program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000580)=[{0x4, 0x1010, 0x0, 0x0}, {0xc, 0xf200, 0x0, 0x0}], 0x2})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000040)={0x2c, &(0x7f00000012c0)={0x40, 0x3, 0x5, {0x5, 0x4, "26ed60"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
r4 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000580)={0x0, 0xc, 0x1, 0x0}) (async)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x4}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x16, 0xa, 0x0, 0xb00, 0x0, {}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_vlan\x00'}]}]}]}], {0x14, 0x10}}, 0xd0}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = socket$kcm(0xa, 0x2, 0x0) (async)
r7 = socket(0x2, 0x80805, 0x0) (async)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'wrr\x00', 0x1, 0x80005, 0x6f}, 0x2c) (async)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xcd}}, 0x44) (async)
sendmsg$sock(r6, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) (async)
r9 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r9, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x15, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) (async)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000040)={0x0, 0x4, 0x80, 0x480000000000})
sendmsg$key(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0x5, 0x40, 0x5, 0x12, 0x0, 0x70bd2c, 0x25dfdc01, [@sadb_key={0xf, 0x8, 0x370, 0x0, "2cd550fb2d3c8fa8baf7f7508c1a72171024e2b0174e21f239644b4fc959e1844f29547680daa88b41d62fd5b4dd93b093317dd1e8222384641a9f0eb61f5ffa45f298a2e69e749da59adb24c9eb0b12a2db9ef51f58480fb2a86df13c9048ce325ce55fe90aba999fbc7b8c64d9"}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e24}]}, 0x90}}, 0x4004801)

[   73.404413][   T45] Bluetooth: hci0: command tx timeout
[   73.688508][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   73.838440][    T9] usb 5-1: Using ep0 maxpacket: 16
[   73.846365][    T9] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   73.850635][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.854173][    T9] usb 5-1: Product: syz
[   73.855970][    T9] usb 5-1: Manufacturer: syz
[   73.858003][    T9] usb 5-1: SerialNumber: syz
[   73.869820][    T9] usb 5-1: config 0 descriptor??
[   74.075640][    T9] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   74.087990][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   74.096577][    T9] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   74.101131][    T9] usb 5-1: media controller created
[   74.113413][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   74.331967][ T5314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   74.340214][ T5314] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   74.351399][ T5316] netlink: 'syz.0.0': attribute type 1 has an invalid length.
[   74.660201][ T5315] dtv5100: wlen = 0, aborting.
[   74.662753][    T9] zl10353_read_register: readreg error (reg=127, ret==0)
[   74.665803][    T9] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   74.671429][    T9] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   74.688750][ T5314] ------------[ cut here ]------------
[   74.691124][ T5314] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   74.694716][ T5314] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.0.0/5314
[   74.698849][ T5314] Modules linked in:
[   74.701003][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.704765][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.709404][ T5314] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   74.711888][ T5314] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   74.719975][ T5314] RSP: 0018:ffffc900014ef688 EFLAGS: 00010246
