program:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffaa"], 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f00000001c0)={[{@uni_xlateno}, {@numtail}, {@fat=@codepage={'codepage', 0x3d, '936'}}, {@shortname_mixed}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@iocharset={'iocharset', 0x3d, 'cp949'}}, {@numtail}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'macgreek'}}]}, 0x2, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==")
r1 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
writev(r0, &(0x7f0000000700)=[{&(0x7f0000000280)="f64ced", 0x3}, {&(0x7f00000003c0)="3631b4d616faaaee4bf95a2b784b42dccce7a4d938f8d131c72cfa783428d733093b054a218703b74f11c057fefde5cc6e6777d20b8fb29d45b7e110c9d302253a88b0fd310ac8afe01bd4e59747eaa0f8ba6548b6beb0af20a8985f2b605931bc206d66cc02757b08efe19d34fb217ef9073d3eb0878ca078bd719af427fcc874b830791fd1742c07f0f54b94ee612c5e4eb8811c530a4e1f2d369a653e83330a97052412480534fb27251dabbf724aef90a7b19d58bcf9f6792df466386c2cffc0dc31d835d1135e74e452c930e3cd71fb12fee3143fa036a47ec1e83dd57f7bd9783fa5f4352b63f9e08c14f782247e0f604ed8a3d114fc2d", 0xfa}, {&(0x7f00000002c0)="5e569877d7e2aa99eee9df8dda7ecf4b40d0e284906caedab5ffb781e5abc9b84ae66a1e928bc915dd97a2c6e28e5f5416b18256388e77285161e678dc8d4dd100530f8eb5ecc6b42b443ce87bb4c5bd7da7ad8a4e25aa6ec6408bcd866c3e4bf9b09dab44541588884ff76193986b28020185", 0x73}, {&(0x7f0000000340)="a3fe0b703e423809d17ee0084d95081416120b91a3de167eb8572661fe676c059b1b3f4a9445", 0x26}], 0x4)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000000)={0x1, 0x7f, 0x1, &(0x7f0000000100)={0x9c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})
fgetxattr(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="757365722efa"], 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000180)={0x1, 0x10, 0x8, &(0x7f0000000140)={0xf, "5ddcad1f1b20f2803c23497891e463063f56b30a448ee2e429e3a0f15dbc2bb87d"}})

[   68.470028][ T4668] Bluetooth: hci0: command tx timeout
[   68.513582][ T5321] loop0: detected capacity change from 0 to 256
[   68.787867][ T4848] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   68.938027][ T4848] usb 5-1: Using ep0 maxpacket: 16
[   68.946558][ T4848] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   68.950645][ T4848] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.954120][ T4848] usb 5-1: Product: syz
[   68.956022][ T4848] usb 5-1: Manufacturer: syz
[   68.958722][ T4848] usb 5-1: SerialNumber: syz
[   68.964013][ T4848] usb 5-1: config 0 descriptor??
