program:
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ffffc}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x5d}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT={0xff, 0x80}, 0xfe)
syz_usb_control_io$printer(r1, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)={0x54, 0xb, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010102}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e20}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x11}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x4800)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x18, &(0x7f0000000400)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x17, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b465fd00"}})

[   75.042938][ T4666] Bluetooth: hci0: command tx timeout
[   75.073153][ T5318] capability: warning: `syz.0.0' uses deprecated v2 capabilities in a way that may be insecure
[   75.360991][ T5311] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.510731][ T5311] usb 5-1: Using ep0 maxpacket: 16
[   75.519424][ T5311] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   75.523461][ T5311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.526437][ T5311] usb 5-1: Product: syz
[   75.528290][ T5311] usb 5-1: Manufacturer: syz
[   75.531628][ T5311] usb 5-1: SerialNumber: syz
[   75.536735][ T5311] usb 5-1: config 0 descriptor??
[   75.946775][ T5311] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   75.953497][ T5311] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   75.957660][ T5311] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   75.962039][ T5311] usb 5-1: media controller created
[   75.974158][ T5311] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   76.151677][ T5311] zl10353_read_register: readreg error (reg=127, ret==0)
[   76.154825][ T5311] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   76.172493][ T5311] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   76.511151][ T5319] ------------[ cut here ]------------
[   76.514005][ T5319] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   76.518249][ T5319] WARNING: CPU: 0 PID: 5319 at drivers/usb/core/urb.c:414 usb_submit_urb+0x114d/0x18b0
[   76.522560][ T5319] Modules linked in:
[   76.524511][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.528308][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.535811][ T5319] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   76.538311][ T5319] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 40 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 44 7a 8e fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   76.546653][ T5319] RSP: 0018:ffffc9000d427540 EFLAGS: 00010246
[   76.549268][ T5319] RAX: 16204fe9982fe600 RBX: ffff888036902800 RCX: 0000000000100000
[   76.552980][ T5319] RDX: ffffc9000e783000 RSI: 0000000000000b9c RDI: 0000000000000b9d
[   76.556843][ T5319] RBP: 1ffff110060b4f30 R08: ffff88801fe24293 R09: 1ffff11003fc4852
[   76.560629][ T5319] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: ffff888040981100
[   76.563958][ T5319] R13: ffff8880305a7980 R14: 0000000080000280 R15: ffff8880113682a0
[   76.567153][ T5319] FS:  00007faf9a5f56c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   76.571089][ T5319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.573974][ T5319] CR2: 00007faf9a5f4fc8 CR3: 0000000042869000 CR4: 0000000000352ef0
[   76.577356][ T5319] Call Trace:
[   76.578971][ T5319]  <TASK>
[   76.580563][ T5319]  usb_start_wait_urb+0x114/0x4c0
[   76.582784][ T5319]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   76.585311][ T5319]  usb_control_msg+0x232/0x3e0
[   76.587431][ T5319]  dtv5100_i2c_msg+0x250/0x330
[   76.589457][ T5319]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   76.591814][ T5319]  __i2c_transfer+0x874/0x2170
[   76.593945][ T5319]  ? validate_chain+0x897/0x2140
[   76.596237][ T5319]  ? __pfx___i2c_transfer+0x10/0x10
[   76.598917][ T5319]  __i2c_smbus_xfer+0xfb0/0x1e50
[   76.601791][ T5319]  ? __lock_acquire+0xab9/0xd20
[   76.604400][ T5319]  ? do_raw_spin_lock+0x121/0x290
[   76.607089][ T5319]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   76.610088][ T5319]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.613458][ T5319]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.616491][ T5319]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.619867][ T5319]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   76.622832][ T5319]  i2c_smbus_xfer+0x275/0x3c0
[   76.625126][ T5319]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   76.627193][ T5319]  ? __lock_acquire+0xab9/0xd20
[   76.629418][ T5319]  i2cdev_ioctl_smbus+0x43d/0x6d0
[   76.631859][ T5319]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   76.634250][ T5319]  i2cdev_ioctl+0x5d3/0x7f0
[   76.636245][ T5319]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.638344][ T5319]  ? __fget_files+0x2a/0x420
[   76.640594][ T5319]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.642702][ T5319]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.644824][ T5319]  __se_sys_ioctl+0xfc/0x170
[   76.647368][ T5319]  do_syscall_64+0xfa/0xfa0
[   76.649146][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.651618][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.654182][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   76.656630][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.659678][ T5319] RIP: 0033:0x7faf9e18f6c9
