program:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendto$unix(r0, &(0x7f0000000380)="df", 0xfffffffffffffef2, 0x4008000, 0x0, 0x0)
lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000100)='ext4\x00', 0x5, 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r7, 0x0, 0x0)
syz_usb_control_io$printer(r7, 0x0, 0x0)
r8 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_control_io$hid(r7, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r7, &(0x7f0000000200)={0x14, &(0x7f00000002c0)={0x20, 0x23, 0x47, {0x47, 0x1, "cccd2876fa2f5b5d4578c3a3c5f2ed7e97bc5a01562abf74f85ec94fa73f3c0b97225674584cead7ed966ce6eb9e31f2345d8365705c78d912eae5a8f79cce36b96c00d137"}}, &(0x7f0000000740)=ANY=[@ANYBLOB="00038400000004030414b3785ebb2444983d4fe9341b2abda1cf6345f248701ab4e52a7ba46e991c6642245f676b7c3e2fcb5a41579921f4ed54776c9b4687861e56617d2eae33546b1aa10623246b8aa9bead286b7bfc86"]}, &(0x7f0000000700)={0x34, &(0x7f0000000640)={0x40, 0xe, 0xa6, "5f7143b47f5e8f6c83d80e6cc30bbc226af41fc12751a47e1e53bc503d571240143409806c76f2f23cbde35d2e5515b4108f9cffedc7a1b4e2442d969142379753eb1fe13e628ddcbdd200d05d47051138e0b609eb1bafe4d74ccef18c296bb20e7f36fc2df27614e5f6831013b92c97427413801b0ea1ab0d6c9db796cbc58f0587450b9cc854d9f938ef81aaab8b37da78bfdba9a9a022671eed9e612d69f3ecced6203103"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000480)={0x20, 0x0, 0x6d, {0x6b, "ce81d5fdf284bf734d714e31b450a1a57eec1b62bd36664cc50a90483034182994f9727f795d87144216fb93a089ad82950ec9ecd51d5b725c77eb185d5ac356ef56e1d8f3f1946b3a41e3a6c9c45b00bd73ee5378071ed533bd792999065322f1e6adbe8e83353449bedb"}}, &(0x7f0000000540)={0x20, 0x1, 0x1, 0x6}, &(0x7f0000000580)={0x20, 0x0, 0x1, 0xcc}})
ioctl$I2C_SMBUS(r8, 0x720, &(0x7f0000000140)={0x1, 0x9, 0x1, &(0x7f0000001240)={0x1c, "3ac071ffbc4c9a216d398df0f558125211b40d6539c50000000000001800000001"}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r9, 0x8b2a, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r10, 0x8b2b, &(0x7f0000000040))
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x2, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0xff, 0x2}}]}, 0x2c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket$netlink(0x10, 0x3, 0x0)

[  134.435267][ T4665] Bluetooth: hci0: command tx timeout
[  134.825001][ T1861] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  134.974961][ T1861] usb 5-1: Using ep0 maxpacket: 16
[  134.982819][ T1861] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  134.987722][ T1861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.991017][ T1861] usb 5-1: Product: syz
[  134.992776][ T1861] usb 5-1: Manufacturer: syz
[  134.995246][ T1861] usb 5-1: SerialNumber: syz
[  135.001121][ T1861] usb 5-1: config 0 descriptor??
