program:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$packet(r3, &(0x7f0000000400)={0x10, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
r4 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_disconnect(r4)
r5 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000380)={&(0x7f00000000c0)=[{0xffff, 0x10, 0x23, &(0x7f0000000040)="071e3cd4474a2adcafbd85fd0ac0b95df200a148b99456d1fa8e9d49352954f04ffe4e"}], 0x1})
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000240)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRES32=r2, @ANYRESHEX=r2, @ANYRESHEX=r3, @ANYRES8=r0, @ANYRESDEC=r3, @ANYRESHEX=r1, @ANYRES16=r0, @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000040)={0x0, 0x6, 0x1, &(0x7f0000000180)={0x14, "3ac071ffbc4c9a216d398df0f558125211b40d6539c50000000000001800400001"}})
socket$isdn(0x22, 0x3, 0x22)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x80)
syz_emit_ethernet(0x4a, &(0x7f0000002680)=ANY=[@ANYBLOB="b5ece53132819fb6b4bbbbbbbbbbbbc2f662221900140600fe7f00000000000000000000000000bbfc0100000000000000000000000000014e234e23", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50d9295790780007"], 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f00000000c0)={0x1d, r8}, 0x18)
connect$can_j1939(r7, &(0x7f0000000140)={0x1d, r8}, 0x18)
sendmmsg(r7, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="b875a1431a05b9319c", 0x9}], 0x1}}], 0x1, 0x0)
recvmmsg(r7, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189}, {&(0x7f00000002c0)=""/182}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/198}, {&(0x7f0000001480)=""/169}, {&(0x7f0000001540)=""/4096}], 0x10, &(0x7f0000002540)=""/216}}], 0x2, 0x0, 0x0)
sendmmsg$inet(r7, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000000180)="f102", 0x2}, {&(0x7f0000002640)="f5f2de5f96a1ca", 0x7}], 0x2}}], 0x1, 0x0)
write$UHID_INPUT2(r6, &(0x7f0000000200)=ANY=[], 0x37)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r6, 0x0)
request_key(&(0x7f0000000100)='id_legacy\x00', 0x0, 0x0, 0x0)

[   68.752250][ T4680] Bluetooth: hci0: command tx timeout
[   69.043654][ T5330] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   69.193616][ T5330] usb 5-1: Using ep0 maxpacket: 16
[   69.200670][ T5330] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   69.205729][ T5330] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.209107][ T5330] usb 5-1: Product: syz
[   69.210940][ T5330] usb 5-1: Manufacturer: syz
[   69.212956][ T5330] usb 5-1: SerialNumber: syz
[   69.224143][ T5330] usb 5-1: config 0 descriptor??
[   69.630759][ T5330] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   69.645570][ T5330] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   69.654913][ T5330] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   69.658807][ T5330] usb 5-1: media controller created
[   69.671690][ T5330] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   69.837316][ T5330] zl10353_read_register: readreg error (reg=127, ret==0)
[   69.840378][ T5330] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   69.847579][ T5333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.851549][ T5333] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.872501][ T5330] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   70.082954][ T5333] dtv5100: wlen = 23, aborting.
