program:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
capset(&(0x7f00000000c0)={0x20080522}, &(0x7f0000000200))
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r1, 0x7041, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
waitid$P_PIDFD(0x3, r3, 0x0, 0x4, 0x0)
process_madvise(r3, 0x0, 0x0, 0x14, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000640)={0x1, 0x1, {0x33, 0x29, 0x12, 0x4, 0x6, 0x7a8, 0x6, 0x163}})
r4 = dup(r0)
bind$inet(r4, &(0x7f0000000840)={0x2, 0x4e23, @remote}, 0x10)
r5 = accept4$inet6(r4, &(0x7f0000000700)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000740)=0x1c, 0x80000)
r6 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r6, 0x0, 0x0)
syz_usb_control_io$printer(r6, 0x0, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
r7 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, &(0x7f0000000600)={0x18, &(0x7f0000000680)=ANY=[@ANYBLOB="20f100000000b41c8495f27f48df2c974317f6499294e327ad3d587ef35cab63e4ee4f80d33b9dd07acc8995c2f857f5283ffe1557556f1f322e8f1773bfb975f52f149666c6da73e29fde3aabfe254651b155bd084914ae9cfd5508f7395d233270a99a1b3dbb42cbf27e17591ab70f4f07aadcf6d2ec3857addd59a4"], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000140)={0x1, 0x7, 0x1, &(0x7f0000000100)={0x7, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000004c0)="99", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='ipvlan1\x00', 0x10)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000780)={<r8=>0x0}, &(0x7f00000007c0)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000400)={r8, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0x5, 0xa, 0x30, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x3, 0x2, 0xf06, 0x0, 0xac, 0x81, 0x5}, 0x9c)
syz_clone3(&(0x7f0000000580)={0x100288100, &(0x7f00000002c0)=<r9=>0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000340), {0x3c}, &(0x7f0000000380)=""/68, 0x44, &(0x7f0000000500)=""/7, &(0x7f0000000540)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2, {r4}}, 0x58)
splice(r0, &(0x7f00000001c0)=0x1f, r9, &(0x7f0000000600)=0x8001, 0x8, 0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e24, 0x8, @empty, 0x38d3}}, 0xfffffc, 0x31, 0xffff1896, 0x5, 0xa6, 0x0, 0x6}, 0x9c)

[   91.419956][ T4656] Bluetooth: hci0: command tx timeout
[   91.712929][    T9] cfg80211: failed to load regulatory.db
[   91.807297][ T5326] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   91.957411][ T5326] usb 5-1: Using ep0 maxpacket: 16
[   91.966150][ T5326] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   91.970369][ T5326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.973569][ T5326] usb 5-1: Product: syz
[   91.975387][ T5326] usb 5-1: Manufacturer: syz
[   91.978622][ T5326] usb 5-1: SerialNumber: syz
[   91.988781][ T5326] usb 5-1: config 0 descriptor??
