0x2, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x19}, @local, {[@generic={0x83, 0xe, "2caa7b67948eb294e37a695d"}, @rr={0x7, 0x17, 0xf7, [@rand_addr=0x64010100, @local, @remote, @remote, @remote]}, @noop, @noop, @cipso={0x86, 0x4f, 0x0, [{0x6, 0xd, "6772943c020e4ce1907f97"}, {0x7, 0xa, "181f7c5442578a3a"}, {0x7, 0x6, "6632013d"}, {0x6, 0x12, "995944f4dc20b6be2f854b05f5c08347"}, {0x6, 0x8, "38905af966a5"}, {0x0, 0x6, "8b9d3f04"}, {0x5, 0xc, "52cc662315e7c22e845a"}]}, @rr={0x7, 0x23, 0xe7, [@multicast1, @private=0xa010102, @broadcast, @multicast2, @empty, @rand_addr=0x64010101, @loopback, @empty]}, @timestamp={0x44, 0x8, 0x56, 0x0, 0x9, [0x85]}, @ra={0x94, 0x4}]}}}}})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000500)='./file1\x00', 0x105042, 0xff)
fstat(r6, &(0x7f0000000000))
r7 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r7, 0x0, 0x0)
syz_usb_control_io$printer(r7, 0x0, 0x0)
r8 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_control_io$hid(r7, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r8, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000000)={0x1c, "3ac071ffbc4c9a216d398df0f558125211b40d6539c50000000000001800000001"}})
bpf$MAP_CREATE(0x0, &(0x7f00000034c0)=ANY=[@ANYBLOB="1e0000000e000000800000002500000080280000", @ANYRES32=r4, @ANYBLOB="018000"/20, @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="0400000000000000050000000300"/28], 0x50)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'macvlan0\x00', <r10=>0x0})
getsockopt$netrom_NETROM_T4(r6, 0x103, 0x6, &(0x7f0000003540), &(0x7f0000003580)=0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r11=>0x0})
r12 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r12, 0x8028640c, &(0x7f0000000000)={0xc000003, 0xf, &(0x7f0000000180)=[0x138d, 0x9, 0xf909, 0x899d, 0x80, 0x98a, 0x7, 0x1010, 0xfffffe01, 0x1, 0x4, 0x2, 0x6, 0x4, 0x0], 0x1, 0x4000007})
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x48, 0x10, 0x401, 0xd605, 0x2, {0x0, 0x0, 0x0, 0x0, 0x1a21}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r10}, @IFLA_HSR_SLAVE2={0x8, 0x2, r11}]}}}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x48}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0x1, 0x58, &(0x7f00000001c0)}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg1\x00'})
r13 = socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r13)
sendmsg$NL80211_CMD_FRAME(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000400)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="01000000000000000000020000000c00990001000000040000000800260080090000f33c15fcc35e3638d7153ee98f6ec3161da006468b15629e1c20856ee6773b5709f18d6d4977f99e32df783a6f91177bbf294a98c486f9479fdd4c231b50fe4aa55d7cf6bb220fd507c98d05306cb1db6243c456010db5f592674d1768c0cfc0085f32bf3387e86bc785184fafca5dd7d6d08bb043f265e0f413ed1b5aa5f2ee54def00be02c133cd126ff56b9934c375e66d2c1c784a99d073c2b05151ed55090"], 0x28}}, 0x1884)

[   84.450784][ T5300] Bluetooth: hci0: command tx timeout
[   84.893097][ T5308] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.043116][ T5308] usb 5-1: Using ep0 maxpacket: 16
[   85.051252][ T5308] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   85.055803][ T5308] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.059406][ T5308] usb 5-1: Product: syz
[   85.061331][ T5308] usb 5-1: Manufacturer: syz
[   85.064549][ T5308] usb 5-1: SerialNumber: syz
[   85.073817][ T5308] usb 5-1: config 0 descriptor??