[   76.662535][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.671003][ T5319] RSP: 002b:00007faf9a5f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.674580][ T5319] RAX: ffffffffffffffda RBX: 00007faf9e3e6090 RCX: 00007faf9e18f6c9
[   76.677974][ T5319] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000006
[   76.681599][ T5319] RBP: 00007faf9e211f91 R08: 0000000000000000 R09: 0000000000000000
[   76.685032][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.688482][ T5319] R13: 00007faf9e3e6128 R14: 00007faf9e3e6090 R15: 00007fffc12aed28
[   76.692762][ T5319]  </TASK>
[   76.694177][ T5319] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.697375][ T5319] CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.701420][ T5319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.705767][ T5319] Call Trace:
[   76.707219][ T5319]  <TASK>
[   76.708550][ T5319]  dump_stack_lvl+0x99/0x250
[   76.710622][ T5319]  ? __asan_memcpy+0x40/0x70
[   76.712627][ T5319]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.714758][ T5319]  ? __pfx__printk+0x10/0x10
[   76.716948][ T5319]  vpanic+0x237/0x6d0
[   76.718549][ T5319]  ? __pfx_vpanic+0x10/0x10
[   76.720537][ T5319]  panic+0xb9/0xc0
[   76.722104][ T5319]  ? __pfx_panic+0x10/0x10
[   76.724109][ T5319]  __warn+0x31b/0x4b0
[   76.725744][ T5319]  ? usb_submit_urb+0x114d/0x18b0
[   76.727866][ T5319]  ? usb_submit_urb+0x114d/0x18b0
[   76.730028][ T5319]  report_bug+0x2be/0x4f0
[   76.731849][ T5319]  ? usb_submit_urb+0x114d/0x18b0
[   76.734004][ T5319]  ? usb_submit_urb+0x114d/0x18b0
[   76.736324][ T5319]  ? usb_submit_urb+0x114f/0x18b0
[   76.738519][ T5319]  handle_bug+0x84/0x160
[   76.740435][ T5319]  exc_invalid_op+0x1a/0x50
[   76.742355][ T5319]  asm_exc_invalid_op+0x1a/0x20
[   76.744509][ T5319] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   76.746879][ T5319] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 40 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 44 7a 8e fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   76.754872][ T5319] RSP: 0018:ffffc9000d427540 EFLAGS: 00010246
[   76.757519][ T5319] RAX: 16204fe9982fe600 RBX: ffff888036902800 RCX: 0000000000100000
[   76.761057][ T5319] RDX: ffffc9000e783000 RSI: 0000000000000b9c RDI: 0000000000000b9d
[   76.764564][ T5319] RBP: 1ffff110060b4f30 R08: ffff88801fe24293 R09: 1ffff11003fc4852
[   76.767981][ T5319] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: ffff888040981100
[   76.771388][ T5319] R13: ffff8880305a7980 R14: 0000000080000280 R15: ffff8880113682a0
[   76.774647][ T5319]  usb_start_wait_urb+0x114/0x4c0
[   76.776821][ T5319]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   76.779114][ T5319]  usb_control_msg+0x232/0x3e0
[   76.781109][ T5319]  dtv5100_i2c_msg+0x250/0x330
[   76.782946][ T5319]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   76.784704][ T5319]  __i2c_transfer+0x874/0x2170
[   76.786652][ T5319]  ? validate_chain+0x897/0x2140
[   76.788568][ T5319]  ? __pfx___i2c_transfer+0x10/0x10
[   76.790640][ T5319]  __i2c_smbus_xfer+0xfb0/0x1e50
[   76.792871][ T5319]  ? __lock_acquire+0xab9/0xd20
[   76.795035][ T5319]  ? do_raw_spin_lock+0x121/0x290
[   76.797243][ T5319]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   76.799648][ T5319]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.802718][ T5319]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.805225][ T5319]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.807847][ T5319]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   76.809867][ T5319]  i2c_smbus_xfer+0x275/0x3c0
[   76.811752][ T5319]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   76.813804][ T5319]  ? __lock_acquire+0xab9/0xd20
[   76.815738][ T5319]  i2cdev_ioctl_smbus+0x43d/0x6d0
[   76.817587][ T5319]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   76.819692][ T5319]  i2cdev_ioctl+0x5d3/0x7f0
[   76.821361][ T5319]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.823424][ T5319]  ? __fget_files+0x2a/0x420
[   76.825377][ T5319]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.827435][ T5319]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.829553][ T5319]  __se_sys_ioctl+0xfc/0x170
[   76.831645][ T5319]  do_syscall_64+0xfa/0xfa0
[   76.833659][ T5319]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.835977][ T5319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.838461][ T5319]  ? clear_bhb_loop+0x60/0xb0
[   76.840516][ T5319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.842944][ T5319] RIP: 0033:0x7faf9e18f6c9
[   76.844756][ T5319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.853041][ T5319] RSP: 002b:00007faf9a5f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.856559][ T5319] RAX: ffffffffffffffda RBX: 00007faf9e3e6090 RCX: 00007faf9e18f6c9
[   76.859772][ T5319] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000006
[   76.863389][ T5319] RBP: 00007faf9e211f91 R08: 0000000000000000 R09: 0000000000000000
[   76.866641][ T5319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.870185][ T5319] R13: 00007faf9e3e6128 R14: 00007faf9e3e6090 R15: 00007fffc12aed28
[   76.873583][ T5319]  </TASK>
[   76.875272][ T5319] Kernel Offset: disabled
[   76.877107][ T5319] Rebooting in 86400 seconds..