program:
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000180), 0x123402, 0x0)
ioctl$RNDCLEARPOOL(r0, 0x5206, 0x0)
r1 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000040)=@security={'security\x00', 0xe, 0x4, 0x308, 0xffffffff, 0x0, 0x600, 0x168, 0xffffffff, 0xffffffff, 0x270, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x6, 0x4, 0x0, 0x1, 0x1, 0x4], 0x1, 0x5}, {0x4, [0x5, 0x4, 0x2, 0x2, 0x1, 0x3], 0x4, 0x2}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x2, 0x0, 0x2, 0x4, 0x5, 0x1], 0x1, 0x2}, {0x2, [0x0, 0x7, 0x0, 0x0, 0x2, 0x1]}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @multicast, 0xd, 0xf, [0x33, 0x3e, 0x25, 0x23, 0x25, 0x2b, 0xb, 0x21, 0x12, 0x15, 0x1c, 0x8, 0x16, 0x37, 0x3b, 0x3a], 0x1, 0x9044, 0xff}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x368)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5800fbff01060108000000000000000005000001050001010000000014000300686173683a69702c706f72742c6970000900020073797a30000000000c000780080012400000000c05000500020000000500040000000000"], 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x4800)
sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000000019af636120001000700"/28], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4084)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x18, &(0x7f0000000400)=ANY=[@ANYBLOB="36965b55eb4c"], 0x0, 0x0, 0x0, 0x0})
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), r5)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r8, @ANYRESDEC=r5], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r5, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=<r9=>r6, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c000500040000020000000008000100030000000500020000"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000140)={0x1, 0xa, 0x1, &(0x7f0000000000)={0x1c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})
r10 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
sendfile(r10, 0xffffffffffffffff, 0x0, 0xd344)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r10, 0x89f3, &(0x7f00000003c0)={'syztnl1\x00', &(0x7f0000000440)={'gre0\x00', 0x0, 0x40, 0xf887, 0x1, 0xe, {{0x13, 0x4, 0x1, 0x2, 0x4c, 0x64, 0x0, 0x35, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x23}, @multicast2, {[@generic={0x89, 0x10, "e3a582f84f4ad0e0965d0f908177"}, @lsrr={0x83, 0x17, 0xdf, [@rand_addr=0x64010101, @private=0xa010102, @remote, @remote, @empty]}, @ssrr={0x89, 0xf, 0x63, [@loopback, @empty, @multicast2]}]}}}}})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f00000004c0)={0x50, r11, 0x8, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x0, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x0, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x0, 0x5, 0x1}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xd}]}, 0x50}, 0x1, 0x0, 0x0, 0x20004080}, 0x8800)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000004cc0), r12)
sendmsg$NLBL_UNLABEL_C_STATICADD(r12, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000004e00)={&(0x7f0000004d00)=ANY=[@ANYRES16=r13, @ANYRES16=r13, @ANYRES32=r9], 0x84}, 0x1, 0x0, 0x0, 0x4}, 0x2004c840)

[   74.567692][ T5321] Bluetooth: hci0: command tx timeout
[   74.857223][ T5339] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.007347][ T5339] usb 5-1: Using ep0 maxpacket: 16
[   75.015342][ T5339] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   75.019551][ T5339] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.022969][ T5339] usb 5-1: Product: syz
[   75.024821][ T5339] usb 5-1: Manufacturer: syz
[   75.026770][ T5339] usb 5-1: SerialNumber: syz
[   75.038256][ T5339] usb 5-1: config 0 descriptor??
[   75.444720][ T5339] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   75.454180][ T5339] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   75.464329][ T5339] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   75.469173][ T5339] usb 5-1: media controller created
[   75.480565][ T5339] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   75.669190][ T5339] zl10353_read_register: readreg error (reg=127, ret==0)
[   75.675866][ T5339] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   75.687970][ T5339] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   76.023350][ T5342] netlink: 212 bytes leftover after parsing attributes in process `syz.0.0'.
