program:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x16, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ffffc, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xb2}}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000027c0), 0x800, 0x0)
ioctl$SOUND_PCM_READ_BITS(r3, 0x80045005, &(0x7f0000002800))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}]}, 0x58}}, 0x0)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000040)={0x1, 0x8, 0x1, &(0x7f0000000000)={0xf, "3ac071ffbc4c9a21008100000018deffff00"}})
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x16, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ffffc, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xb2}}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0) (async)
syz_usb_control_io$uac1(r1, 0x0, 0x0) (async)
syz_usb_control_io$printer(r1, 0x0, 0x0) (async)
syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) (async)
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) (async)
openat$audio(0xffffffffffffff9c, &(0x7f00000027c0), 0x800, 0x0) (async)
ioctl$SOUND_PCM_READ_BITS(r3, 0x80045005, &(0x7f0000002800)) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}]}, 0x58}}, 0x0) (async)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000040)={0x1, 0x8, 0x1, &(0x7f0000000000)={0xf, "3ac071ffbc4c9a21008100000018deffff00"}}) (async)

[   85.843957][ T5323] Bluetooth: hci0: command tx timeout
[   86.154636][ T5334] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   86.304665][ T5334] usb 5-1: Using ep0 maxpacket: 16
[   86.311861][ T5334] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   86.316182][ T5334] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.319632][ T5334] usb 5-1: Product: syz
[   86.321447][ T5334] usb 5-1: Manufacturer: syz
[   86.323474][ T5334] usb 5-1: SerialNumber: syz
[   86.329123][ T5334] usb 5-1: config 0 descriptor??
[   86.734826][ T5334] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   86.743742][ T5334] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   86.750113][ T5334] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   86.753850][ T5334] usb 5-1: media controller created
[   86.766305][ T5334] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   86.947148][ T5334] zl10353_read_register: readreg error (reg=127, ret==0)
[   86.950736][ T5334] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   86.956076][ T5334] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   87.314691][ T5351] ------------[ cut here ]------------
[   87.317207][ T5351] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   87.321062][ T5351] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#0: syz.0.0/5351
[   87.325669][ T5351] Modules linked in:
[   87.327474][ T5351] CPU: 0 UID: 0 PID: 5351 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.331203][ T5351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.337627][ T5351] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   87.340138][ T5351] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   87.348250][ T5351] RSP: 0018:ffffc900090df680 EFLAGS: 00010246
[   87.350753][ T5351] RAX: 0000000000000000 RBX: ffff888032f51100 RCX: 0000000080000280
[   87.353933][ T5351] RDX: ffff888035dd7aa0 RSI: ffffffff8c141b40 RDI: ffffffff8f8f0680
[   87.357157][ T5351] RBP: 1ffff11006ea0040 R08: 00000000000000c0 R09: 0000000000000000
[   87.360654][ T5351] R10: ffffc900090df780 R11: fffff5200121befc R12: ffff88803f899100
[   87.363898][ T5351] R13: ffff888037500200 R14: 0000000080000280 R15: ffff888035dd7aa0
[   87.367578][ T5351] FS:  00007f6abfc726c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000
[   87.371528][ T5351] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.375021][ T5351] CR2: 0000200000001080 CR3: 00000000125b2000 CR4: 0000000000352ef0
[   87.378249][ T5351] Call Trace:
[   87.379716][ T5351]  <TASK>
[   87.380970][ T5351]  ? __init_swait_queue_head+0xa9/0x150
[   87.383272][ T5351]  usb_start_wait_urb+0x115/0x4f0
[   87.385639][ T5351]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.388158][ T5351]  usb_control_msg+0x232/0x3e0
[   87.390281][ T5351]  dtv5100_i2c_msg+0x231/0x2f0
[   87.392447][ T5351]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   87.394945][ T5351]  __i2c_transfer+0x79a/0x1f00
[   87.397344][ T5351]  ? __lock_acquire+0x146f/0x2cf0
[   87.399662][ T5351]  __i2c_smbus_xfer+0xf5d/0x1e20
[   87.401903][ T5351]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.404367][ T5351]  ? lockdep_hardirqs_on+0x7b/0x110
[   87.406910][ T5351]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.409558][ T5351]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   87.411947][ T5351]  i2c_smbus_xfer+0x1f4/0x310
[   87.414112][ T5351]  i2cdev_ioctl_smbus+0x3db/0x750
[   87.416733][ T5351]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.419297][ T5351]  i2cdev_ioctl+0x5d3/0x820
[   87.421380][ T5351]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.423690][ T5351]  ? __fget_files+0x2a/0x420
[   87.425702][ T5351]  ? __fget_files+0x3a0/0x420
[   87.427721][ T5351]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.429907][ T5351]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.432190][ T5351]  __se_sys_ioctl+0xfc/0x170
[   87.434237][ T5351]  do_syscall_64+0xec/0xf80
