program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x2, 0x200000000000001, 0x106)
socket$inet6(0xa, 0x80002, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7})
r3 = socket$alg(0x26, 0x5, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x800)
openat$dlm_control(0xffffffffffffff9c, &(0x7f00000002c0), 0x4a8c0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x100, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}}}, 0x24}}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='-', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r4 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$sierra_net(r1, 0x0, 0x0)
syz_usb_control_io$rtl8150(r1, 0x0, 0x0)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x16, "437226815fcc50a7eceec8f47a5797ff91c431562bee7c0d2cd8712088d3cbe711"}})
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000001800)={0x0, 0x7, 0x2, &(0x7f00000017c0)={0x11, "4ec0191e5bb41b08c198884329f6dd0711762717c44bc7c9b1cc22a10010115d6d"}})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0xe0}}, 0x0)

[   73.362159][ T5296] Bluetooth: hci0: command tx timeout
[   73.661406][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   73.811395][    T9] usb 5-1: Using ep0 maxpacket: 16
[   73.819383][    T9] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   73.823582][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.827043][    T9] usb 5-1: Product: syz
[   73.829039][    T9] usb 5-1: Manufacturer: syz
[   73.831111][    T9] usb 5-1: SerialNumber: syz
[   73.841881][    T9] usb 5-1: config 0 descriptor??
[   74.248149][    T9] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   74.256454][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   74.268695][    T9] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   74.273322][    T9] usb 5-1: media controller created
[   74.286156][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   74.500832][    T9] zl10353_read_register: readreg error (reg=127, ret==0)
[   74.504636][    T9] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   74.508401][    T9] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   74.871731][ T5318] ------------[ cut here ]------------
[   74.874359][ T5318] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   74.878110][ T5318] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.0.0/5318
[   74.883157][ T5318] Modules linked in:
[   74.885019][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.888848][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.893545][ T5318] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   74.896061][ T5318] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   74.904821][ T5318] RSP: 0018:ffffc9000a637688 EFLAGS: 00010246
[   74.907306][ T5318] RAX: 0000000000000000 RBX: ffff88800011cd00 RCX: 0000000080000280
[   74.910791][ T5318] RDX: ffff88804412a9e0 RSI: ffffffff8c5de800 RDI: ffffffff8ffc5590
[   74.914559][ T5318] RBP: 1ffff1100889d698 R08: 00000000000000c0 R09: 0000000000000000
[   74.918065][ T5318] R10: ffffc9000a637780 R11: fffff520014c6efc R12: ffff8880119ef100
[   74.921525][ T5318] R13: ffff8880444eb4c0 R14: 0000000080000280 R15: ffff88804412a9e0
[   74.925036][ T5318] FS:  00007f1e9f1976c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000
[   74.928813][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.931883][ T5318] CR2: 00007f1e9f196ff0 CR3: 0000000041b7b000 CR4: 0000000000352ef0
[   74.935376][ T5318] Call Trace:
[   74.936986][ T5318]  <TASK>
[   74.938357][ T5318]  ? __init_swait_queue_head+0xa9/0x150
[   74.940905][ T5318]  usb_start_wait_urb+0x12b/0x510
[   74.943303][ T5318]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   74.945770][ T5318]  usb_control_msg+0x232/0x3e0
[   74.947823][ T5318]  dtv5100_i2c_msg+0x231/0x2f0
[   74.949979][ T5318]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   74.952209][ T5318]  __i2c_transfer+0x79a/0x1ee0
[   74.954431][ T5318]  ? __lock_acquire+0x146e/0x2cf0
[   74.956656][ T5318]  __i2c_smbus_xfer+0xfca/0x1e40
[   74.958971][ T5318]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   74.962985][ T5318]  ? lockdep_hardirqs_on+0x7a/0x110
[   74.965572][ T5318]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   74.968352][ T5318]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   74.970833][ T5318]  i2c_smbus_xfer+0x1f4/0x310
[   74.973094][ T5318]  i2cdev_ioctl_smbus+0x434/0x730
[   74.975419][ T5318]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   74.977715][ T5318]  i2cdev_ioctl+0x615/0x880
[   74.979660][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   74.982364][ T5318]  ? __fget_files+0x2a/0x420
[   74.984528][ T5318]  ? __fget_files+0x3a0/0x420
[   74.986846][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.989326][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   74.991994][ T5318]  __se_sys_ioctl+0xfc/0x170
[   74.994036][ T5318]  do_syscall_64+0xe2/0xf80
[   74.996083][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.998841][ T5318]  ? trace_irq_disable+0x37/0x100