[   92.397803][ T5326] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   92.416002][ T5326] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   92.421773][ T5326] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   92.426294][ T5326] usb 5-1: media controller created
[   92.440314][ T5326] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   92.605814][ T5326] zl10353_read_register: readreg error (reg=127, ret==0)
[   92.611270][ T5326] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   92.615304][ T5326] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   92.968992][ T5332] ------------[ cut here ]------------
[   92.971546][ T5332] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   92.975689][ T5332] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5332
[   92.979920][ T5332] Modules linked in:
[   92.982068][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   92.985953][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   92.990429][ T5332] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   92.992879][ T5332] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   93.001253][ T5332] RSP: 0018:ffffc9000335f688 EFLAGS: 00010246
[   93.004104][ T5332] RAX: 0000000000000000 RBX: ffff88803661cb00 RCX: 0000000080000280
[   93.007702][ T5332] RDX: ffff8880441d8660 RSI: ffffffff8c80a920 RDI: ffffffff903e55a0
[   93.011317][ T5332] RBP: 1ffff1100883b1b4 R08: 00000000000000c0 R09: 0000000000000000
[   93.014810][ T5332] R10: ffffc9000335f780 R11: fffff5200066befc R12: ffff888033206100
[   93.018777][ T5332] R13: ffff8880441d8da0 R14: 0000000080000280 R15: ffff8880441d8660
[   93.022657][ T5332] FS:  00007fc666a9f6c0(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000
[   93.026711][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   93.029728][ T5332] CR2: 00007fc666a9eff8 CR3: 0000000043b43000 CR4: 0000000000352ef0
[   93.033131][ T5332] Call Trace:
[   93.034658][ T5332]  <TASK>
[   93.035938][ T5332]  ? __init_swait_queue_head+0xa9/0x150
[   93.038553][ T5332]  usb_start_wait_urb+0x13f/0x5b0
[   93.040805][ T5332]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   93.043343][ T5332]  usb_control_msg+0x234/0x3e0
[   93.045510][ T5332]  dtv5100_i2c_msg+0x231/0x2f0
[   93.047574][ T5332]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   93.049634][ T5332]  __i2c_transfer+0x79a/0x1f70
[   93.051581][ T5332]  ? __lock_acquire+0x146e/0x2cf0
[   93.053629][ T5332]  __i2c_smbus_xfer+0x113e/0x2050
[   93.055680][ T5332]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   93.058089][ T5332]  ? lockdep_hardirqs_on+0x7a/0x110
[   93.060420][ T5332]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   93.063031][ T5332]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   93.065448][ T5332]  i2c_smbus_xfer+0x1f4/0x310
[   93.067623][ T5332]  i2cdev_ioctl_smbus+0x434/0x730
[   93.069955][ T5332]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   93.072421][ T5332]  i2cdev_ioctl+0x615/0x880
[   93.074480][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.076705][ T5332]  ? __fget_files+0x2a/0x420
[   93.078991][ T5332]  ? __fget_files+0x3a0/0x420
[   93.081027][ T5332]  ? bpf_lsm_file_ioctl+0x9/0x20
[   93.083147][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.085149][ T5332]  __se_sys_ioctl+0xfc/0x170
[   93.087088][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.089596][ T5332]  do_syscall_64+0x15f/0xf80
[   93.091432][ T5332]  ? trace_irq_disable+0x3b/0x140
[   93.093402][ T5332]  ? clear_bhb_loop+0x40/0x90
[   93.095552][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.098348][ T5332] RIP: 0033:0x7fc665b9ce59
[   93.100303][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   93.108634][ T5332] RSP: 002b:00007fc666a9efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.112183][ T5332] RAX: ffffffffffffffda RBX: 00007fc665e16090 RCX: 00007fc665b9ce59
[   93.115566][ T5332] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000008
[   93.119521][ T5332] RBP: 00007fc665c32d6f R08: 0000000000000000 R09: 0000000000000000
[   93.123310][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.126896][ T5332] R13: 00007fc665e16128 R14: 00007fc665e16090 R15: 00007ffddc824e88
[   93.130579][ T5332]  </TASK>
[   93.132007][ T5332] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   93.135295][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   93.139209][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   93.143685][ T5332] Call Trace:
[   93.145209][ T5332]  <TASK>
[   93.146607][ T5332]  vpanic+0x56c/0xa60
[   93.148443][ T5332]  ? __pfx__printk+0x10/0x10
[   93.150598][ T5332]  ? __pfx_vpanic+0x10/0x10
[   93.152625][ T5332]  ? is_bpf_text_address+0x292/0x2b0
[   93.155050][ T5332]  ? is_bpf_text_address+0x26/0x2b0
[   93.157389][ T5332]  panic+0xc5/0xd0
[   93.159019][ T5332]  ? __pfx_panic+0x10/0x10
[   93.160938][ T5332]  __warn+0x315/0x4c0
[   93.162742][ T5332]  ? usb_submit_urb+0x1053/0x18b0
[   93.165031][ T5332]  ? usb_submit_urb+0x1053/0x18b0
[   93.167252][ T5332]  __report_bug+0x29a/0x540
[   93.169210][ T5332]  ? usb_submit_urb+0x1053/0x18b0
[   93.171420][ T5332]  ? __pfx___report_bug+0x10/0x10
[   93.173726][ T5332]  ? lockdep_hardirqs_on+0x7a/0x110
[   93.175959][ T5332]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   93.178513][ T5332]  report_bug_entry+0x19a/0x290
[   93.180700][ T5332]  ? usb_submit_urb+0x1115/0x18b0
[   93.182927][ T5332]  ? usb_submit_urb+0x111a/0x18b0
[   93.185136][ T5332]  handle_bug+0xce/0x200
[   93.187077][ T5332]  exc_invalid_op+0x1a/0x50
[   93.189132][ T5332]  asm_exc_invalid_op+0x1a/0x20
[   93.191255][ T5332] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   93.193710][ T5332] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   93.201603][ T5332] RSP: 0018:ffffc9000335f688 EFLAGS: 00010246
[   93.204122][ T5332] RAX: 0000000000000000 RBX: ffff88803661cb00 RCX: 0000000080000280
[   93.207589][ T5332] RDX: ffff8880441d8660 RSI: ffffffff8c80a920 RDI: ffffffff903e55a0
[   93.211108][ T5332] RBP: 1ffff1100883b1b4 R08: 00000000000000c0 R09: 0000000000000000
[   93.214388][ T5332] R10: ffffc9000335f780 R11: fffff5200066befc R12: ffff888033206100
[   93.217874][ T5332] R13: ffff8880441d8da0 R14: 0000000080000280 R15: ffff8880441d8660
[   93.221411][ T5332]  ? usb_submit_urb+0x10a4/0x18b0
[   93.223662][ T5332]  ? __init_swait_queue_head+0xa9/0x150
[   93.226104][ T5332]  usb_start_wait_urb+0x13f/0x5b0
[   93.228289][ T5332]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   93.230658][ T5332]  usb_control_msg+0x234/0x3e0
[   93.232745][ T5332]  dtv5100_i2c_msg+0x231/0x2f0
[   93.234884][ T5332]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   93.237047][ T5332]  __i2c_transfer+0x79a/0x1f70
[   93.239204][ T5332]  ? __lock_acquire+0x146e/0x2cf0
[   93.241433][ T5332]  __i2c_smbus_xfer+0x113e/0x2050
[   93.243715][ T5332]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   93.246045][ T5332]  ? lockdep_hardirqs_on+0x7a/0x110
[   93.248360][ T5332]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   93.250940][ T5332]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   93.253243][ T5332]  i2c_smbus_xfer+0x1f4/0x310
[   93.255365][ T5332]  i2cdev_ioctl_smbus+0x434/0x730
[   93.257532][ T5332]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   93.259845][ T5332]  i2cdev_ioctl+0x615/0x880
[   93.261792][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.263874][ T5332]  ? __fget_files+0x2a/0x420
[   93.265910][ T5332]  ? __fget_files+0x3a0/0x420
[   93.267982][ T5332]  ? bpf_lsm_file_ioctl+0x9/0x20
[   93.270106][ T5332]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   93.272299][ T5332]  __se_sys_ioctl+0xfc/0x170
[   93.274357][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.276958][ T5332]  do_syscall_64+0x15f/0xf80
[   93.279021][ T5332]  ? trace_irq_disable+0x3b/0x140
[   93.281193][ T5332]  ? clear_bhb_loop+0x40/0x90
[   93.283287][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.285893][ T5332] RIP: 0033:0x7fc665b9ce59
[   93.287863][ T5332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   93.296182][ T5332] RSP: 002b:00007fc666a9efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.299850][ T5332] RAX: ffffffffffffffda RBX: 00007fc665e16090 RCX: 00007fc665b9ce59
[   93.303204][ T5332] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000008
[   93.306547][ T5332] RBP: 00007fc665c32d6f R08: 0000000000000000 R09: 0000000000000000
[   93.309946][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.313470][ T5332] R13: 00007fc665e16128 R14: 00007fc665e16090 R15: 00007ffddc824e88
[   93.316806][ T5332]  </TASK>
[   93.318665][ T5332] Kernel Offset: disabled
[   93.320558][ T5332] Rebooting in 86400 seconds..