[  135.409215][ T1861] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  135.419580][ T1861] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  135.423967][ T1861] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  135.428602][ T1861] usb 5-1: media controller created
[  135.442930][ T1861] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  135.611538][ T1861] zl10353_read_register: readreg error (reg=127, ret==0)
[  135.615392][ T1861] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  135.618666][ T1861] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  136.345069][ T5337] ------------[ cut here ]------------
[  136.347716][ T5337] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[  136.351527][ T5337] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.0.0/5337
[  136.355969][ T5337] Modules linked in:
[  136.357780][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  136.361462][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  136.366451][ T5337] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  136.368973][ T5337] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  136.377101][ T5337] RSP: 0018:ffffc9000ef77688 EFLAGS: 00010246
[  136.379762][ T5337] RAX: 0000000000000000 RBX: ffff888035f83700 RCX: 0000000080000280
[  136.383304][ T5337] RDX: ffff888042133940 RSI: ffffffff8c7f0240 RDI: ffffffff901edaa0
[  136.386885][ T5337] RBP: 1ffff110088c0abc R08: 00000000000000c0 R09: 0000000000000000
[  136.390333][ T5337] R10: ffffc9000ef77780 R11: fffff52001deeefc R12: ffff888012a5e100
[  136.393776][ T5337] R13: ffff8880446055e0 R14: 0000000080000280 R15: ffff888042133940
[  136.397213][ T5337] FS:  00007f74005d26c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[  136.401031][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  136.404002][ T5337] CR2: 00007f74005d1ff8 CR3: 000000001ed9a000 CR4: 0000000000352ef0
[  136.407555][ T5337] Call Trace:
[  136.408870][ T5337]  <TASK>
[  136.410660][ T5337]  ? __init_swait_queue_head+0xa9/0x150
[  136.413388][ T5337]  usb_start_wait_urb+0x12b/0x510
[  136.415705][ T5337]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  136.418129][ T5337]  usb_control_msg+0x232/0x3e0
[  136.420411][ T5337]  dtv5100_i2c_msg+0x231/0x2f0
[  136.423308][ T5337]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  136.426092][ T5337]  ? __bfs+0x153/0x290
[  136.428021][ T5337]  __i2c_transfer+0x79a/0x2020
[  136.430469][ T5337]  __i2c_smbus_xfer+0xfca/0x1f70
[  136.432975][ T5337]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  136.435551][ T5337]  ? lockdep_hardirqs_on+0x7a/0x110
[  136.437757][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  136.439939][ T5337]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  136.442598][ T5337]  i2c_smbus_xfer+0x1f4/0x310
[  136.444630][ T5337]  i2cdev_ioctl_smbus+0x434/0x730
[  136.447775][ T5337]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  136.450224][ T5337]  i2cdev_ioctl+0x615/0x880
[  136.452206][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  136.454352][ T5337]  ? __fget_files+0x2a/0x420
[  136.456640][ T5337]  ? __fget_files+0x3a0/0x420
[  136.458683][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[  136.460778][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  136.463091][ T5337]  __se_sys_ioctl+0xfc/0x170
[  136.465180][ T5337]  do_syscall_64+0x14d/0xf80
[  136.467251][ T5337]  ? trace_irq_disable+0x3b/0x150
[  136.469394][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.471824][ T5337]  ? clear_bhb_loop+0x40/0x90
[  136.473595][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.476001][ T5337] RIP: 0033:0x7f740499c629
[  136.477850][ T5337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  136.486277][ T5337] RSP: 002b:00007f74005d2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  136.489797][ T5337] RAX: ffffffffffffffda RBX: 00007f7404c16270 RCX: 00007f740499c629
[  136.493319][ T5337] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 000000000000000c
[  136.496661][ T5337] RBP: 00007f7404a32b39 R08: 0000000000000000 R09: 0000000000000000
[  136.500066][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  136.503490][ T5337] R13: 00007f7404c16308 R14: 00007f7404c16270 R15: 00007ffd85265a48
[  136.506993][ T5337]  </TASK>
