program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000580)=[{0x4, 0x1010, 0x0, 0x0}], 0x1})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x0, 0x9, 0x1, &(0x7f0000000000)={0xd, "0da271895c624c14deead7fde22bf7286462291722711e65b6aa1f7a1ac33bf5e3"}})

[   75.330622][ T4667] Bluetooth: hci0: command tx timeout
[   75.630607][ T5310] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.780624][ T5310] usb 5-1: Using ep0 maxpacket: 16
[   75.789152][ T5310] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   75.793165][ T5310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.796958][ T5310] usb 5-1: Product: syz
[   75.799050][ T5310] usb 5-1: Manufacturer: syz
[   75.802183][ T5310] usb 5-1: SerialNumber: syz
[   75.811095][ T5310] usb 5-1: config 0 descriptor??
[   76.222933][ T5310] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   76.232274][ T5310] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   76.237188][ T5310] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   76.241671][ T5310] usb 5-1: media controller created
[   76.261945][ T5310] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   76.465981][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.469425][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.802427][ T5310] zl10353_read_register: readreg error (reg=127, ret==0)
[   76.805773][ T5317] dtv5100: wlen = 0, aborting.
[   76.808810][ T5310] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   76.812918][ T5310] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   76.820530][ T5318] ------------[ cut here ]------------
[   76.823011][ T5318] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   76.829666][ T5318] WARNING: CPU: 0 PID: 5318 at drivers/usb/core/urb.c:414 usb_submit_urb+0x114d/0x18b0
[   76.834729][ T5318] Modules linked in:
[   76.837053][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.841176][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.845744][ T5318] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   76.848192][ T5318] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 40 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 b4 6e 8e fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   76.856782][ T5318] RSP: 0018:ffffc9000d427540 EFLAGS: 00010246
[   76.859472][ T5318] RAX: b1a8e8c8c608de00 RBX: ffff888035df6300 RCX: 0000000000100000
[   76.863570][ T5318] RDX: ffffc9000e773000 RSI: 0000000000000b74 RDI: 0000000000000b75
[   76.868024][ T5318] RBP: 1ffff11006ca2ccc R08: 0000000000000003 R09: 0000000000000004
[   76.871799][ T5318] R10: dffffc0000000000 R11: fffffbfff1bba680 R12: ffff8880427fd100
[   76.875784][ T5318] R13: ffff888036516660 R14: 0000000080000280 R15: ffff888042708ba0
[   76.879558][ T5318] FS:  00007fa09c3f06c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   76.884810][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.887633][ T5318] CR2: 00007f751e8fb8c8 CR3: 0000000032b8e000 CR4: 0000000000352ef0
[   76.891403][ T5318] Call Trace:
[   76.893024][ T5318]  <TASK>
[   76.894326][ T5318]  usb_start_wait_urb+0x114/0x4c0
[   76.896605][ T5318]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   76.899090][ T5318]  usb_control_msg+0x232/0x3e0
[   76.901430][ T5318]  dtv5100_i2c_msg+0x250/0x330
[   76.903567][ T5318]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   76.905695][ T5318]  __i2c_transfer+0x874/0x2170
[   76.907799][ T5318]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.910495][ T5318]  ? __pfx___i2c_transfer+0x10/0x10
[   76.912767][ T5318]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.915532][ T5318]  __i2c_smbus_xfer+0xfb0/0x1e50
[   76.917609][ T5318]  ? rt_mutex_slowlock+0x1c9/0x6e0
[   76.919818][ T5318]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   76.922220][ T5318]  ? __lock_acquire+0xab9/0xd20
[   76.924422][ T5318]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   76.927285][ T5318]  ? rt_mutex_lock_nested+0x172/0x1e0
[   76.930469][ T5318]  i2c_smbus_xfer+0x275/0x3c0
[   76.932507][ T5318]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   76.934630][ T5318]  ? __lock_acquire+0xab9/0xd20
[   76.936642][ T5318]  i2cdev_ioctl_smbus+0x1d1/0x6d0
[   76.938707][ T5318]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   76.942179][ T5318]  i2cdev_ioctl+0x5d3/0x7f0
[   76.944181][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.946277][ T5318]  ? __fget_files+0x2a/0x420
[   76.948187][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   76.950424][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   76.952510][ T5318]  __se_sys_ioctl+0xfc/0x170
[   76.954529][ T5318]  do_syscall_64+0xfa/0xfa0
[   76.956621][ T5318]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.958775][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.961516][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   76.963736][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.966176][ T5318] RIP: 0033:0x7fa09b58f6c9