[   85.481591][ T5308] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   85.491925][ T5308] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   85.498670][ T5308] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   85.503745][ T5308] usb 5-1: media controller created
[   85.515519][ T5308] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   85.682527][ T5308] zl10353_read_register: readreg error (reg=127, ret==0)
[   85.685789][ T5308] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   85.689137][ T5308] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   86.053268][ T5322] ------------[ cut here ]------------
[   86.056364][ T5322] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   86.060212][ T5322] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.0.0/5322
[   86.064580][ T5322] Modules linked in:
[   86.066426][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.070088][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.074400][ T5322] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   86.076881][ T5322] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   86.085304][ T5322] RSP: 0018:ffffc9000e8ef688 EFLAGS: 00010246
[   86.088049][ T5322] RAX: 0000000000000000 RBX: ffff8880339e1a00 RCX: 0000000080000280
[   86.091374][ T5322] RDX: ffff8880312d8220 RSI: ffffffff8c5de240 RDI: ffffffff8ffc5270
[   86.094996][ T5322] RBP: 1ffff11008761ed8 R08: 00000000000000c0 R09: 0000000000000000
[   86.098496][ T5322] R10: ffffc9000e8ef780 R11: fffff52001d1defc R12: ffff888040f1e100
[   86.101608][ T5322] R13: ffff888043b0f6c0 R14: 0000000080000280 R15: ffff8880312d8220
[   86.104718][ T5322] FS:  00007f8adb9d46c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000
[   86.108481][ T5322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.111334][ T5322] CR2: 00007f8adb9d3ff0 CR3: 000000001fd9d000 CR4: 0000000000352ef0
[   86.114888][ T5322] Call Trace:
[   86.116392][ T5322]  <TASK>
[   86.117687][ T5322]  ? __init_swait_queue_head+0xa9/0x150
[   86.120130][ T5322]  usb_start_wait_urb+0x12b/0x510
[   86.122388][ T5322]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   86.124834][ T5322]  usb_control_msg+0x232/0x3e0
[   86.127067][ T5322]  dtv5100_i2c_msg+0x231/0x2f0
[   86.129164][ T5322]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   86.131275][ T5322]  __i2c_transfer+0x79a/0x1ee0
[   86.133515][ T5322]  ? __lock_acquire+0x146e/0x2cf0
[   86.135703][ T5322]  __i2c_smbus_xfer+0xfca/0x1e40
[   86.137933][ T5322]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   86.140281][ T5322]  ? lockdep_hardirqs_on+0x7a/0x110
[   86.142631][ T5322]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.145384][ T5322]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   86.147807][ T5322]  i2c_smbus_xfer+0x1f4/0x310
[   86.150372][ T5322]  i2cdev_ioctl_smbus+0x434/0x730
[   86.153348][ T5322]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   86.156308][ T5322]  i2cdev_ioctl+0x615/0x880
[   86.159000][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   86.161260][ T5322]  ? __fget_files+0x2a/0x420
[   86.163410][ T5322]  ? __fget_files+0x3a0/0x420
[   86.165458][ T5322]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.167462][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   86.169564][ T5322]  __se_sys_ioctl+0xfc/0x170
[   86.171670][ T5322]  do_syscall_64+0xe2/0xf80
[   86.173793][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.176393][ T5322]  ? trace_irq_disable+0x37/0x100
[   86.178567][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   86.180726][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.183475][ T5322] RIP: 0033:0x7f8adf59acb9
[   86.185537][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.194429][ T5322] RSP: 002b:00007f8adb9d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.198054][ T5322] RAX: ffffffffffffffda RBX: 00007f8adf816090 RCX: 00007f8adf59acb9
[   86.201601][ T5322] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000007
[   86.205167][ T5322] RBP: 00007f8adf608bf7 R08: 0000000000000000 R09: 0000000000000000
[   86.208788][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.212025][ T5322] R13: 00007f8adf816128 R14: 00007f8adf816090 R15: 00007ffce6559c58
[   86.215435][ T5322]  </TASK>
