program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0) (async)
r1 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x80000, 0x0)
ioctl$CDROM_DEBUG(r1, 0x5330, 0x1)
ioctl$CDROM_DISC_STATUS(r1, 0x5327)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) (async)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r2, r4, 0x0, 0x0, @val=@perf_event={0x9}}, 0x18) (async)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r2, r4, 0x0, 0x0, @val=@perf_event={0x9}}, 0x18)
io_uring_setup(0x228a, &(0x7f0000000180)={0x0, 0x6d8b, 0x4, 0x0, 0xb9, 0x0, r4})
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) (async)
r5 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x18, &(0x7f0000000400)={0x20, 0x16}, 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x1c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000100200012800e0001006970366772657461700000000c00028008000400040000000a000100a8c98c98a8440000"], 0x4c}}, 0x4001) (async)
sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000100200012800e0001006970366772657461700000000c00028008000400040000000a000100a8c98c98a8440000"], 0x4c}}, 0x4001)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x48a, &(0x7f00000002c0)={[{@sb={'sb', 0x3d, 0xffffffffffffffd9}}, {@data_err_ignore, 0x22}, {@errors_continue}, {@noload}, {@abort}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x1}, 0x22}, {@data_ordered}, {@errors_remount}, {@noblock_validity}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
mount(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x2200020, &(0x7f0000000000))

[   85.479428][ T4663] Bluetooth: hci0: command tx timeout
[   85.779018][ T1360] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.928911][ T1360] usb 5-1: Using ep0 maxpacket: 16
[   85.937150][ T1360] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   85.941308][ T1360] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.944880][ T1360] usb 5-1: Product: syz
[   85.946941][ T1360] usb 5-1: Manufacturer: syz
[   85.949840][ T1360] usb 5-1: SerialNumber: syz
[   85.955913][ T1360] usb 5-1: config 0 descriptor??
[   86.186831][ T1360] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   86.195788][ T1360] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   86.202243][ T1360] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   86.205626][ T1360] usb 5-1: media controller created
[   86.217858][ T1360] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   86.387588][ T1360] zl10353_read_register: readreg error (reg=127, ret==0)
[   86.391471][ T1360] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   86.394845][ T1360] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   87.109084][ T5326] ------------[ cut here ]------------
[   87.111501][ T5326] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   87.114977][ T5326] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.0.0/5326
[   87.119941][ T5326] Modules linked in:
[   87.121844][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.125531][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.129113][ T5326] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   87.131018][ T5326] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   87.137680][ T5326] RSP: 0018:ffffc9000e3bf688 EFLAGS: 00010246
[   87.140083][ T5326] RAX: 0000000000000000 RBX: ffff888032854800 RCX: 0000000080000280
[   87.143455][ T5326] RDX: ffff88801233ce20 RSI: ffffffff8c7f0380 RDI: ffffffff901edde0
[   87.146922][ T5326] RBP: 1ffff11006f81250 R08: 00000000000000c0 R09: 0000000000000000
[   87.150926][ T5326] R10: ffffc9000e3bf780 R11: fffff52001c77efc R12: ffff88803803b100
[   87.154488][ T5326] R13: ffff888037c09280 R14: 0000000080000280 R15: ffff88801233ce20
[   87.158142][ T5326] FS:  00007fb77324f6c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   87.162257][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.165525][ T5326] CR2: 000055d13f42d520 CR3: 0000000037ea9000 CR4: 0000000000352ef0
[   87.169536][ T5326] Call Trace:
[   87.170986][ T5326]  <TASK>
[   87.172287][ T5326]  ? __init_swait_queue_head+0xa9/0x150
[   87.174779][ T5326]  usb_start_wait_urb+0x12b/0x510
[   87.176981][ T5326]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.179565][ T5326]  usb_control_msg+0x232/0x3e0
[   87.181614][ T5326]  dtv5100_i2c_msg+0x231/0x2f0
[   87.183876][ T5326]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   87.186143][ T5326]  ? __bfs+0x153/0x290
[   87.188055][ T5326]  __i2c_transfer+0x79a/0x2020
[   87.190330][ T5326]  __i2c_smbus_xfer+0xfca/0x1f70
[   87.192631][ T5326]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.195110][ T5326]  ? lockdep_hardirqs_on+0x7a/0x110
[   87.197388][ T5326]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.199846][ T5326]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   87.202049][ T5326]  i2c_smbus_xfer+0x1f4/0x310
[   87.203986][ T5326]  i2cdev_ioctl_smbus+0x434/0x730
[   87.206026][ T5326]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.208479][ T5326]  i2cdev_ioctl+0x615/0x880
[   87.210667][ T5326]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.213016][ T5326]  ? __fget_files+0x2a/0x420
[   87.214988][ T5326]  ? __fget_files+0x3a0/0x420
[   87.216929][ T5326]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.219403][ T5326]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.221475][ T5326]  __se_sys_ioctl+0xfc/0x170
