program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x1, 0x6, 0x1, &(0x7f0000000000)={0x19, "3ac071ffbc4c9a216d398df0f558125211b40d6539c50000000000001800000001"}})
[ 77.122381][ T46] Bluetooth: hci0: command tx timeout
[ 77.437387][ T5330] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 77.587328][ T5330] usb 5-1: Using ep0 maxpacket: 16
[ 77.595822][ T5330] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 77.603504][ T5330] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 77.606969][ T5330] usb 5-1: Product: syz
[ 77.608962][ T5330] usb 5-1: Manufacturer: syz
[ 77.610940][ T5330] usb 5-1: SerialNumber: syz
[ 77.627751][ T5330] usb 5-1: config 0 descriptor??
[ 78.055440][ T5330] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[ 78.067732][ T5330] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 78.076992][ T5330] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[ 78.081321][ T5330] usb 5-1: media controller created
[ 78.093064][ T5330] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 78.262822][ T5330] zl10353_read_register: readreg error (reg=127, ret==0)
[ 78.265803][ T5330] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[ 78.270585][ T5330] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[ 78.637468][ T5333] ------------[ cut here ]------------
[ 78.640291][ T5333] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[ 78.643877][ T5333] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#0: syz.0.0/5333
[ 78.648030][ T5333] Modules linked in:
[ 78.649833][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 78.654787][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 78.660510][ T5333] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[ 78.663104][ T5333] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[ 78.672093][ T5333] RSP: 0018:ffffc9000e42f680 EFLAGS: 00010246
[ 78.674681][ T5333] RAX: 0000000000000000 RBX: ffff888032ef2d00 RCX: 0000000080000280
[ 78.678234][ T5333] RDX: ffff888030ba8e20 RSI: ffffffff8c141c20 RDI: ffffffff8f8f0ad0
[ 78.681651][ T5333] RBP: 1ffff1100248a084 R08: 00000000000000c0 R09: 0000000000000000
[ 78.685131][ T5333] R10: ffffc9000e42f780 R11: fffff52001c85efc R12: ffff888033540100
[ 78.688604][ T5333] R13: ffff888012450420 R14: 0000000080000280 R15: ffff888030ba8e20
[ 78.692009][ T5333] FS: 00007f1c4b2e86c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[ 78.695982][ T5333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 78.699015][ T5333] CR2: 00007f1c4b2e7fc8 CR3: 000000004079e000 CR4: 0000000000352ef0
[ 78.702504][ T5333] Call Trace:
[ 78.704072][ T5333]
[ 78.705473][ T5333] ? __init_swait_queue_head+0xa9/0x150
[ 78.708863][ T5333] usb_start_wait_urb+0x115/0x4f0
[ 78.712038][ T5333] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 78.715200][ T5333] usb_control_msg+0x232/0x3e0
[ 78.717451][ T5333] dtv5100_i2c_msg+0x231/0x2f0
[ 78.719669][ T5333] dtv5100_i2c_xfer+0x1a4/0x3c0
[ 78.721881][ T5333] __i2c_transfer+0x79a/0x1f00
[ 78.724096][ T5333] ? __lock_acquire+0x146f/0x2cf0
[ 78.726194][ T5333] __i2c_smbus_xfer+0xf5d/0x1e20
[ 78.728337][ T5333] ? __pfx___i2c_smbus_xfer+0x10/0x10
[ 78.730593][ T5333] ? lockdep_hardirqs_on+0x7b/0x110
[ 78.732881][ T5333] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 78.736079][ T5333] ? rt_mutex_lock_nested+0x15e/0x1e0
[ 78.739088][ T5333] i2c_smbus_xfer+0x1f4/0x310
[ 78.742025][ T5333] i2cdev_ioctl_smbus+0x3db/0x750
[ 78.744329][ T5333] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[ 78.746801][ T5333] i2cdev_ioctl+0x5d3/0x820
[ 78.749874][ T5333] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 78.752181][ T5333] ? __fget_files+0x2a/0x420
[ 78.754341][ T5333] ? __fget_files+0x3a0/0x420
[ 78.756491][ T5333] ? bpf_lsm_file_ioctl+0x9/0x20
[ 78.758746][ T5333] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 78.761054][ T5333] __se_sys_ioctl+0xfc/0x170
[ 78.763132][ T5333] do_syscall_64+0xec/0xf80
[ 78.765059][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.767777][ T5333] ? trace_irq_disable+0x37/0x100
[ 78.770065][ T5333] ? clear_bhb_loop+0x60/0xb0
[ 78.772192][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.774805][ T5333] RIP: 0033:0x7f1c4a38f7c9
[ 78.776867][ T5333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 78.785518][ T5333] RSP: 002b:00007f1c4b2e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 78.789478][ T5333] RAX: ffffffffffffffda RBX: 00007f1c4a5e6090 RCX: 00007f1c4a38f7c9
