program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x18, &(0x7f0000000400)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x1c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b42c65fd"}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x4081)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x3e, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ffffff07000000400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x20004015}, 0x40)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a01010000000000f9ff000a0000090900020073797a31000000200900010073797a310000000014000380100000800c00018006000100582e000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4004850}, 0x40)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
[ 84.530928][ T44] Bluetooth: hci0: command tx timeout
[ 84.850120][ T5318] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 85.001719][ T5318] usb 5-1: Using ep0 maxpacket: 16
[ 85.011592][ T5318] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 85.015631][ T5318] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 85.019270][ T5318] usb 5-1: Product: syz
[ 85.021676][ T5318] usb 5-1: Manufacturer: syz
[ 85.024028][ T5318] usb 5-1: SerialNumber: syz
[ 85.036161][ T5318] usb 5-1: config 0 descriptor??
[ 85.451761][ T5318] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[ 85.467891][ T5318] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 85.472675][ T5318] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[ 85.476365][ T5318] usb 5-1: media controller created
[ 85.491251][ T5318] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 85.657264][ T5318] zl10353_read_register: readreg error (reg=127, ret==0)
[ 85.661577][ T5318] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[ 85.666053][ T5318] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[ 86.020285][ T5321] ------------[ cut here ]------------
[ 86.023855][ T5321] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[ 86.027732][ T5321] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5321
[ 86.032916][ T5321] Modules linked in:
[ 86.035817][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 86.040139][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.044200][ T5321] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[ 86.046281][ T5321] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[ 86.054535][ T5321] RSP: 0018:ffffc9000475f688 EFLAGS: 00010246
[ 86.057638][ T5321] RAX: 0000000000000000 RBX: ffff88803341ba00 RCX: 0000000080000280
[ 86.061247][ T5321] RDX: ffff888041a2d0e0 RSI: ffffffff8c803c20 RDI: ffffffff90401f90
[ 86.065350][ T5321] RBP: 1ffff11008773cf4 R08: 00000000000000c0 R09: 0000000000000000
[ 86.068948][ T5321] R10: ffffc9000475f780 R11: fffff520008ebefc R12: ffff888042053100
[ 86.074017][ T5321] R13: ffff888043b9e7a0 R14: 0000000080000280 R15: ffff888041a2d0e0
[ 86.077580][ T5321] FS: 00007fcff75106c0(0000) GS:ffff88808c838000(0000) knlGS:0000000000000000
[ 86.083303][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.086943][ T5321] CR2: 00007fcff750fff8 CR3: 00000000404f6000 CR4: 0000000000352ef0
[ 86.090614][ T5321] Call Trace:
[ 86.092049][ T5321]
[ 86.093295][ T5321] ? __init_swait_queue_head+0xa9/0x150
[ 86.095982][ T5321] usb_start_wait_urb+0x13f/0x5b0
[ 86.098834][ T5321] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 86.101896][ T5321] usb_control_msg+0x234/0x3e0
[ 86.104387][ T5321] dtv5100_i2c_msg+0x231/0x2f0
[ 86.106776][ T5321] dtv5100_i2c_xfer+0x1a4/0x3c0
[ 86.109035][ T5321] __i2c_transfer+0x79a/0x1f70
[ 86.111293][ T5321] ? __lock_acquire+0x146e/0x2cf0
[ 86.113514][ T5321] __i2c_smbus_xfer+0xfca/0x1eb0
[ 86.115723][ T5321] ? __pfx___i2c_smbus_xfer+0x10/0x10
[ 86.118305][ T5321] ? lockdep_hardirqs_on+0x7a/0x110
[ 86.120873][ T5321] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 86.123563][ T5321] ? rt_mutex_lock_nested+0x15c/0x1e0
[ 86.126325][ T5321] i2c_smbus_xfer+0x1f4/0x310
[ 86.128763][ T5321] i2cdev_ioctl_smbus+0x434/0x730
[ 86.131591][ T5321] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[ 86.133835][ T5321] i2cdev_ioctl+0x615/0x880
[ 86.135740][ T5321] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 86.138070][ T5321] ? __fget_files+0x2a/0x420
[ 86.140210][ T5321] ? __fget_files+0x3a0/0x420
[ 86.142573][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20
[ 86.145124][ T5321] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 86.147669][ T5321] __se_sys_ioctl+0xfc/0x170
[ 86.150631][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.153232][ T5321] do_syscall_64+0x15f/0xf80
[ 86.155423][ T5321] ? trace_irq_disable+0x3b/0x140
[ 86.158862][ T5321] ? clear_bhb_loop+0x40/0x90
[ 86.162005][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.164610][ T5321] RIP: 0033:0x7fcff659c819