[   86.216777][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.219809][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.223520][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.227398][ T5322] Call Trace:
[   86.228795][ T5322]  <TASK>
[   86.230068][ T5322]  vpanic+0x1e0/0x670
[   86.231784][ T5322]  panic+0xc5/0xd0
[   86.233393][ T5322]  ? __pfx_panic+0x10/0x10
[   86.235255][ T5322]  __warn+0x315/0x4a0
[   86.236887][ T5322]  ? usb_submit_urb+0x1052/0x18b0
[   86.238901][ T5322]  ? usb_submit_urb+0x1052/0x18b0
[   86.240958][ T5322]  __report_bug+0x29a/0x540
[   86.242815][ T5322]  ? usb_submit_urb+0x1052/0x18b0
[   86.245083][ T5322]  ? __pfx___report_bug+0x10/0x10
[   86.247292][ T5322]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   86.249920][ T5322]  ? lockdep_hardirqs_on+0x7a/0x110
[   86.252378][ T5322]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.254845][ T5322]  ? stack_depot_save_flags+0x3f3/0x810
[   86.257306][ T5322]  report_bug_entry+0x19a/0x290
[   86.259491][ T5322]  ? usb_submit_urb+0x1114/0x18b0
[   86.261646][ T5322]  ? usb_submit_urb+0x1119/0x18b0
[   86.263833][ T5322]  handle_bug+0xca/0x200
[   86.265636][ T5322]  exc_invalid_op+0x1a/0x50
[   86.267652][ T5322]  asm_exc_invalid_op+0x1a/0x20
[   86.269822][ T5322] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   86.272329][ T5322] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   86.280834][ T5322] RSP: 0018:ffffc9000e8ef688 EFLAGS: 00010246
[   86.283421][ T5322] RAX: 0000000000000000 RBX: ffff8880339e1a00 RCX: 0000000080000280
[   86.286955][ T5322] RDX: ffff8880312d8220 RSI: ffffffff8c5de240 RDI: ffffffff8ffc5270
[   86.290457][ T5322] RBP: 1ffff11008761ed8 R08: 00000000000000c0 R09: 0000000000000000
[   86.294864][ T5322] R10: ffffc9000e8ef780 R11: fffff52001d1defc R12: ffff888040f1e100
[   86.298846][ T5322] R13: ffff888043b0f6c0 R14: 0000000080000280 R15: ffff8880312d8220
[   86.302790][ T5322]  ? usb_submit_urb+0x10a3/0x18b0
[   86.305049][ T5322]  ? __init_swait_queue_head+0xa9/0x150
[   86.307410][ T5322]  usb_start_wait_urb+0x12b/0x510
[   86.309602][ T5322]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   86.311988][ T5322]  usb_control_msg+0x232/0x3e0
[   86.314149][ T5322]  dtv5100_i2c_msg+0x231/0x2f0
[   86.316303][ T5322]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   86.318398][ T5322]  __i2c_transfer+0x79a/0x1ee0
[   86.320678][ T5322]  ? __lock_acquire+0x146e/0x2cf0
[   86.322949][ T5322]  __i2c_smbus_xfer+0xfca/0x1e40
[   86.325152][ T5322]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   86.327614][ T5322]  ? lockdep_hardirqs_on+0x7a/0x110
[   86.330002][ T5322]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.332624][ T5322]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   86.334995][ T5322]  i2c_smbus_xfer+0x1f4/0x310
[   86.337151][ T5322]  i2cdev_ioctl_smbus+0x434/0x730
[   86.339449][ T5322]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   86.341888][ T5322]  i2cdev_ioctl+0x615/0x880
[   86.343852][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   86.346156][ T5322]  ? __fget_files+0x2a/0x420
[   86.348300][ T5322]  ? __fget_files+0x3a0/0x420
[   86.350829][ T5322]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.353285][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   86.355449][ T5322]  __se_sys_ioctl+0xfc/0x170
[   86.357523][ T5322]  do_syscall_64+0xe2/0xf80
[   86.359530][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.362204][ T5322]  ? trace_irq_disable+0x37/0x100
[   86.364470][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   86.366515][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.369057][ T5322] RIP: 0033:0x7f8adf59acb9
[   86.371045][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.379160][ T5322] RSP: 002b:00007f8adb9d4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.382740][ T5322] RAX: ffffffffffffffda RBX: 00007f8adf816090 RCX: 00007f8adf59acb9
[   86.386209][ T5322] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000007
[   86.389653][ T5322] RBP: 00007f8adf608bf7 R08: 0000000000000000 R09: 0000000000000000
[   86.393267][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.396789][ T5322] R13: 00007f8adf816128 R14: 00007f8adf816090 R15: 00007ffce6559c58
[   86.400114][ T5322]  </TASK>
[   86.401773][ T5322] Kernel Offset: disabled
[   86.403618][ T5322] Rebooting in 86400 seconds..