[   74.722566][ T5314] RAX: 0000000000000000 RBX: ffff888038e88600 RCX: 0000000080000280
[   74.725998][ T5314] RDX: ffff888034e90720 RSI: ffffffff8c7f0500 RDI: ffffffff901ee1c0
[   74.729506][ T5314] RBP: 1ffff110089225a0 R08: 00000000000000c0 R09: 0000000000000000
[   74.732813][ T5314] R10: ffffc900014ef780 R11: fffff5200029defc R12: ffff88803d283100
[   74.736145][ T5314] R13: ffff888044912d00 R14: 0000000080000280 R15: ffff888034e90720
[   74.739717][ T5314] FS:  00007fa9baf136c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   74.743198][ T5314] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.745963][ T5314] CR2: 00007ffecb04ce80 CR3: 00000000406aa000 CR4: 0000000000352ef0
[   74.749546][ T5314] Call Trace:
[   74.751122][ T5314]  <TASK>
[   74.752445][ T5314]  ? __init_swait_queue_head+0xa9/0x150
[   74.754899][ T5314]  usb_start_wait_urb+0x12b/0x510
[   74.757013][ T5314]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   74.759492][ T5314]  usb_control_msg+0x232/0x3e0
[   74.761610][ T5314]  dtv5100_i2c_msg+0x231/0x2f0
[   74.763732][ T5314]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   74.765994][ T5314]  __i2c_transfer+0x79a/0x2020
[   74.768085][ T5314]  __i2c_smbus_xfer+0xfca/0x1f70
[   74.770375][ T5314]  ? rt_mutex_slowlock+0x1fd/0x7b0
[   74.772722][ T5314]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   74.775195][ T5314]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   74.777651][ T5314]  ? rt_mutex_lock_nested+0x170/0x1e0
[   74.780213][ T5314]  ? do_vfs_ioctl+0x1166/0x1530
[   74.782360][ T5314]  i2c_smbus_xfer+0x1f4/0x310
[   74.784344][ T5314]  i2cdev_ioctl_smbus+0x1e7/0x730
[   74.786600][ T5314]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   74.789125][ T5314]  i2cdev_ioctl+0x615/0x880
[   74.791202][ T5314]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   74.793501][ T5314]  ? __fget_files+0x2a/0x420
[   74.795491][ T5314]  ? __fget_files+0x3a0/0x420
[   74.797561][ T5314]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.799785][ T5314]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   74.802015][ T5314]  __se_sys_ioctl+0xfc/0x170
[   74.804413][ T5314]  do_syscall_64+0x14d/0xf80
[   74.806451][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.809305][ T5314]  ? clear_bhb_loop+0x40/0x90
[   74.811396][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.813815][ T5314] RIP: 0033:0x7fa9b9f9c799
[   74.815764][ T5314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.823124][ T5314] RSP: 002b:00007fa9baf13028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.826661][ T5314] RAX: ffffffffffffffda RBX: 00007fa9ba215fa0 RCX: 00007fa9b9f9c799
[   74.830219][ T5314] RDX: 0000200000000580 RSI: 0000000000000720 RDI: 0000000000000007
[   74.833639][ T5314] RBP: 00007fa9ba032bd9 R08: 0000000000000000 R09: 0000000000000000
[   74.836941][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.840239][ T5314] R13: 00007fa9ba216038 R14: 00007fa9ba215fa0 R15: 00007ffecb04d9f8
[   74.843475][ T5314]  </TASK>
[   74.844888][ T5314] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   74.848577][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.853146][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.858008][ T5314] Call Trace:
[   74.859408][ T5314]  <TASK>
[   74.860575][ T5314]  vpanic+0x56c/0xa60
[   74.862241][ T5314]  ? __pfx__printk+0x10/0x10
[   74.864133][ T5314]  ? __pfx_vpanic+0x10/0x10
[   74.866102][ T5314]  ? is_bpf_text_address+0x292/0x2b0
[   74.868201][ T5314]  ? is_bpf_text_address+0x26/0x2b0
[   74.870345][ T5314]  panic+0xc5/0xd0
[   74.871911][ T5314]  ? __pfx_panic+0x10/0x10
[   74.873778][ T5314]  __warn+0x315/0x4f0
[   74.875608][ T5314]  ? usb_submit_urb+0x1052/0x18b0