[ 78.793008][ T5333] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[ 78.796327][ T5333] RBP: 00007f1c4a413f91 R08: 0000000000000000 R09: 0000000000000000
[ 78.799569][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 78.802801][ T5333] R13: 00007f1c4a5e6128 R14: 00007f1c4a5e6090 R15: 00007ffd60fa4eb8
[ 78.805970][ T5333]
[ 78.807351][ T5333] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 78.810363][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 78.814295][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 78.818740][ T5333] Call Trace:
[ 78.820215][ T5333]
[ 78.821449][ T5333] vpanic+0x1e0/0x670
[ 78.823133][ T5333] panic+0xb9/0xc0
[ 78.824755][ T5333] ? __pfx_panic+0x10/0x10
[ 78.826754][ T5333] __warn+0x317/0x4b0
[ 78.828498][ T5333] ? usb_submit_urb+0x105c/0x18d0
[ 78.830643][ T5333] ? usb_submit_urb+0x105c/0x18d0
[ 78.832862][ T5333] __report_bug+0x288/0x500
[ 78.834749][ T5333] ? usb_submit_urb+0x105c/0x18d0
[ 78.837027][ T5333] ? __pfx___report_bug+0x10/0x10
[ 78.839272][ T5333] ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 78.841942][ T5333] ? lockdep_hardirqs_on+0x7b/0x110
[ 78.844328][ T5333] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 78.846952][ T5333] ? stack_depot_save_flags+0x3f3/0x810
[ 78.849318][ T5333] report_bug_entry+0x19a/0x290
[ 78.851460][ T5333] ? usb_submit_urb+0x111c/0x18d0
[ 78.853614][ T5333] ? usb_submit_urb+0x1121/0x18d0
[ 78.856287][ T5333] handle_bug+0xca/0x200
[ 78.858522][ T5333] exc_invalid_op+0x1a/0x50
[ 78.860598][ T5333] asm_exc_invalid_op+0x1a/0x20
[ 78.862662][ T5333] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[ 78.865128][ T5333] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[ 78.873344][ T5333] RSP: 0018:ffffc9000e42f680 EFLAGS: 00010246
[ 78.875996][ T5333] RAX: 0000000000000000 RBX: ffff888032ef2d00 RCX: 0000000080000280
[ 78.879274][ T5333] RDX: ffff888030ba8e20 RSI: ffffffff8c141c20 RDI: ffffffff8f8f0ad0
[ 78.882857][ T5333] RBP: 1ffff1100248a084 R08: 00000000000000c0 R09: 0000000000000000
[ 78.886322][ T5333] R10: ffffc9000e42f780 R11: fffff52001c85efc R12: ffff888033540100
[ 78.889881][ T5333] R13: ffff888012450420 R14: 0000000080000280 R15: ffff888030ba8e20
[ 78.893365][ T5333] ? __init_swait_queue_head+0xa9/0x150
[ 78.895886][ T5333] usb_start_wait_urb+0x115/0x4f0
[ 78.898081][ T5333] ? __pfx_usb_start_wait_urb+0x10/0x10
[ 78.900534][ T5333] usb_control_msg+0x232/0x3e0
[ 78.902689][ T5333] dtv5100_i2c_msg+0x231/0x2f0
[ 78.904883][ T5333] dtv5100_i2c_xfer+0x1a4/0x3c0
[ 78.907034][ T5333] __i2c_transfer+0x79a/0x1f00
[ 78.909171][ T5333] ? __lock_acquire+0x146f/0x2cf0
[ 78.911483][ T5333] __i2c_smbus_xfer+0xf5d/0x1e20
[ 78.913733][ T5333] ? __pfx___i2c_smbus_xfer+0x10/0x10
[ 78.916305][ T5333] ? lockdep_hardirqs_on+0x7b/0x110
[ 78.918789][ T5333] ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 78.921505][ T5333] ? rt_mutex_lock_nested+0x15e/0x1e0
[ 78.923953][ T5333] i2c_smbus_xfer+0x1f4/0x310
[ 78.926093][ T5333] i2cdev_ioctl_smbus+0x3db/0x750
[ 78.928344][ T5333] ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[ 78.930861][ T5333] i2cdev_ioctl+0x5d3/0x820
[ 78.932930][ T5333] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 78.935238][ T5333] ? __fget_files+0x2a/0x420
[ 78.937310][ T5333] ? __fget_files+0x3a0/0x420
[ 78.939315][ T5333] ? bpf_lsm_file_ioctl+0x9/0x20
[ 78.941404][ T5333] ? __pfx_i2cdev_ioctl+0x10/0x10
[ 78.943655][ T5333] __se_sys_ioctl+0xfc/0x170
[ 78.945706][ T5333] do_syscall_64+0xec/0xf80
[ 78.947930][ T5333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.951108][ T5333] ? trace_irq_disable+0x37/0x100
[ 78.953287][ T5333] ? clear_bhb_loop+0x60/0xb0
[ 78.955369][ T5333] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.957898][ T5333] RIP: 0033:0x7f1c4a38f7c9
[ 78.959796][ T5333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 78.967780][ T5333] RSP: 002b:00007f1c4b2e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 78.971361][ T5333] RAX: ffffffffffffffda RBX: 00007f1c4a5e6090 RCX: 00007f1c4a38f7c9
[ 78.974783][ T5333] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[ 78.977936][ T5333] RBP: 00007f1c4a413f91 R08: 0000000000000000 R09: 0000000000000000
[ 78.981264][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 78.984760][ T5333] R13: 00007f1c4a5e6128 R14: 00007f1c4a5e6090 R15: 00007ffd60fa4eb8
[ 78.988264][ T5333]
[ 78.989907][ T5333] Kernel Offset: disabled
[ 78.991738][ T5333] Rebooting in 86400 seconds..