program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x1, 0x0, &(0x7f00000004c0)="f4"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x1c, 0x0, &(0x7f00000000c0)=[@dead_binder_done, @clear_death], 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
r3 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000100)={0x1d, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})

[   75.912947][   T46] Bluetooth: hci0: command tx timeout
[   76.244414][  T798] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.368243][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.371203][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.394885][  T798] usb 5-1: Using ep0 maxpacket: 16
[   76.401931][  T798] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   76.406351][  T798] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.409864][  T798] usb 5-1: Product: syz
[   76.411746][  T798] usb 5-1: Manufacturer: syz
[   76.413790][  T798] usb 5-1: SerialNumber: syz
[   76.424816][  T798] usb 5-1: config 0 descriptor??
[   76.841331][  T798] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   76.856209][  T798] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   76.862765][  T798] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   76.866913][  T798] usb 5-1: media controller created
[   76.881785][  T798] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   77.047486][  T798] zl10353_read_register: readreg error (reg=127, ret==0)
[   77.050283][  T798] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   77.053291][  T798] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   77.414788][ T5340] ------------[ cut here ]------------
[   77.417406][ T5340] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   77.421027][ T5340] WARNING: drivers/usb/core/urb.c:414 at 0x0, CPU#0: syz.0.0/5340
[   77.424537][ T5340] Modules linked in:
[   77.426178][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.429996][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.434792][ T5340] RIP: 0010:usb_submit_urb+0x112e/0x1890
[   77.437313][ T5340] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 99 f2 ff ff 89 e9
[   77.445868][ T5340] RSP: 0018:ffffc9000d3a7560 EFLAGS: 00010246
[   77.448581][ T5340] RAX: 0000000000000000 RBX: ffff88800b4eec00 RCX: 0000000080000280
[   77.452308][ T5340] RDX: ffff888041bd5cc0 RSI: ffffffff8c12a880 RDI: ffffffff8f8ce860
[   77.455957][ T5340] RBP: 1ffff11006c6d184 R08: 00000000000000c0 R09: 0000000000000000
[   77.459313][ T5340] R10: ffffc9000d3a7660 R11: fffff52001a74ed8 R12: ffff8880002c9100
[   77.462605][ T5340] R13: ffff888036368c20 R14: 0000000080000280 R15: ffff888041bd5cc0
[   77.466133][ T5340] FS:  00007f6c56e846c0(0000) GS:ffff88808d6b7000(0000) knlGS:0000000000000000
[   77.469871][ T5340] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.472556][ T5340] CR2: 00007f6c56e83fc8 CR3: 00000000426e5000 CR4: 0000000000352ef0
[   77.476196][ T5340] Call Trace:
[   77.477708][ T5340]  <TASK>
[   77.479028][ T5340]  ? __init_swait_queue_head+0xa9/0x150
[   77.481409][ T5340]  usb_start_wait_urb+0x114/0x4c0
[   77.483687][ T5340]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   77.486555][ T5340]  usb_control_msg+0x232/0x3e0
[   77.488637][ T5340]  dtv5100_i2c_msg+0x23f/0x310
[   77.490827][ T5340]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   77.493040][ T5340]  ? __pfx_hlock_conflict+0x10/0x10
[   77.495459][ T5340]  __i2c_transfer+0x871/0x20e0
[   77.497386][ T5340]  ? check_noncircular+0xda/0x150
[   77.499641][ T5340]  ? __pfx___i2c_transfer+0x10/0x10
[   77.502003][ T5340]  __i2c_smbus_xfer+0xf80/0x1e10
[   77.504502][ T5340]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   77.506982][ T5340]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   77.509584][ T5340]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   77.512113][ T5340]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   77.514974][ T5340]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   77.517327][ T5340]  i2c_smbus_xfer+0x275/0x3c0
[   77.519461][ T5340]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   77.521764][ T5340]  i2cdev_ioctl_smbus+0x43d/0x6d0
[   77.524014][ T5340]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   77.526529][ T5340]  i2cdev_ioctl+0x5d3/0x7f0
[   77.528448][ T5340]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   77.530694][ T5340]  ? __fget_files+0x2a/0x420
[   77.532753][ T5340]  ? bpf_lsm_file_ioctl+0x9/0x20
[   77.535085][ T5340]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   77.537089][ T5340]  __se_sys_ioctl+0xfc/0x170
[   77.538862][ T5340]  do_syscall_64+0xfa/0xf80
[   77.540756][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.543121][ T5340]  ? clear_bhb_loop+0x60/0xb0
[   77.545288][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.547655][ T5340] RIP: 0033:0x7f6c55f8f7c9
[   77.549580][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.558462][ T5340] RSP: 002b:00007f6c56e84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.562046][ T5340] RAX: ffffffffffffffda RBX: 00007f6c561e6090 RCX: 00007f6c55f8f7c9