[   70.453710][ T5334] ------------[ cut here ]------------
[   70.456051][ T5334] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   70.459644][ T5334] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#0: syz.0.0/5334
[   70.464673][ T5334] Modules linked in:
[   70.466374][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.470005][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.474203][ T5334] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   70.476733][ T5334] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   70.484968][ T5334] RSP: 0018:ffffc9000b35f680 EFLAGS: 00010246
[   70.487548][ T5334] RAX: 0000000000000000 RBX: ffff88801a0a0d00 RCX: 0000000080000280
[   70.490915][ T5334] RDX: ffff88801a3ea8e0 RSI: ffffffff8c141b40 RDI: ffffffff8f8f0680
[   70.494341][ T5334] RBP: 1ffff11002307e7c R08: 00000000000000c0 R09: 0000000000000000
[   70.497413][ T5334] R10: ffffc9000b35f780 R11: fffff5200166befc R12: ffff88801edfe100
[   70.500634][ T5334] R13: ffff88801183f3e0 R14: 0000000080000280 R15: ffff88801a3ea8e0
[   70.504014][ T5334] FS:  00007f3bd37d46c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[   70.507687][ T5334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.510346][ T5334] CR2: 00007f3bd37d3fc8 CR3: 0000000043ec2000 CR4: 0000000000352ef0
[   70.514363][ T5334] Call Trace:
[   70.515838][ T5334]  <TASK>
[   70.517188][ T5334]  ? __init_swait_queue_head+0xa9/0x150
[   70.520019][ T5334]  usb_start_wait_urb+0x115/0x4f0
[   70.522306][ T5334]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   70.525071][ T5334]  usb_control_msg+0x232/0x3e0
[   70.527180][ T5334]  dtv5100_i2c_msg+0x231/0x2f0
[   70.529345][ T5334]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   70.531645][ T5334]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   70.534706][ T5334]  __i2c_transfer+0x79a/0x1f00
[   70.537212][ T5334]  ? __lock_acquire+0x6b6/0x2cf0
[   70.540022][ T5334]  __i2c_smbus_xfer+0xf5d/0x1e20
[   70.542849][ T5334]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   70.546152][ T5334]  ? lockdep_hardirqs_on+0x7b/0x110
[   70.549199][ T5334]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   70.551582][ T5334]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   70.553892][ T5334]  i2c_smbus_xfer+0x1f4/0x310
[   70.555846][ T5334]  i2cdev_ioctl_smbus+0x1cd/0x750
[   70.557943][ T5334]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   70.560047][ T5334]  i2cdev_ioctl+0x5d3/0x820
[   70.561876][ T5334]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.564110][ T5334]  ? __fget_files+0x2a/0x420
[   70.566052][ T5334]  ? __fget_files+0x3a0/0x420
[   70.568217][ T5334]  ? bpf_lsm_file_ioctl+0x9/0x20
[   70.570464][ T5334]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.573702][ T5334]  __se_sys_ioctl+0xfc/0x170
[   70.575773][ T5334]  do_syscall_64+0xec/0xf80
[   70.577778][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.580491][ T5334]  ? trace_irq_disable+0x37/0x100
[   70.582762][ T5334]  ? clear_bhb_loop+0x60/0xb0
[   70.584808][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.587471][ T5334] RIP: 0033:0x7f3bd738f7c9
[   70.589266][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.596716][ T5334] RSP: 002b:00007f3bd37d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.600007][ T5334] RAX: ffffffffffffffda RBX: 00007f3bd75e6090 RCX: 00007f3bd738f7c9
[   70.603091][ T5334] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000005
[   70.606545][ T5334] RBP: 00007f3bd7413f91 R08: 0000000000000000 R09: 0000000000000000
[   70.609997][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.613416][ T5334] R13: 00007f3bd75e6128 R14: 00007f3bd75e6090 R15: 00007ffeb47b3a48
[   70.617001][ T5334]  </TASK>
[   70.618528][ T5334] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   70.622258][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.626087][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.630561][ T5334] Call Trace:
[   70.632100][ T5334]  <TASK>
[   70.633334][ T5334]  vpanic+0x1e0/0x670
[   70.635201][ T5334]  panic+0xb9/0xc0