[   87.223179][ T5326]  do_syscall_64+0x14d/0xf80
[   87.224918][ T5326]  ? trace_irq_disable+0x3b/0x150
[   87.226910][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.229575][ T5326]  ? clear_bhb_loop+0x40/0x90
[   87.231493][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.233993][ T5326] RIP: 0033:0x7fb77239c799
[   87.235838][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.244020][ T5326] RSP: 002b:00007fb77324f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.247513][ T5326] RAX: ffffffffffffffda RBX: 00007fb772616180 RCX: 00007fb77239c799
[   87.251232][ T5326] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 000000000000000b
[   87.254637][ T5326] RBP: 00007fb772432bd9 R08: 0000000000000000 R09: 0000000000000000
[   87.258247][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.261772][ T5326] R13: 00007fb772616218 R14: 00007fb772616180 R15: 00007ffd189ce718
[   87.265561][ T5326]  </TASK>
[   87.266852][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.269927][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.273855][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.278305][ T5326] Call Trace:
[   87.279806][ T5326]  <TASK>
[   87.281136][ T5326]  vpanic+0x56c/0xa60
[   87.282803][ T5326]  ? __pfx__printk+0x10/0x10
[   87.284647][ T5326]  ? __pfx_vpanic+0x10/0x10
[   87.286394][ T5326]  ? is_bpf_text_address+0x292/0x2b0
[   87.288712][ T5326]  ? is_bpf_text_address+0x26/0x2b0
[   87.290938][ T5326]  panic+0xc5/0xd0
[   87.292657][ T5326]  ? __pfx_panic+0x10/0x10
[   87.294675][ T5326]  __warn+0x315/0x4f0
[   87.296415][ T5326]  ? usb_submit_urb+0x1052/0x18b0
[   87.298503][ T5326]  ? usb_submit_urb+0x1052/0x18b0
[   87.300496][ T5326]  __report_bug+0x29a/0x540
[   87.302578][ T5326]  ? usb_submit_urb+0x1052/0x18b0
[   87.304692][ T5326]  ? __pfx___report_bug+0x10/0x10
[   87.306706][ T5326]  ? lockdep_hardirqs_on+0x7a/0x110
[   87.308951][ T5326]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.311412][ T5326]  report_bug_entry+0x19a/0x290
[   87.313482][ T5326]  ? usb_submit_urb+0x1114/0x18b0
[   87.315515][ T5326]  ? usb_submit_urb+0x1119/0x18b0
[   87.317711][ T5326]  handle_bug+0xca/0x200
[   87.319455][ T5326]  exc_invalid_op+0x1a/0x50
[   87.321617][ T5326]  asm_exc_invalid_op+0x1a/0x20
[   87.323712][ T5326] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[   87.326161][ T5326] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[   87.335375][ T5326] RSP: 0018:ffffc9000e3bf688 EFLAGS: 00010246
[   87.338274][ T5326] RAX: 0000000000000000 RBX: ffff888032854800 RCX: 0000000080000280
[   87.341658][ T5326] RDX: ffff88801233ce20 RSI: ffffffff8c7f0380 RDI: ffffffff901edde0
[   87.345098][ T5326] RBP: 1ffff11006f81250 R08: 00000000000000c0 R09: 0000000000000000
[   87.348238][ T5326] R10: ffffc9000e3bf780 R11: fffff52001c77efc R12: ffff88803803b100
[   87.351258][ T5326] R13: ffff888037c09280 R14: 0000000080000280 R15: ffff88801233ce20
[   87.354120][ T5326]  ? usb_submit_urb+0x10a3/0x18b0
[   87.355947][ T5326]  ? __init_swait_queue_head+0xa9/0x150
[   87.357924][ T5326]  usb_start_wait_urb+0x12b/0x510
[   87.359971][ T5326]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.362269][ T5326]  usb_control_msg+0x232/0x3e0
[   87.364192][ T5326]  dtv5100_i2c_msg+0x231/0x2f0
[   87.366055][ T5326]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   87.368137][ T5326]  ? __bfs+0x153/0x290
[   87.369871][ T5326]  __i2c_transfer+0x79a/0x2020
[   87.372214][ T5326]  __i2c_smbus_xfer+0xfca/0x1f70
[   87.374457][ T5326]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.376756][ T5326]  ? lockdep_hardirqs_on+0x7a/0x110
[   87.378894][ T5326]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.381425][ T5326]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   87.383858][ T5326]  i2c_smbus_xfer+0x1f4/0x310
[   87.385970][ T5326]  i2cdev_ioctl_smbus+0x434/0x730
[   87.388218][ T5326]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.390592][ T5326]  i2cdev_ioctl+0x615/0x880
[   87.392688][ T5326]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.394988][ T5326]  ? __fget_files+0x2a/0x420
[   87.397151][ T5326]  ? __fget_files+0x3a0/0x420
[   87.399283][ T5326]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.401582][ T5326]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.403853][ T5326]  __se_sys_ioctl+0xfc/0x170
[   87.405981][ T5326]  do_syscall_64+0x14d/0xf80
[   87.408151][ T5326]  ? trace_irq_disable+0x3b/0x150
[   87.409973][ T5326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.412362][ T5326]  ? clear_bhb_loop+0x40/0x90
[   87.414333][ T5326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.416643][ T5326] RIP: 0033:0x7fb77239c799
[   87.418378][ T5326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.425947][ T5326] RSP: 002b:00007fb77324f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.429413][ T5326] RAX: ffffffffffffffda RBX: 00007fb772616180 RCX: 00007fb77239c799
[   87.432550][ T5326] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 000000000000000b
[   87.435676][ T5326] RBP: 00007fb772432bd9 R08: 0000000000000000 R09: 0000000000000000
[   87.439227][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.442345][ T5326] R13: 00007fb772616218 R14: 00007fb772616180 R15: 00007ffd189ce718
[   87.445397][ T5326]  </TASK>
[   87.447056][ T5326] Kernel Offset: disabled
[   87.448897][ T5326] Rebooting in 86400 seconds..