[   69.373531][ T4848] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   69.382199][ T4848] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   69.387282][ T4848] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   69.391704][ T4848] usb 5-1: media controller created
[   69.407565][ T4848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   69.574452][ T4848] zl10353_read_register: readreg error (reg=127, ret==0)
[   69.577665][ T4848] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   69.582770][ T4848] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   69.937992][ T5322] ------------[ cut here ]------------
[   69.940623][ T5322] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   69.944768][ T5322] WARNING: CPU: 0 PID: 5322 at drivers/usb/core/urb.c:414 usb_submit_urb+0x114d/0x18b0
[   69.949357][ T5322] Modules linked in:
[   69.951245][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   69.955279][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.960043][ T5322] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   69.962586][ T5322] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 c0 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 e4 a0 8c fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   69.970754][ T5322] RSP: 0018:ffffc9000d44f540 EFLAGS: 00010246
[   69.973410][ T5322] RAX: 2fa7606cbdea5800 RBX: ffff88803664ae00 RCX: 0000000000100000
[   69.976961][ T5322] RDX: ffffc9000e5ab000 RSI: 0000000000000b7f RDI: 0000000000000b80
[   69.980603][ T5322] RBP: 1ffff1100a159698 R08: ffff88801fe24253 R09: 1ffff11003fc484a
[   69.984065][ T5322] R10: dffffc0000000000 R11: ffffed1003fc484b R12: ffff88803451f100
[   69.987548][ T5322] R13: ffff888050acb4c0 R14: 0000000080000280 R15: ffff8880120829e0
[   69.991026][ T5322] FS:  00007f9d614786c0(0000) GS:ffff88808d722000(0000) knlGS:0000000000000000
[   69.994946][ T5322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.997981][ T5322] CR2: 00007f9d61477fc8 CR3: 0000000011450000 CR4: 0000000000352ef0
[   70.001576][ T5322] Call Trace:
[   70.003128][ T5322]  <TASK>
[   70.004479][ T5322]  usb_start_wait_urb+0x114/0x4c0
[   70.006795][ T5322]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   70.009488][ T5322]  usb_control_msg+0x232/0x3e0
[   70.011647][ T5322]  dtv5100_i2c_msg+0x250/0x330
[   70.013827][ T5322]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   70.016076][ T5322]  __i2c_transfer+0x874/0x2170
[   70.018425][ T5322]  ? validate_chain+0x897/0x2140
[   70.020482][ T5322]  ? __pfx___i2c_transfer+0x10/0x10
[   70.022638][ T5322]  __i2c_smbus_xfer+0xfb0/0x1e50
[   70.024656][ T5322]  ? __lock_acquire+0xab9/0xd20
[   70.026666][ T5322]  ? do_raw_spin_lock+0x121/0x290
[   70.028823][ T5322]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   70.031071][ T5322]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   70.033870][ T5322]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   70.036448][ T5322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.039613][ T5322]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   70.042018][ T5322]  i2c_smbus_xfer+0x275/0x3c0
[   70.044187][ T5322]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   70.046525][ T5322]  ? __lock_acquire+0xab9/0xd20
[   70.048826][ T5322]  i2cdev_ioctl_smbus+0x43d/0x6d0
[   70.051138][ T5322]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   70.053607][ T5322]  i2cdev_ioctl+0x5d3/0x7f0
[   70.055695][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.058093][ T5322]  ? __fget_files+0x2a/0x420
[   70.060061][ T5322]  ? bpf_lsm_file_ioctl+0x9/0x20
[   70.062123][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.064233][ T5322]  __se_sys_ioctl+0xfc/0x170
[   70.066316][ T5322]  do_syscall_64+0xfa/0xfa0
[   70.068551][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.070878][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.073577][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   70.075684][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.078475][ T5322] RIP: 0033:0x7f9d6058f7c9
[   70.080488][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.089083][ T5322] RSP: 002b:00007f9d61478038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.092708][ T5322] RAX: ffffffffffffffda RBX: 00007f9d607e6090 RCX: 00007f9d6058f7c9
[   70.096121][ T5322] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000005
[   70.099754][ T5322] RBP: 00007f9d60613f91 R08: 0000000000000000 R09: 0000000000000000
[   70.103302][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.106766][ T5322] R13: 00007f9d607e6128 R14: 00007f9d607e6090 R15: 00007fffb5cc46d8