[   70.636961][ T5334]  ? __pfx_panic+0x10/0x10
[   70.638958][ T5334]  __warn+0x317/0x4b0
[   70.640644][ T5334]  ? usb_submit_urb+0x105c/0x18d0
[   70.642876][ T5334]  ? usb_submit_urb+0x105c/0x18d0
[   70.645059][ T5334]  __report_bug+0x288/0x500
[   70.647091][ T5334]  ? usb_submit_urb+0x105c/0x18d0
[   70.649203][ T5334]  ? __pfx___report_bug+0x10/0x10
[   70.651441][ T5334]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   70.653914][ T5334]  ? lockdep_hardirqs_on+0x7b/0x110
[   70.655828][ T5334]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   70.658086][ T5334]  ? stack_depot_save_flags+0x3f3/0x810
[   70.660165][ T5334]  report_bug_entry+0x19a/0x290
[   70.662196][ T5334]  ? usb_submit_urb+0x111c/0x18d0
[   70.664338][ T5334]  ? usb_submit_urb+0x1121/0x18d0
[   70.666400][ T5334]  handle_bug+0xca/0x200
[   70.668213][ T5334]  exc_invalid_op+0x1a/0x50
[   70.670184][ T5334]  asm_exc_invalid_op+0x1a/0x20
[   70.672304][ T5334] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   70.674740][ T5334] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   70.682774][ T5334] RSP: 0018:ffffc9000b35f680 EFLAGS: 00010246
[   70.685272][ T5334] RAX: 0000000000000000 RBX: ffff88801a0a0d00 RCX: 0000000080000280
[   70.688616][ T5334] RDX: ffff88801a3ea8e0 RSI: ffffffff8c141b40 RDI: ffffffff8f8f0680
[   70.692172][ T5334] RBP: 1ffff11002307e7c R08: 00000000000000c0 R09: 0000000000000000
[   70.695600][ T5334] R10: ffffc9000b35f780 R11: fffff5200166befc R12: ffff88801edfe100
[   70.698834][ T5334] R13: ffff88801183f3e0 R14: 0000000080000280 R15: ffff88801a3ea8e0
[   70.702236][ T5334]  ? __init_swait_queue_head+0xa9/0x150
[   70.704180][ T5334]  usb_start_wait_urb+0x115/0x4f0
[   70.705991][ T5334]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   70.707885][ T5334]  usb_control_msg+0x232/0x3e0
[   70.709250][ T5334]  dtv5100_i2c_msg+0x231/0x2f0
[   70.710794][ T5334]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   70.712619][ T5334]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   70.714760][ T5334]  __i2c_transfer+0x79a/0x1f00
[   70.716642][ T5334]  ? __lock_acquire+0x6b6/0x2cf0
[   70.718501][ T5334]  __i2c_smbus_xfer+0xf5d/0x1e20
[   70.720425][ T5334]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   70.722464][ T5334]  ? lockdep_hardirqs_on+0x7b/0x110
[   70.724432][ T5334]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   70.726463][ T5334]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   70.728375][ T5334]  i2c_smbus_xfer+0x1f4/0x310
[   70.730059][ T5334]  i2cdev_ioctl_smbus+0x1cd/0x750
[   70.731847][ T5334]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   70.733938][ T5334]  i2cdev_ioctl+0x5d3/0x820
[   70.735521][ T5334]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.737240][ T5334]  ? __fget_files+0x2a/0x420
[   70.739346][ T5334]  ? __fget_files+0x3a0/0x420
[   70.741457][ T5334]  ? bpf_lsm_file_ioctl+0x9/0x20
[   70.743699][ T5334]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.746019][ T5334]  __se_sys_ioctl+0xfc/0x170
[   70.748186][ T5334]  do_syscall_64+0xec/0xf80
[   70.750375][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.753063][ T5334]  ? trace_irq_disable+0x37/0x100
[   70.755438][ T5334]  ? clear_bhb_loop+0x60/0xb0
[   70.757664][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.760279][ T5334] RIP: 0033:0x7f3bd738f7c9
[   70.762405][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.770326][ T5334] RSP: 002b:00007f3bd37d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.774018][ T5334] RAX: ffffffffffffffda RBX: 00007f3bd75e6090 RCX: 00007f3bd738f7c9
[   70.777438][ T5334] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000005
[   70.781015][ T5334] RBP: 00007f3bd7413f91 R08: 0000000000000000 R09: 0000000000000000
[   70.784340][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.787568][ T5334] R13: 00007f3bd75e6128 R14: 00007f3bd75e6090 R15: 00007ffeb47b3a48
[   70.791064][ T5334]  </TASK>
[   70.792904][ T5334] Kernel Offset: disabled
[   70.794701][ T5334] Rebooting in 86400 seconds..