[   76.047956][ T5342] ------------[ cut here ]------------
[   76.050514][ T5342] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   76.053831][ T5342] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#0: syz.0.0/5342
[   76.058222][ T5342] Modules linked in:
[   76.060046][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.064450][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.069124][ T5342] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   76.071485][ T5342] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   76.079965][ T5342] RSP: 0018:ffffc9000be67560 EFLAGS: 00010246
[   76.082563][ T5342] RAX: 0000000000000000 RBX: ffff888034a16800 RCX: 0000000080000280
[   76.085797][ T5342] RDX: ffff888038333ba0 RSI: ffffffff8c341a80 RDI: ffffffff8faf01f0
[   76.089292][ T5342] RBP: 1ffff1100846b138 R08: 00000000000000c0 R09: 0000000000000000
[   76.092692][ T5342] R10: ffffc9000be67660 R11: fffff520017cced8 R12: ffff8880342e0100
[   76.095857][ T5342] R13: ffff8880423589c0 R14: 0000000080000280 R15: ffff888038333ba0
[   76.099408][ T5342] FS:  00007f1c7f62c6c0(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000
[   76.103045][ T5342] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.105867][ T5342] CR2: 00007ffc11d3ec88 CR3: 0000000011f10000 CR4: 0000000000352ef0
[   76.110869][ T5342] Call Trace:
[   76.112270][ T5342]  <TASK>
[   76.113514][ T5342]  ? __init_swait_queue_head+0xa9/0x150
[   76.115966][ T5342]  usb_start_wait_urb+0x115/0x4f0
[   76.118151][ T5342]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   76.120493][ T5342]  usb_control_msg+0x232/0x3e0
[   76.122529][ T5342]  dtv5100_i2c_msg+0x231/0x2f0
[   76.124676][ T5342]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   76.127197][ T5342]  ? __pfx_hlock_conflict+0x10/0x10
[   76.129245][ T5342]  __i2c_transfer+0x871/0x2110
[   76.130929][ T5342]  ? check_noncircular+0xda/0x150
[   76.132624][ T5342]  ? __pfx___i2c_transfer+0x10/0x10
[   76.134512][ T5342]  __i2c_smbus_xfer+0xf80/0x1e40
[   76.136276][ T5342]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   76.138382][ T5342]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.140712][ T5342]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.143011][ T5342]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.145893][ T5342]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   76.148391][ T5342]  i2c_smbus_xfer+0x275/0x3c0
[   76.150491][ T5342]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   76.152642][ T5342]  i2cdev_ioctl_smbus+0x3db/0x750
[   76.154771][ T5342]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   76.157346][ T5342]  i2cdev_ioctl+0x5d3/0x820
[   76.159142][ T5342]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.161204][ T5342]  ? __fget_files+0x2a/0x420
[   76.163132][ T5342]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.165243][ T5342]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.167592][ T5342]  __se_sys_ioctl+0xfc/0x170
[   76.169654][ T5342]  do_syscall_64+0xfa/0xf80
[   76.171502][ T5342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.173986][ T5342]  ? clear_bhb_loop+0x60/0xb0
[   76.176078][ T5342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.178780][ T5342] RIP: 0033:0x7f1c7e78f7c9
[   76.180590][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.189195][ T5342] RSP: 002b:00007f1c7f62c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.192956][ T5342] RAX: ffffffffffffffda RBX: 00007f1c7e9e6090 RCX: 00007f1c7e78f7c9
[   76.196458][ T5342] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000005
[   76.200242][ T5342] RBP: 00007f1c7e813f91 R08: 0000000000000000 R09: 0000000000000000
[   76.203247][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.207035][ T5342] R13: 00007f1c7e9e6128 R14: 00007f1c7e9e6090 R15: 00007ffc11d3f2c8
[   76.210592][ T5342]  </TASK>
[   76.212220][ T5342] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   76.215057][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.218860][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.223488][ T5342] Call Trace:
[   76.224956][ T5342]  <TASK>
[   76.226312][ T5342]  dump_stack_lvl+0x99/0x250
[   76.228529][ T5342]  ? __asan_memcpy+0x40/0x70
