program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000440)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x4, 0x0, 0x0, 0xffffffff}}}}]}, 0x4c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'veth0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x8, 0x10}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x705, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x10, 0x8}, {0xfff2, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r9 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r9, 0x0, 0x0)
syz_usb_control_io$printer(r9, 0x0, 0x0)
r10 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r9, 0x0, 0x0)
syz_usb_control_io$hid(r9, 0x0, &(0x7f0000000600)={0x18, &(0x7f0000000400)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r10, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x1c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r11 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}]}, 0x24}, 0x1, 0x0, 0x0, 0x24040058}, 0x20040080)
r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r13, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010028bd7000010000002000000004002d800c000600010000000100000033d15cd813d450b9e70690dc3e0d849de5c348674d10adff331da1b0c2cd4aba6b7338c9f58822e9d923b1c9442013e40fa3de70a1ebb57d2498f9d9be30be372f929069b56e680c83551df955e042283b30ac8cb7773d8a7884da20363d339575bab2549e45feebb67a8c8550723669076b24d7503336fb2cefaa90094b05ec13d6625bb4e7e46b"], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4044)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

[  117.359511][ T4657] Bluetooth: hci0: command tx timeout
[  117.483177][ T5334] Zero length message leads to an empty skb
[  117.795881][ T5316] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  117.944859][ T5316] usb 5-1: Using ep0 maxpacket: 16
[  117.951747][ T5316] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  117.955676][ T5316] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.959208][ T5316] usb 5-1: Product: syz
[  117.961196][ T5316] usb 5-1: Manufacturer: syz
[  117.963381][ T5316] usb 5-1: SerialNumber: syz
[  117.973047][ T5316] usb 5-1: config 0 descriptor??
[  118.387579][ T5316] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  118.402258][ T5316] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  118.407689][ T5316] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  118.412545][ T5316] usb 5-1: media controller created
[  118.441966][ T5316] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  118.593420][ T5316] zl10353_read_register: readreg error (reg=127, ret==0)
[  118.596976][ T5316] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  118.600396][ T5316] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  118.965197][ T5335] ------------[ cut here ]------------
[  118.969072][ T5335] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[  118.972734][ T5335] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5335
[  118.977239][ T5335] Modules linked in:
[  118.979794][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  118.984043][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  118.988546][ T5335] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[  118.991141][ T5335] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[  119.000341][ T5335] RSP: 0018:ffffc9000db57688 EFLAGS: 00010246
[  119.003599][ T5335] RAX: 0000000000000000 RBX: ffff888034038c00 RCX: 0000000080000280
[  119.007758][ T5335] RDX: ffff8880425b5ba0 RSI: ffffffff8c80b580 RDI: ffffffff903e6660
[  119.012004][ T5335] RBP: 1ffff11007f610f8 R08: 00000000000000c0 R09: 0000000000000000
[  119.015628][ T5335] R10: ffffc9000db57780 R11: fffff52001b6aefc R12: ffff88801206c100
[  119.019092][ T5335] R13: ffff88803fb087c0 R14: 0000000080000280 R15: ffff8880425b5ba0
[  119.022649][ T5335] FS:  00007f9143da06c0(0000) GS:ffff88808c87c000(0000) knlGS:0000000000000000
[  119.026616][ T5335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.029560][ T5335] CR2: 00007f9143d9fff8 CR3: 0000000012887000 CR4: 0000000000352ef0
[  119.032994][ T5335] Call Trace:
[  119.034522][ T5335]  <TASK>
[  119.036045][ T5335]  ? __init_swait_queue_head+0xa9/0x150
[  119.038553][ T5335]  usb_start_wait_urb+0x13f/0x5b0
[  119.040619][ T5335]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  119.043118][ T5335]  usb_control_msg+0x234/0x3e0
[  119.045306][ T5335]  dtv5100_i2c_msg+0x231/0x2f0
[  119.049303][ T5335]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  119.051867][ T5335]  __i2c_transfer+0x79a/0x1f70
[  119.054032][ T5335]  ? __lock_acquire+0x146e/0x2cf0
[  119.056939][ T5335]  __i2c_smbus_xfer+0x113e/0x2050
[  119.059796][ T5335]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  119.062315][ T5335]  ? lockdep_hardirqs_on+0x7a/0x110
[  119.065220][ T5335]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  119.068408][ T5335]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  119.070838][ T5335]  i2c_smbus_xfer+0x1f4/0x310
[  119.072921][ T5335]  i2cdev_ioctl_smbus+0x434/0x730
[  119.075338][ T5335]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  119.077827][ T5335]  i2cdev_ioctl+0x615/0x880
[  119.079898][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  119.082068][ T5335]  ? security_file_ioctl+0x19/0x2a0
[  119.084356][ T5335]  ? bpf_lsm_file_ioctl+0x9/0x20
[  119.086747][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  119.089049][ T5335]  __se_sys_ioctl+0xfc/0x170