[   74.877700][ T5314]  ? usb_submit_urb+0x1052/0x18b0
[   74.879800][ T5314]  __report_bug+0x29a/0x540
[   74.881771][ T5314]  ? usb_submit_urb+0x1052/0x18b0
[   74.884005][ T5314]  ? __pfx___report_bug+0x10/0x10
[   74.886333][ T5314]  ? lockdep_hardirqs_on+0x7a/0x110
[   74.888692][ T5314]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   74.891353][ T5314]  report_bug_entry+0x19a/0x290
[   74.893563][ T5314]  ? usb_submit_urb+0x1114/0x18b0
[   74.895799][ T5314]  ? usb_submit_urb+0x1119/0x18b0
[   74.898039][ T5314]  handle_bug+0xca/0x200
[   74.899957][ T5314]  exc_invalid_op+0x1a/0x50
[   74.902035][ T5314]  asm_exc_invalid_op+0x1a/0x20
[   74.904180][ T5314] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   74.906652][ T5314] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   74.914707][ T5314] RSP: 0018:ffffc900014ef688 EFLAGS: 00010246
[   74.917513][ T5314] RAX: 0000000000000000 RBX: ffff888038e88600 RCX: 0000000080000280
[   74.921101][ T5314] RDX: ffff888034e90720 RSI: ffffffff8c7f0500 RDI: ffffffff901ee1c0
[   74.924481][ T5314] RBP: 1ffff110089225a0 R08: 00000000000000c0 R09: 0000000000000000
[   74.927974][ T5314] R10: ffffc900014ef780 R11: fffff5200029defc R12: ffff88803d283100
[   74.931554][ T5314] R13: ffff888044912d00 R14: 0000000080000280 R15: ffff888034e90720
[   74.935037][ T5314]  ? usb_submit_urb+0x10a3/0x18b0
[   74.937123][ T5314]  ? __init_swait_queue_head+0xa9/0x150
[   74.939550][ T5314]  usb_start_wait_urb+0x12b/0x510
[   74.941730][ T5314]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   74.943967][ T5314]  usb_control_msg+0x232/0x3e0
[   74.946435][ T5314]  dtv5100_i2c_msg+0x231/0x2f0
[   74.948351][ T5314]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   74.950493][ T5314]  __i2c_transfer+0x79a/0x2020
[   74.952515][ T5314]  __i2c_smbus_xfer+0xfca/0x1f70
[   74.954685][ T5314]  ? rt_mutex_slowlock+0x1fd/0x7b0
[   74.956888][ T5314]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   74.959305][ T5314]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   74.961743][ T5314]  ? rt_mutex_lock_nested+0x170/0x1e0
[   74.963978][ T5314]  ? do_vfs_ioctl+0x1166/0x1530
[   74.966163][ T5314]  i2c_smbus_xfer+0x1f4/0x310
[   74.968191][ T5314]  i2cdev_ioctl_smbus+0x1e7/0x730
[   74.970364][ T5314]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   74.972797][ T5314]  i2cdev_ioctl+0x615/0x880
[   74.974923][ T5314]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   74.976858][ T5314]  ? __fget_files+0x2a/0x420
[   74.978930][ T5314]  ? __fget_files+0x3a0/0x420
[   74.980928][ T5314]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.983108][ T5314]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   74.985313][ T5314]  __se_sys_ioctl+0xfc/0x170
[   74.987314][ T5314]  do_syscall_64+0x14d/0xf80
[   74.989392][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.992032][ T5314]  ? clear_bhb_loop+0x40/0x90
[   74.994053][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.996676][ T5314] RIP: 0033:0x7fa9b9f9c799
[   74.998670][ T5314] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   75.006637][ T5314] RSP: 002b:00007fa9baf13028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.010432][ T5314] RAX: ffffffffffffffda RBX: 00007fa9ba215fa0 RCX: 00007fa9b9f9c799
[   75.013669][ T5314] RDX: 0000200000000580 RSI: 0000000000000720 RDI: 0000000000000007
[   75.017121][ T5314] RBP: 00007fa9ba032bd9 R08: 0000000000000000 R09: 0000000000000000
[   75.020600][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.023724][ T5314] R13: 00007fa9ba216038 R14: 00007fa9ba215fa0 R15: 00007ffecb04d9f8
[   75.026989][ T5314]  </TASK>
[   75.028597][ T5314] Kernel Offset: disabled
[   75.030393][ T5314] Rebooting in 86400 seconds..