[   77.566098][ T5340] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000006
[   77.569654][ T5340] RBP: 00007f6c56013f91 R08: 0000000000000000 R09: 0000000000000000
[   77.573098][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.576516][ T5340] R13: 00007f6c561e6128 R14: 00007f6c561e6090 R15: 00007fffe3f86858
[   77.579884][ T5340]  </TASK>
[   77.581192][ T5340] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   77.584254][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.588041][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.592531][ T5340] Call Trace:
[   77.594096][ T5340]  <TASK>
[   77.595544][ T5340]  dump_stack_lvl+0x99/0x250
[   77.597828][ T5340]  ? __asan_memcpy+0x40/0x70
[   77.600102][ T5340]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.602471][ T5340]  ? __pfx__printk+0x10/0x10
[   77.604825][ T5340]  vpanic+0x237/0x6d0
[   77.606917][ T5340]  ? __pfx_vpanic+0x10/0x10
[   77.609251][ T5340]  ? is_bpf_text_address+0x292/0x2b0
[   77.611684][ T5340]  ? is_bpf_text_address+0x26/0x2b0
[   77.614070][ T5340]  panic+0xb9/0xc0
[   77.615693][ T5340]  ? __pfx_panic+0x10/0x10
[   77.617707][ T5340]  __warn+0x317/0x4b0
[   77.619531][ T5340]  __report_bug+0x288/0x500
[   77.621558][ T5340]  ? __pfx___report_bug+0x10/0x10
[   77.623814][ T5340]  ? stack_depot_save_flags+0x422/0x850
[   77.626190][ T5340]  report_bug_entry+0x16a/0x220
[   77.628365][ T5340]  ? usb_submit_urb+0x112e/0x1890
[   77.630600][ T5340]  ? usb_submit_urb+0x1133/0x1890
[   77.632754][ T5340]  handle_bug+0xca/0x200
[   77.634640][ T5340]  exc_invalid_op+0x1a/0x50
[   77.636611][ T5340]  asm_exc_invalid_op+0x1a/0x20
[   77.638674][ T5340] RIP: 0010:usb_submit_urb+0x112e/0x1890
[   77.641124][ T5340] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 99 f2 ff ff 89 e9
[   77.649059][ T5340] RSP: 0018:ffffc9000d3a7560 EFLAGS: 00010246
[   77.651546][ T5340] RAX: 0000000000000000 RBX: ffff88800b4eec00 RCX: 0000000080000280
[   77.654833][ T5340] RDX: ffff888041bd5cc0 RSI: ffffffff8c12a880 RDI: ffffffff8f8ce860
[   77.658175][ T5340] RBP: 1ffff11006c6d184 R08: 00000000000000c0 R09: 0000000000000000
[   77.661556][ T5340] R10: ffffc9000d3a7660 R11: fffff52001a74ed8 R12: ffff8880002c9100
[   77.664942][ T5340] R13: ffff888036368c20 R14: 0000000080000280 R15: ffff888041bd5cc0
[   77.668409][ T5340]  ? __init_swait_queue_head+0xa9/0x150
[   77.670888][ T5340]  usb_start_wait_urb+0x114/0x4c0
[   77.673093][ T5340]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   77.675537][ T5340]  usb_control_msg+0x232/0x3e0
[   77.677542][ T5340]  dtv5100_i2c_msg+0x23f/0x310
[   77.679585][ T5340]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   77.681717][ T5340]  ? __pfx_hlock_conflict+0x10/0x10
[   77.684113][ T5340]  __i2c_transfer+0x871/0x20e0
[   77.686246][ T5340]  ? check_noncircular+0xda/0x150
[   77.688505][ T5340]  ? __pfx___i2c_transfer+0x10/0x10
[   77.690808][ T5340]  __i2c_smbus_xfer+0xf80/0x1e10
[   77.692989][ T5340]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   77.695308][ T5340]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   77.697858][ T5340]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   77.700409][ T5340]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   77.703268][ T5340]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   77.705657][ T5340]  i2c_smbus_xfer+0x275/0x3c0
[   77.707776][ T5340]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   77.710049][ T5340]  i2cdev_ioctl_smbus+0x43d/0x6d0
[   77.712250][ T5340]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   77.714651][ T5340]  i2cdev_ioctl+0x5d3/0x7f0
[   77.716911][ T5340]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   77.719172][ T5340]  ? __fget_files+0x2a/0x420
[   77.721215][ T5340]  ? bpf_lsm_file_ioctl+0x9/0x20
[   77.723767][ T5340]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   77.726283][ T5340]  __se_sys_ioctl+0xfc/0x170
[   77.728359][ T5340]  do_syscall_64+0xfa/0xf80
[   77.730328][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.733011][ T5340]  ? clear_bhb_loop+0x60/0xb0
[   77.735059][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.737624][ T5340] RIP: 0033:0x7f6c55f8f7c9
[   77.739549][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.747671][ T5340] RSP: 002b:00007f6c56e84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.751155][ T5340] RAX: ffffffffffffffda RBX: 00007f6c561e6090 RCX: 00007f6c55f8f7c9
[   77.754490][ T5340] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000006
[   77.757889][ T5340] RBP: 00007f6c56013f91 R08: 0000000000000000 R09: 0000000000000000
[   77.761228][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.764674][ T5340] R13: 00007f6c561e6128 R14: 00007f6c561e6090 R15: 00007fffe3f86858
[   77.768126][ T5340]  </TASK>
[   77.769772][ T5340] Kernel Offset: disabled
[   77.771535][ T5340] Rebooting in 86400 seconds..