[   70.110481][ T5322]  </TASK>
[   70.111912][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   70.115159][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.119158][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.123758][ T5322] Call Trace:
[   70.125261][ T5322]  <TASK>
[   70.126609][ T5322]  dump_stack_lvl+0x99/0x250
[   70.128586][ T5322]  ? __asan_memcpy+0x40/0x70
[   70.130621][ T5322]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.132892][ T5322]  ? __pfx__printk+0x10/0x10
[   70.135010][ T5322]  vpanic+0x237/0x6d0
[   70.136810][ T5322]  ? __pfx_vpanic+0x10/0x10
[   70.138873][ T5322]  panic+0xb9/0xc0
[   70.140603][ T5322]  ? __pfx_panic+0x10/0x10
[   70.142592][ T5322]  __warn+0x31b/0x4b0
[   70.144401][ T5322]  ? usb_submit_urb+0x114d/0x18b0
[   70.146636][ T5322]  ? usb_submit_urb+0x114d/0x18b0
[   70.148895][ T5322]  report_bug+0x2be/0x4f0
[   70.150854][ T5322]  ? usb_submit_urb+0x114d/0x18b0
[   70.153146][ T5322]  ? usb_submit_urb+0x114d/0x18b0
[   70.155433][ T5322]  ? usb_submit_urb+0x114f/0x18b0
[   70.157673][ T5322]  handle_bug+0x84/0x160
[   70.159560][ T5322]  exc_invalid_op+0x1a/0x50
[   70.161518][ T5322]  asm_exc_invalid_op+0x1a/0x20
[   70.163606][ T5322] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   70.165977][ T5322] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 c0 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 e4 a0 8c fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   70.174125][ T5322] RSP: 0018:ffffc9000d44f540 EFLAGS: 00010246
[   70.176745][ T5322] RAX: 2fa7606cbdea5800 RBX: ffff88803664ae00 RCX: 0000000000100000
[   70.180136][ T5322] RDX: ffffc9000e5ab000 RSI: 0000000000000b7f RDI: 0000000000000b80
[   70.183644][ T5322] RBP: 1ffff1100a159698 R08: ffff88801fe24253 R09: 1ffff11003fc484a
[   70.187160][ T5322] R10: dffffc0000000000 R11: ffffed1003fc484b R12: ffff88803451f100
[   70.190344][ T5322] R13: ffff888050acb4c0 R14: 0000000080000280 R15: ffff8880120829e0
[   70.193065][ T5322]  usb_start_wait_urb+0x114/0x4c0
[   70.194860][ T5322]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   70.197208][ T5322]  usb_control_msg+0x232/0x3e0
[   70.199297][ T5322]  dtv5100_i2c_msg+0x250/0x330
[   70.201398][ T5322]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   70.203560][ T5322]  __i2c_transfer+0x874/0x2170
[   70.205709][ T5322]  ? validate_chain+0x897/0x2140
[   70.207919][ T5322]  ? __pfx___i2c_transfer+0x10/0x10
[   70.210193][ T5322]  __i2c_smbus_xfer+0xfb0/0x1e50
[   70.212446][ T5322]  ? __lock_acquire+0xab9/0xd20
[   70.214630][ T5322]  ? do_raw_spin_lock+0x121/0x290
[   70.216872][ T5322]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   70.219290][ T5322]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   70.221933][ T5322]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   70.224569][ T5322]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.227309][ T5322]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   70.229600][ T5322]  i2c_smbus_xfer+0x275/0x3c0
[   70.231654][ T5322]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   70.233902][ T5322]  ? __lock_acquire+0xab9/0xd20
[   70.236077][ T5322]  i2cdev_ioctl_smbus+0x43d/0x6d0
[   70.238311][ T5322]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   70.240751][ T5322]  i2cdev_ioctl+0x5d3/0x7f0
[   70.242787][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.244998][ T5322]  ? __fget_files+0x2a/0x420
[   70.247086][ T5322]  ? bpf_lsm_file_ioctl+0x9/0x20
[   70.249305][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.251563][ T5322]  __se_sys_ioctl+0xfc/0x170
[   70.253666][ T5322]  do_syscall_64+0xfa/0xfa0
[   70.255767][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.258096][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.260802][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   70.262863][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.265495][ T5322] RIP: 0033:0x7f9d6058f7c9
[   70.267548][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.275865][ T5322] RSP: 002b:00007f9d61478038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.279314][ T5322] RAX: ffffffffffffffda RBX: 00007f9d607e6090 RCX: 00007f9d6058f7c9
[   70.282720][ T5322] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000005
[   70.286238][ T5322] RBP: 00007f9d60613f91 R08: 0000000000000000 R09: 0000000000000000
[   70.289640][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.293133][ T5322] R13: 00007f9d607e6128 R14: 00007f9d607e6090 R15: 00007fffb5cc46d8
[   70.296628][ T5322]  </TASK>
[   70.298349][ T5322] Kernel Offset: disabled
[   70.300243][ T5322] Rebooting in 86400 seconds..