[  136.508362][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  136.511253][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  136.514880][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  136.519031][ T5337] Call Trace:
[  136.520462][ T5337]  <TASK>
[  136.521607][ T5337]  vpanic+0x56c/0xa60
[  136.523291][ T5337]  ? __pfx__printk+0x10/0x10
[  136.525223][ T5337]  ? __pfx_vpanic+0x10/0x10
[  136.527146][ T5337]  ? is_bpf_text_address+0x292/0x2b0
[  136.529314][ T5337]  ? is_bpf_text_address+0x26/0x2b0
[  136.531490][ T5337]  panic+0xc5/0xd0
[  136.533036][ T5337]  ? __pfx_panic+0x10/0x10
[  136.534991][ T5337]  __warn+0x315/0x4f0
[  136.536707][ T5337]  ? usb_submit_urb+0x1052/0x18b0
[  136.538919][ T5337]  ? usb_submit_urb+0x1052/0x18b0
[  136.541139][ T5337]  __report_bug+0x29a/0x540
[  136.543088][ T5337]  ? usb_submit_urb+0x1052/0x18b0
[  136.545269][ T5337]  ? __pfx___report_bug+0x10/0x10
[  136.547240][ T5337]  ? lockdep_hardirqs_on+0x7a/0x110
[  136.549428][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  136.551955][ T5337]  report_bug_entry+0x19a/0x290
[  136.554042][ T5337]  ? usb_submit_urb+0x1114/0x18b0
[  136.556241][ T5337]  ? usb_submit_urb+0x1119/0x18b0
[  136.558378][ T5337]  handle_bug+0xca/0x200
[  136.560080][ T5337]  exc_invalid_op+0x1a/0x50
[  136.561801][ T5337]  asm_exc_invalid_op+0x1a/0x20
[  136.563796][ T5337] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  136.565990][ T5337] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  136.573301][ T5337] RSP: 0018:ffffc9000ef77688 EFLAGS: 00010246
[  136.576053][ T5337] RAX: 0000000000000000 RBX: ffff888035f83700 RCX: 0000000080000280
[  136.578909][ T5337] RDX: ffff888042133940 RSI: ffffffff8c7f0240 RDI: ffffffff901edaa0
[  136.581997][ T5337] RBP: 1ffff110088c0abc R08: 00000000000000c0 R09: 0000000000000000
[  136.585408][ T5337] R10: ffffc9000ef77780 R11: fffff52001deeefc R12: ffff888012a5e100
[  136.588637][ T5337] R13: ffff8880446055e0 R14: 0000000080000280 R15: ffff888042133940
[  136.592078][ T5337]  ? usb_submit_urb+0x10a3/0x18b0
[  136.594231][ T5337]  ? __init_swait_queue_head+0xa9/0x150
[  136.596397][ T5337]  usb_start_wait_urb+0x12b/0x510
[  136.598341][ T5337]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  136.600462][ T5337]  usb_control_msg+0x232/0x3e0
[  136.602398][ T5337]  dtv5100_i2c_msg+0x231/0x2f0
[  136.604367][ T5337]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  136.606429][ T5337]  ? __bfs+0x153/0x290
[  136.608047][ T5337]  __i2c_transfer+0x79a/0x2020
[  136.610114][ T5337]  __i2c_smbus_xfer+0xfca/0x1f70
[  136.612148][ T5337]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  136.614292][ T5337]  ? lockdep_hardirqs_on+0x7a/0x110
[  136.616462][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  136.618839][ T5337]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  136.621126][ T5337]  i2c_smbus_xfer+0x1f4/0x310
[  136.623109][ T5337]  i2cdev_ioctl_smbus+0x434/0x730
[  136.625550][ T5337]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  136.627974][ T5337]  i2cdev_ioctl+0x615/0x880
[  136.629835][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  136.631825][ T5337]  ? __fget_files+0x2a/0x420
[  136.633859][ T5337]  ? __fget_files+0x3a0/0x420
[  136.636092][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[  136.638872][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  136.641680][ T5337]  __se_sys_ioctl+0xfc/0x170
[  136.643967][ T5337]  do_syscall_64+0x14d/0xf80
[  136.646072][ T5337]  ? trace_irq_disable+0x3b/0x150
[  136.648375][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.650982][ T5337]  ? clear_bhb_loop+0x40/0x90
[  136.653197][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.655749][ T5337] RIP: 0033:0x7f740499c629
[  136.657723][ T5337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  136.666041][ T5337] RSP: 002b:00007f74005d2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  136.669756][ T5337] RAX: ffffffffffffffda RBX: 00007f7404c16270 RCX: 00007f740499c629
[  136.673349][ T5337] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 000000000000000c
[  136.677035][ T5337] RBP: 00007f7404a32b39 R08: 0000000000000000 R09: 0000000000000000
[  136.680580][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  136.684071][ T5337] R13: 00007f7404c16308 R14: 00007f7404c16270 R15: 00007ffd85265a48
[  136.687627][ T5337]  </TASK>
[  136.689351][ T5337] Kernel Offset: disabled
[  136.691203][ T5337] Rebooting in 86400 seconds..