[   76.968222][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.977255][ T5318] RSP: 002b:00007fa09c3f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   76.982262][ T5318] RAX: ffffffffffffffda RBX: 00007fa09b7e6090 RCX: 00007fa09b58f6c9
[   76.985545][ T5318] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[   76.988768][ T5318] RBP: 00007fa09b611f91 R08: 0000000000000000 R09: 0000000000000000
[   76.992140][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.995323][ T5318] R13: 00007fa09b7e6128 R14: 00007fa09b7e6090 R15: 00007ffe5a630c88
[   76.998633][ T5318]  </TASK>
[   77.000101][ T5318] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.003202][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.006889][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.011287][ T5318] Call Trace:
[   77.012796][ T5318]  <TASK>
[   77.014182][ T5318]  dump_stack_lvl+0x99/0x250
[   77.016708][ T5318]  ? __asan_memcpy+0x40/0x70
[   77.019197][ T5318]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.022393][ T5318]  ? __pfx__printk+0x10/0x10
[   77.024559][ T5318]  vpanic+0x237/0x6d0
[   77.026288][ T5318]  ? __pfx_vpanic+0x10/0x10
[   77.028302][ T5318]  panic+0xb9/0xc0
[   77.029977][ T5318]  ? __pfx_panic+0x10/0x10
[   77.031922][ T5318]  __warn+0x31b/0x4b0
[   77.033637][ T5318]  ? usb_submit_urb+0x114d/0x18b0
[   77.035867][ T5318]  ? usb_submit_urb+0x114d/0x18b0
[   77.037949][ T5318]  report_bug+0x2be/0x4f0
[   77.039857][ T5318]  ? usb_submit_urb+0x114d/0x18b0
[   77.042017][ T5318]  ? usb_submit_urb+0x114d/0x18b0
[   77.044192][ T5318]  ? usb_submit_urb+0x114f/0x18b0
[   77.046368][ T5318]  handle_bug+0x84/0x160
[   77.048271][ T5318]  exc_invalid_op+0x1a/0x50
[   77.050471][ T5318]  asm_exc_invalid_op+0x1a/0x20
[   77.052540][ T5318] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   77.054982][ T5318] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 40 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 b4 6e 8e fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   77.063289][ T5318] RSP: 0018:ffffc9000d427540 EFLAGS: 00010246
[   77.066138][ T5318] RAX: b1a8e8c8c608de00 RBX: ffff888035df6300 RCX: 0000000000100000
[   77.070719][ T5318] RDX: ffffc9000e773000 RSI: 0000000000000b74 RDI: 0000000000000b75
[   77.074524][ T5318] RBP: 1ffff11006ca2ccc R08: 0000000000000003 R09: 0000000000000004
[   77.077967][ T5318] R10: dffffc0000000000 R11: fffffbfff1bba680 R12: ffff8880427fd100
[   77.081336][ T5318] R13: ffff888036516660 R14: 0000000080000280 R15: ffff888042708ba0
[   77.084761][ T5318]  usb_start_wait_urb+0x114/0x4c0
[   77.087010][ T5318]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   77.089473][ T5318]  usb_control_msg+0x232/0x3e0
[   77.091654][ T5318]  dtv5100_i2c_msg+0x250/0x330
[   77.093743][ T5318]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   77.095904][ T5318]  __i2c_transfer+0x874/0x2170
[   77.098127][ T5318]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   77.100595][ T5318]  ? __pfx___i2c_transfer+0x10/0x10
[   77.103040][ T5318]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   77.105706][ T5318]  __i2c_smbus_xfer+0xfb0/0x1e50
[   77.107985][ T5318]  ? rt_mutex_slowlock+0x1c9/0x6e0
[   77.110432][ T5318]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   77.112949][ T5318]  ? __lock_acquire+0xab9/0xd20
[   77.115275][ T5318]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   77.117646][ T5318]  ? rt_mutex_lock_nested+0x172/0x1e0
[   77.120313][ T5318]  i2c_smbus_xfer+0x275/0x3c0
[   77.122479][ T5318]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   77.124848][ T5318]  ? __lock_acquire+0xab9/0xd20
[   77.127007][ T5318]  i2cdev_ioctl_smbus+0x1d1/0x6d0
[   77.129190][ T5318]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   77.131628][ T5318]  i2cdev_ioctl+0x5d3/0x7f0
[   77.133679][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   77.135917][ T5318]  ? __fget_files+0x2a/0x420
[   77.138056][ T5318]  ? bpf_lsm_file_ioctl+0x9/0x20
[   77.140408][ T5318]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   77.143021][ T5318]  __se_sys_ioctl+0xfc/0x170
[   77.145212][ T5318]  do_syscall_64+0xfa/0xfa0
[   77.147403][ T5318]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.149552][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.152220][ T5318]  ? clear_bhb_loop+0x60/0xb0
[   77.154393][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.157043][ T5318] RIP: 0033:0x7fa09b58f6c9
[   77.158992][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.167850][ T5318] RSP: 002b:00007fa09c3f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.171431][ T5318] RAX: ffffffffffffffda RBX: 00007fa09b7e6090 RCX: 00007fa09b58f6c9
[   77.174840][ T5318] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[   77.178124][ T5318] RBP: 00007fa09b611f91 R08: 0000000000000000 R09: 0000000000000000
[   77.181769][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.185183][ T5318] R13: 00007fa09b7e6128 R14: 00007fa09b7e6090 R15: 00007ffe5a630c88
[   77.188703][ T5318]  </TASK>
[   77.190644][ T5318] Kernel Offset: disabled
[   77.192748][ T5318] Rebooting in 86400 seconds..