[ 86.166647][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.175454][ T5321] RSP: 002b:00007fcff750ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 86.180143][ T5321] RAX: ffffffffffffffda RBX: 00007fcff6816090 RCX: 00007fcff659c819
[ 86.183663][ T5321] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000004
[ 86.187347][ T5321] RBP: 00007fcff6632c91 R08: 0000000000000000 R09: 0000000000000000
[ 86.191058][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 86.195191][ T5321] R13: 00007fcff6816128 R14: 00007fcff6816090 R15: 00007ffce8cab9d8
[ 86.199467][ T5321]
[ 86.201039][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 86.204199][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 86.208161][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 86.213396][ T5321] Call Trace:
[ 86.221207][ T5321]
[ 86.222554][ T5321] vpanic+0x56c/0xa60
[ 86.224490][ T5321] ? __pfx__printk+0x10/0x10
[ 86.226815][ T5321] ? __pfx_vpanic+0x10/0x10
[ 86.229325][ T5321] ? is_bpf_text_address+0x292/0x2b0
[ 86.232308][ T5321] ? is_bpf_text_address+0x26/0x2b0
[ 86.234729][ T5321] panic+0xc5/0xd0
[ 86.236438][ T5321] ? __pfx_panic+0x10/0x10
[ 86.238481][ T5321] __warn+0x315/0x4c0
[ 86.240328][ T5321] ? usb_submit_urb+0x1053/0x18b0
[ 86.242621][ T5321] ? usb_submit_urb+0x1053/0x18b0
[ 86.245269][ T5321] __report_bug+0x29a/0x540
[ 86.248034][ T5321] ? usb_submit_urb+0x1053/0x18b0
[ 86.250354][ T5321] ? __pfx___report_bug+0x10/0x10
[ 86.252688][ T5321] ? lockdep_hardirqs_on+0x7a/0x110
[ 86.255363][ T5321] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 86.257903][ T5321] report_bug_entry+0x19a/0x290
[ 86.260324][ T5321] ? usb_submit_urb+0x1115/0x18b0
[ 86.262372][ T5321] ? usb_submit_urb+0x111a/0x18b0
[ 86.264609][ T5321] handle_bug+0xce/0x200
[ 86.266533][ T5321] exc_invalid_op+0x1a/0x50
[ 86.268495][ T5321] asm_exc_invalid_op+0x1a/0x20
[ 86.270557][ T5321] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[ 86.272951][ T5321] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[ 86.282449][ T5321] RSP: 0018:ffffc9000475f688 EFLAGS: 00010246
[ 86.285402][ T5321] RAX: 0000000000000000 RBX: ffff88803341ba00 RCX: 0000000080000280
[ 86.288289][ T5321] RDX: ffff888041a2d0e0 RSI: ffffffff8c803c20 RDI: ffffffff90401f90
[ 86.291404][ T5321] RBP: 1ffff11008773cf4 R08: 00000000000000c0 R09: 0000000000000000
[ 86.295221][ T5321] R10: ffffc9000475f780 R11: fffff520008ebefc R12: ffff888042053100
[ 86.299624][ T5321] R13: ffff888043b9e7a0 R14: 0000000080000280 R15: ffff888041a2d0e0
[ 86.303045][ T5321] ? usb_submit_urb+0x10a4/0x18b0
[ 86.305363][ T5321] ? __init_swait_queue_head+0xa9/0x150
[ 86.308017][ T5321] usb_start_wait_urb+0x13f/0x5b0
[ 86.310782][ T5321] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 86.313551][ T5321] usb_control_msg+0x234/0x3e0
[ 86.315722][ T5321] dtv5100_i2c_msg+0x231/0x2f0
[ 86.317672][ T5321] dtv5100_i2c_xfer+0x1a4/0x3c0
[ 86.319672][ T5321] __i2c_transfer+0x79a/0x1f70
[ 86.321668][ T5321] ? __lock_acquire+0x146e/0x2cf0
[ 86.323628][ T5321] __i2c_smbus_xfer+0xfca/0x1eb0
[ 86.325793][ T5321] ? __pfx___i2c_smbus_xfer+0x10/0x10
[ 86.329040][ T5321] ? lockdep_hardirqs_on+0x7a/0x110
[ 86.331491][ T5321] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 86.333924][ T5321] ? rt_mutex_lock_nested+0x15c/0x1e0
[ 86.336285][ T5321] i2c_smbus_xfer+0x1f4/0x310
[ 86.338282][ T5321] i2cdev_ioctl_smbus+0x434/0x730
[ 86.340446][ T5321] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[ 86.342776][ T5321] i2cdev_ioctl+0x615/0x880
[ 86.345059][ T5321] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 86.347755][ T5321] ? __fget_files+0x2a/0x420
[ 86.349968][ T5321] ? __fget_files+0x3a0/0x420
[ 86.351966][ T5321] ? bpf_lsm_file_ioctl+0x9/0x20
[ 86.353832][ T5321] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 86.356052][ T5321] __se_sys_ioctl+0xfc/0x170
[ 86.358290][ T5321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.361676][ T5321] do_syscall_64+0x15f/0xf80
[ 86.364121][ T5321] ? trace_irq_disable+0x3b/0x140
[ 86.366362][ T5321] ? clear_bhb_loop+0x40/0x90
[ 86.368410][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.370775][ T5321] RIP: 0033:0x7fcff659c819
[ 86.372677][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 86.381572][ T5321] RSP: 002b:00007fcff750ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 86.386258][ T5321] RAX: ffffffffffffffda RBX: 00007fcff6816090 RCX: 00007fcff659c819
[ 86.389638][ T5321] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000004
[ 86.392988][ T5321] RBP: 00007fcff6632c91 R08: 0000000000000000 R09: 0000000000000000
[ 86.396641][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 86.400366][ T5321] R13: 00007fcff6816128 R14: 00007fcff6816090 R15: 00007ffce8cab9d8
[ 86.404164][ T5321]
[ 86.405863][ T5321] Kernel Offset: disabled
[ 86.407738][ T5321] Rebooting in 86400 seconds..