[   87.436385][ T5351]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.439011][ T5351]  ? trace_irq_disable+0x37/0x100
[   87.441213][ T5351]  ? clear_bhb_loop+0x60/0xb0
[   87.443637][ T5351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.446751][ T5351] RIP: 0033:0x7f6abed8f7c9
[   87.449177][ T5351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.458376][ T5351] RSP: 002b:00007f6abfc72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.462342][ T5351] RAX: ffffffffffffffda RBX: 00007f6abefe6090 RCX: 00007f6abed8f7c9
[   87.466035][ T5351] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000006
[   87.469374][ T5351] RBP: 00007f6abee13f91 R08: 0000000000000000 R09: 0000000000000000
[   87.472822][ T5351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.476660][ T5351] R13: 00007f6abefe6128 R14: 00007f6abefe6090 R15: 00007ffd7dbb1698
[   87.480632][ T5351]  </TASK>
[   87.482113][ T5351] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.485637][ T5351] CPU: 0 UID: 0 PID: 5351 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.489333][ T5351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.494123][ T5351] Call Trace:
[   87.495644][ T5351]  <TASK>
[   87.497022][ T5351]  vpanic+0x1e0/0x670
[   87.498810][ T5351]  panic+0xb9/0xc0
[   87.500455][ T5351]  ? __pfx_panic+0x10/0x10
[   87.502370][ T5351]  __warn+0x317/0x4b0
[   87.504157][ T5351]  ? usb_submit_urb+0x105c/0x18d0
[   87.506240][ T5351]  ? usb_submit_urb+0x105c/0x18d0
[   87.508478][ T5351]  __report_bug+0x288/0x500
[   87.510403][ T5351]  ? usb_submit_urb+0x105c/0x18d0
[   87.512962][ T5351]  ? __pfx___report_bug+0x10/0x10
[   87.515686][ T5351]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   87.518569][ T5351]  ? lockdep_hardirqs_on+0x7b/0x110
[   87.520806][ T5351]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.523174][ T5351]  ? stack_depot_save_flags+0x3f3/0x810
[   87.525440][ T5351]  report_bug_entry+0x19a/0x290
[   87.527303][ T5351]  ? usb_submit_urb+0x111c/0x18d0
[   87.529448][ T5351]  ? usb_submit_urb+0x1121/0x18d0
[   87.531452][ T5351]  handle_bug+0xca/0x200
[   87.533250][ T5351]  exc_invalid_op+0x1a/0x50
[   87.535335][ T5351]  asm_exc_invalid_op+0x1a/0x20
[   87.537694][ T5351] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   87.540502][ T5351] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   87.549798][ T5351] RSP: 0018:ffffc900090df680 EFLAGS: 00010246
[   87.552467][ T5351] RAX: 0000000000000000 RBX: ffff888032f51100 RCX: 0000000080000280
[   87.556750][ T5351] RDX: ffff888035dd7aa0 RSI: ffffffff8c141b40 RDI: ffffffff8f8f0680
[   87.560456][ T5351] RBP: 1ffff11006ea0040 R08: 00000000000000c0 R09: 0000000000000000
[   87.563830][ T5351] R10: ffffc900090df780 R11: fffff5200121befc R12: ffff88803f899100
[   87.567256][ T5351] R13: ffff888037500200 R14: 0000000080000280 R15: ffff888035dd7aa0
[   87.570834][ T5351]  ? __init_swait_queue_head+0xa9/0x150
[   87.573296][ T5351]  usb_start_wait_urb+0x115/0x4f0
[   87.575485][ T5351]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.577823][ T5351]  usb_control_msg+0x232/0x3e0
[   87.579807][ T5351]  dtv5100_i2c_msg+0x231/0x2f0
[   87.581994][ T5351]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   87.584144][ T5351]  __i2c_transfer+0x79a/0x1f00
[   87.586246][ T5351]  ? __lock_acquire+0x146f/0x2cf0
[   87.588525][ T5351]  __i2c_smbus_xfer+0xf5d/0x1e20
[   87.591010][ T5351]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.593744][ T5351]  ? lockdep_hardirqs_on+0x7b/0x110
[   87.596300][ T5351]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.599200][ T5351]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   87.602010][ T5351]  i2c_smbus_xfer+0x1f4/0x310
[   87.604005][ T5351]  i2cdev_ioctl_smbus+0x3db/0x750
[   87.606108][ T5351]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.608656][ T5351]  i2cdev_ioctl+0x5d3/0x820
[   87.610684][ T5351]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.613180][ T5351]  ? __fget_files+0x2a/0x420
[   87.615646][ T5351]  ? __fget_files+0x3a0/0x420
[   87.618203][ T5351]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.620655][ T5351]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.622886][ T5351]  __se_sys_ioctl+0xfc/0x170
[   87.624966][ T5351]  do_syscall_64+0xec/0xf80
[   87.627041][ T5351]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.629773][ T5351]  ? trace_irq_disable+0x37/0x100
[   87.632129][ T5351]  ? clear_bhb_loop+0x60/0xb0
[   87.634368][ T5351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.637027][ T5351] RIP: 0033:0x7f6abed8f7c9
[   87.638941][ T5351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.647232][ T5351] RSP: 002b:00007f6abfc72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.650612][ T5351] RAX: ffffffffffffffda RBX: 00007f6abefe6090 RCX: 00007f6abed8f7c9
[   87.654051][ T5351] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000006
[   87.657593][ T5351] RBP: 00007f6abee13f91 R08: 0000000000000000 R09: 0000000000000000
[   87.661089][ T5351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.664953][ T5351] R13: 00007f6abefe6128 R14: 00007f6abefe6090 R15: 00007ffd7dbb1698
[   87.668485][ T5351]  </TASK>
[   87.670280][ T5351] Kernel Offset: disabled
[   87.672635][ T5351] Rebooting in 86400 seconds..