[  119.091134][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.093827][ T5335]  do_syscall_64+0x15f/0xf80
[  119.095947][ T5335]  ? trace_irq_disable+0x3b/0x140
[  119.098034][ T5335]  ? clear_bhb_loop+0x40/0x90
[  119.100150][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.102920][ T5335] RIP: 0033:0x7f9142f9ce59
[  119.105000][ T5335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  119.113211][ T5335] RSP: 002b:00007f9143d9ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  119.116765][ T5335] RAX: ffffffffffffffda RBX: 00007f9143216090 RCX: 00007f9142f9ce59
[  119.120004][ T5335] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 000000000000000a
[  119.123208][ T5335] RBP: 00007f9143032d6f R08: 0000000000000000 R09: 0000000000000000
[  119.126880][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.130346][ T5335] R13: 00007f9143216128 R14: 00007f9143216090 R15: 00007ffe4246b4e8
[  119.133947][ T5335]  </TASK>
[  119.135771][ T5335] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  119.139057][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  119.142685][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  119.147630][ T5335] Call Trace:
[  119.149694][ T5335]  <TASK>
[  119.151609][ T5335]  vpanic+0x56c/0xa60
[  119.153775][ T5335]  ? __pfx__printk+0x10/0x10
[  119.156186][ T5335]  ? __pfx_vpanic+0x10/0x10
[  119.158215][ T5335]  ? is_bpf_text_address+0x292/0x2b0
[  119.160568][ T5335]  ? is_bpf_text_address+0x26/0x2b0
[  119.162830][ T5335]  panic+0xc5/0xd0
[  119.164554][ T5335]  ? __pfx_panic+0x10/0x10
[  119.166582][ T5335]  __warn+0x315/0x4c0
[  119.168390][ T5335]  ? usb_submit_urb+0x1053/0x18b0
[  119.170575][ T5335]  ? usb_submit_urb+0x1053/0x18b0
[  119.172820][ T5335]  __report_bug+0x29a/0x540
[  119.174942][ T5335]  ? usb_submit_urb+0x1053/0x18b0
[  119.177325][ T5335]  ? __pfx___report_bug+0x10/0x10
[  119.179715][ T5335]  ? lockdep_hardirqs_on+0x7a/0x110
[  119.182132][ T5335]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  119.184688][ T5335]  report_bug_entry+0x19a/0x290
[  119.186859][ T5335]  ? usb_submit_urb+0x1115/0x18b0
[  119.189019][ T5335]  ? usb_submit_urb+0x111a/0x18b0
[  119.191207][ T5335]  handle_bug+0xce/0x200
[  119.193113][ T5335]  exc_invalid_op+0x1a/0x50
[  119.195506][ T5335]  asm_exc_invalid_op+0x1a/0x20
[  119.197860][ T5335] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[  119.200371][ T5335] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[  119.208839][ T5335] RSP: 0018:ffffc9000db57688 EFLAGS: 00010246
[  119.211478][ T5335] RAX: 0000000000000000 RBX: ffff888034038c00 RCX: 0000000080000280
[  119.214940][ T5335] RDX: ffff8880425b5ba0 RSI: ffffffff8c80b580 RDI: ffffffff903e6660
[  119.218456][ T5335] RBP: 1ffff11007f610f8 R08: 00000000000000c0 R09: 0000000000000000
[  119.221987][ T5335] R10: ffffc9000db57780 R11: fffff52001b6aefc R12: ffff88801206c100
[  119.225794][ T5335] R13: ffff88803fb087c0 R14: 0000000080000280 R15: ffff8880425b5ba0
[  119.229029][ T5335]  ? usb_submit_urb+0x10a4/0x18b0
[  119.231125][ T5335]  ? __init_swait_queue_head+0xa9/0x150
[  119.233387][ T5335]  usb_start_wait_urb+0x13f/0x5b0
[  119.235563][ T5335]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  119.238051][ T5335]  usb_control_msg+0x234/0x3e0
[  119.240176][ T5335]  dtv5100_i2c_msg+0x231/0x2f0
[  119.242330][ T5335]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  119.244522][ T5335]  __i2c_transfer+0x79a/0x1f70
[  119.246839][ T5335]  ? __lock_acquire+0x146e/0x2cf0
[  119.249099][ T5335]  __i2c_smbus_xfer+0x113e/0x2050
[  119.251434][ T5335]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  119.253876][ T5335]  ? lockdep_hardirqs_on+0x7a/0x110
[  119.256335][ T5335]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  119.259102][ T5335]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  119.261609][ T5335]  i2c_smbus_xfer+0x1f4/0x310
[  119.263816][ T5335]  i2cdev_ioctl_smbus+0x434/0x730
[  119.266175][ T5335]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  119.268804][ T5335]  i2cdev_ioctl+0x615/0x880
[  119.270923][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  119.273372][ T5335]  ? security_file_ioctl+0x19/0x2a0
[  119.275681][ T5335]  ? bpf_lsm_file_ioctl+0x9/0x20
[  119.278398][ T5335]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  119.281191][ T5335]  __se_sys_ioctl+0xfc/0x170
[  119.283504][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.286040][ T5335]  do_syscall_64+0x15f/0xf80
[  119.288128][ T5335]  ? trace_irq_disable+0x3b/0x140
[  119.290376][ T5335]  ? clear_bhb_loop+0x40/0x90
[  119.292502][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.295119][ T5335] RIP: 0033:0x7f9142f9ce59
[  119.297041][ T5335] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  119.304858][ T5335] RSP: 002b:00007f9143d9ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  119.308355][ T5335] RAX: ffffffffffffffda RBX: 00007f9143216090 RCX: 00007f9142f9ce59
[  119.311602][ T5335] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 000000000000000a
[  119.315185][ T5335] RBP: 00007f9143032d6f R08: 0000000000000000 R09: 0000000000000000
[  119.318601][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.321869][ T5335] R13: 00007f9143216128 R14: 00007f9143216090 R15: 00007ffe4246b4e8
[  119.325098][ T5335]  </TASK>
[  119.326878][ T5335] Kernel Offset: disabled
[  119.328564][ T5335] Rebooting in 86400 seconds..