[   76.230637][ T5342]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.232963][ T5342]  ? __pfx__printk+0x10/0x10
[   76.234903][ T5342]  vpanic+0x237/0x6d0
[   76.236564][ T5342]  ? __pfx_vpanic+0x10/0x10
[   76.238521][ T5342]  ? is_bpf_text_address+0x292/0x2b0
[   76.241102][ T5342]  ? is_bpf_text_address+0x26/0x2b0
[   76.243396][ T5342]  panic+0xb9/0xc0
[   76.245073][ T5342]  ? __pfx_panic+0x10/0x10
[   76.246967][ T5342]  __warn+0x317/0x4b0
[   76.248710][ T5342]  ? usb_submit_urb+0x105c/0x18d0
[   76.250915][ T5342]  ? usb_submit_urb+0x105c/0x18d0
[   76.253086][ T5342]  __report_bug+0x288/0x500
[   76.255073][ T5342]  ? usb_submit_urb+0x105c/0x18d0
[   76.257429][ T5342]  ? __pfx___report_bug+0x10/0x10
[   76.259444][ T5342]  report_bug_entry+0x19a/0x290
[   76.261478][ T5342]  ? usb_submit_urb+0x111c/0x18d0
[   76.263629][ T5342]  ? usb_submit_urb+0x1121/0x18d0
[   76.265635][ T5342]  handle_bug+0xca/0x200
[   76.267396][ T5342]  exc_invalid_op+0x1a/0x50
[   76.269325][ T5342]  asm_exc_invalid_op+0x1a/0x20
[   76.271336][ T5342] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   76.273699][ T5342] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   76.281482][ T5342] RSP: 0018:ffffc9000be67560 EFLAGS: 00010246
[   76.283955][ T5342] RAX: 0000000000000000 RBX: ffff888034a16800 RCX: 0000000080000280
[   76.287495][ T5342] RDX: ffff888038333ba0 RSI: ffffffff8c341a80 RDI: ffffffff8faf01f0
[   76.290831][ T5342] RBP: 1ffff1100846b138 R08: 00000000000000c0 R09: 0000000000000000
[   76.293934][ T5342] R10: ffffc9000be67660 R11: fffff520017cced8 R12: ffff8880342e0100
[   76.297262][ T5342] R13: ffff8880423589c0 R14: 0000000080000280 R15: ffff888038333ba0
[   76.300619][ T5342]  ? __init_swait_queue_head+0xa9/0x150
[   76.302912][ T5342]  usb_start_wait_urb+0x115/0x4f0
[   76.305008][ T5342]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   76.307376][ T5342]  usb_control_msg+0x232/0x3e0
[   76.309384][ T5342]  dtv5100_i2c_msg+0x231/0x2f0
[   76.311321][ T5342]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   76.313334][ T5342]  ? __pfx_hlock_conflict+0x10/0x10
[   76.315424][ T5342]  __i2c_transfer+0x871/0x2110
[   76.317504][ T5342]  ? check_noncircular+0xda/0x150
[   76.319687][ T5342]  ? __pfx___i2c_transfer+0x10/0x10
[   76.321912][ T5342]  __i2c_smbus_xfer+0xf80/0x1e40
[   76.324010][ T5342]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   76.326388][ T5342]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.328909][ T5342]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.331290][ T5342]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.334128][ T5342]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   76.336767][ T5342]  i2c_smbus_xfer+0x275/0x3c0
[   76.338757][ T5342]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   76.340872][ T5342]  i2cdev_ioctl_smbus+0x3db/0x750
[   76.342910][ T5342]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   76.345036][ T5342]  i2cdev_ioctl+0x5d3/0x820
[   76.346928][ T5342]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.348882][ T5342]  ? __fget_files+0x2a/0x420
[   76.350821][ T5342]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.352953][ T5342]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.354787][ T5342]  __se_sys_ioctl+0xfc/0x170
[   76.356690][ T5342]  do_syscall_64+0xfa/0xf80
[   76.358497][ T5342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.360855][ T5342]  ? clear_bhb_loop+0x60/0xb0
[   76.362711][ T5342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.365136][ T5342] RIP: 0033:0x7f1c7e78f7c9
[   76.366974][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.374773][ T5342] RSP: 002b:00007f1c7f62c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.378198][ T5342] RAX: ffffffffffffffda RBX: 00007f1c7e9e6090 RCX: 00007f1c7e78f7c9
[   76.381382][ T5342] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000005
[   76.384666][ T5342] RBP: 00007f1c7e813f91 R08: 0000000000000000 R09: 0000000000000000
[   76.388137][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.391434][ T5342] R13: 00007f1c7e9e6128 R14: 00007f1c7e9e6090 R15: 00007ffc11d3f2c8
[   76.394661][ T5342]  </TASK>
[   76.396393][ T5342] Kernel Offset: disabled
[   76.398323][ T5342] Rebooting in 86400 seconds..