[   75.001066][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   75.003353][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.005940][ T5318] RIP: 0033:0x7f1e9e39aeb9
[   75.007933][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   75.015906][ T5318] RSP: 002b:00007f1e9f197028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.019430][ T5318] RAX: ffffffffffffffda RBX: 00007f1e9e616090 RCX: 00007f1e9e39aeb9
[   75.022843][ T5318] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000023
[   75.026265][ T5318] RBP: 00007f1e9e408c1f R08: 0000000000000000 R09: 0000000000000000
[   75.029866][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.033434][ T5318] R13: 00007f1e9e616128 R14: 00007f1e9e616090 R15: 00007ffee17bf4b8
[   75.036891][ T5318]  </TASK>
[   75.038271][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.041632][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.045172][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.049361][ T5318] Call Trace:
[   75.050780][ T5318]  <TASK>
[   75.052073][ T5318]  vpanic+0x1e0/0x670
[   75.053843][ T5318]  panic+0xc5/0xd0
[   75.055499][ T5318]  ? __pfx_panic+0x10/0x10
[   75.057388][ T5318]  __warn+0x315/0x4a0
[   75.059146][ T5318]  ? usb_submit_urb+0x1052/0x18b0
[   75.061159][ T5318]  ? usb_submit_urb+0x1052/0x18b0
[   75.063327][ T5318]  __report_bug+0x29a/0x540
[   75.065267][ T5318]  ? usb_submit_urb+0x1052/0x18b0
[   75.067535][ T5318]  ? __pfx___report_bug+0x10/0x10
[   75.069616][ T5318]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   75.072149][ T5318]  ? lockdep_hardirqs_on+0x7a/0x110
[   75.074200][ T5318]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   75.076653][ T5318]  ? stack_depot_save_flags+0x3f3/0x810
[   75.079275][ T5318]  report_bug_entry+0x19a/0x290
[   75.081107][ T5318]  ? usb_submit_urb+0x1114/0x18b0
[   75.083379][ T5318]  ? usb_submit_urb+0x1119/0x18b0
[   75.085521][ T5318]  handle_bug+0xca/0x200
[   75.087493][ T5318]  exc_invalid_op+0x1a/0x50
[   75.089482][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   75.091677][ T5318] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   75.093989][ T5318] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   75.102167][ T5318] RSP: 0018:ffffc9000a637688 EFLAGS: 00010246
[   75.104699][ T5318] RAX: 0000000000000000 RBX: ffff88800011cd00 RCX: 0000000080000280
[   75.108073][ T5318] RDX: ffff88804412a9e0 RSI: ffffffff8c5de800 RDI: ffffffff8ffc5590
[   75.111529][ T5318] RBP: 1ffff1100889d698 R08: 00000000000000c0 R09: 0000000000000000
[   75.115096][ T5318] R10: ffffc9000a637780 R11: fffff520014c6efc R12: ffff8880119ef100
[   75.118653][ T5318] R13: ffff8880444eb4c0 R14: 0000000080000280 R15: ffff88804412a9e0
[   75.122060][ T5318]  ? usb_submit_urb+0x10a3/0x18b0
[   75.124315][ T5318]  ? __init_swait_queue_head+0xa9/0x150
[   75.126585][ T5318]  usb_start_wait_urb+0x12b/0x510
[   75.128798][ T5318]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   75.131148][ T5318]  usb_control_msg+0x232/0x3e0
[   75.133181][ T5318]  dtv5100_i2c_msg+0x231/0x2f0
[   75.135291][ T5318]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   75.137453][ T5318]  __i2c_transfer+0x79a/0x1ee0
[   75.139511][ T5318]  ? __lock_acquire+0x146e/0x2cf0
[   75.141609][ T5318]  __i2c_smbus_xfer+0xfca/0x1e40
[   75.143888][ T5318]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   75.146289][ T5318]  ? lockdep_hardirqs_on+0x7a/0x110
[   75.148580][ T5318]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   75.151160][ T5318]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   75.153432][ T5318]  i2c_smbus_xfer+0x1f4/0x310
[   75.155441][ T5318]  i2cdev_ioctl_smbus+0x434/0x730
[   75.157488][ T5318]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   75.159986][ T5318]  i2cdev_ioctl+0x615/0x880
[   75.161956][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   75.164105][ T5318]  ? __fget_files+0x2a/0x420
[   75.166192][ T5318]  ? __fget_files+0x3a0/0x420
[   75.168230][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.170430][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   75.172744][ T5318]  __se_sys_ioctl+0xfc/0x170
[   75.174809][ T5318]  do_syscall_64+0xe2/0xf80
[   75.176793][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.179525][ T5318]  ? trace_irq_disable+0x37/0x100
[   75.181772][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   75.183820][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.186365][ T5318] RIP: 0033:0x7f1e9e39aeb9
[   75.188361][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   75.195955][ T5318] RSP: 002b:00007f1e9f197028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.199514][ T5318] RAX: ffffffffffffffda RBX: 00007f1e9e616090 RCX: 00007f1e9e39aeb9
[   75.202962][ T5318] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000023
[   75.206313][ T5318] RBP: 00007f1e9e408c1f R08: 0000000000000000 R09: 0000000000000000
[   75.209791][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.213161][ T5318] R13: 00007f1e9e616128 R14: 00007f1e9e616090 R15: 00007ffee17bf4b8
[   75.216650][ T5318]  </TASK>
[   75.218389][ T5318] Kernel Offset: disabled
[   75.220396][ T5318] Rebooting in 86400 seconds..