program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_connect$uac3(0x5, 0xd5, &(0x7f0000000100)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8c5849ea5638f70d, 0x499, 0x1029, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc3, 0x3, 0x1, 0x85, 0x10, 0x0, {0x8, 0xb, 0x1, 0x1, 0x1, 0x24, 0x30, 0x6}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x28, 0x1}, [@output_terminal={0x13, 0x24, 0x3, 0x3, 0x305, 0x5, 0x3, 0xc0, 0x1, 0xc, 0x37, 0x80}, @multiply_unit={0xb, 0x24, 0xd, 0xd, 0x7, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x4, 0x4, 0x9, "69d3f9eca23e5b"}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x3, 0x4}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x2, 0x9, 0x1, 0x9}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x4, 0xc, 0x2f, {0xa, 0x25, 0x25, 0x7, 0x0, 0xab0}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x9, 0x2, 0x1, 0x7, "30a5ef71d37259d9cf"}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x3, 0x6}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x6, 0xaa, 0x3, {0xa, 0x25, 0x25, 0x2, 0xc, 0x1ff}}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x110, 0x27, 0x2, 0xa, 0xff, 0x80}, 0x5, &(0x7f0000000240)={0x5, 0xf, 0x5}, 0x5, [{0x5, &(0x7f0000000280)=@string={0x5, 0x3, "9fac6f"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x44c}}, {0x4, &(0x7f0000000300)=@lang_id={0x4}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x429}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x40e}}]})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x0, 0xc, 0x1, &(0x7f0000000000)={0x1b, "e1e7ad622bb7961e3f28e49364818f1efe5ad3d0607d4989ff06c0ab6a1818093f"}})
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000580)=[{0x4, 0x1010, 0x0, 0x0}, {0xc, 0xf200, 0x0, 0x0}], 0x2})

[   85.666217][   T45] Bluetooth: hci0: command tx timeout
[   86.033614][ T4719] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   86.183629][ T4719] usb 5-1: Using ep0 maxpacket: 16
[   86.194810][ T4719] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   86.200045][ T4719] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.204073][ T4719] usb 5-1: Product: syz
[   86.205965][ T4719] usb 5-1: Manufacturer: syz
[   86.208158][ T4719] usb 5-1: SerialNumber: syz
[   86.214638][ T4719] usb 5-1: config 0 descriptor??
[   86.626466][ T4719] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   86.640592][ T4719] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   86.646352][ T4719] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   86.650006][ T4719] usb 5-1: media controller created
[   86.664836][ T4719] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   86.836717][ T5324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   86.848167][ T5324] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   87.215514][ T4719] zl10353_read_register: readreg error (reg=127, ret==0)
[   87.219339][ T4719] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   87.224870][ T4719] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   87.243740][ T5324] ------------[ cut here ]------------
[   87.246381][ T5324] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   87.249841][ T5324] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5324
[   87.254784][ T5324] Modules linked in:
[   87.257465][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.261801][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.268366][ T5324] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   87.270955][ T5324] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   87.280681][ T5324] RSP: 0018:ffffc9000b1ef688 EFLAGS: 00010246
[   87.283616][ T5324] RAX: 0000000000000000 RBX: ffff8880383c6200 RCX: 0000000080000280
[   87.288020][ T5324] RDX: ffff88803f0c79c0 RSI: ffffffff8c7f4100 RDI: ffffffff901f3be0
[   87.292298][ T5324] RBP: 1ffff1100676aa70 R08: 00000000000000c0 R09: 0000000000000000
[   87.296042][ T5324] R10: ffffc9000b1ef780 R11: fffff5200163defc R12: ffff88801f03f100
[   87.299857][ T5324] R13: ffff888033b55380 R14: 0000000080000280 R15: ffff88803f0c79c0
[   87.303297][ T5324] FS:  00007fa4655f56c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[   87.307775][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.311287][ T5324] CR2: 00007fad5d0fb8c8 CR3: 0000000012620000 CR4: 0000000000352ef0
[   87.314989][ T5324] Call Trace:
[   87.316504][ T5324]  <TASK>
[   87.317894][ T5324]  ? __init_swait_queue_head+0xa9/0x150
[   87.320802][ T5324]  usb_start_wait_urb+0x13f/0x5b0
[   87.323933][ T5324]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.326764][ T5324]  usb_control_msg+0x234/0x3e0
[   87.328827][ T5324]  dtv5100_i2c_msg+0x231/0x2f0
[   87.331001][ T5324]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   87.333547][ T5324]  __i2c_transfer+0x79a/0x2020
[   87.335995][ T5324]  __i2c_smbus_xfer+0xfca/0x1f70
[   87.338626][ T5324]  ? rt_mutex_slowlock+0x1fd/0x7b0
[   87.341666][ T5324]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   87.344361][ T5324]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.346792][ T5324]  ? rt_mutex_lock_nested+0x170/0x1e0
[   87.349180][ T5324]  ? do_vfs_ioctl+0x1166/0x1530
[   87.351526][ T5324]  i2c_smbus_xfer+0x1f4/0x310
[   87.354137][ T5324]  i2cdev_ioctl_smbus+0x1e7/0x730
[   87.356660][ T5324]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.359345][ T5324]  i2cdev_ioctl+0x615/0x880
[   87.361400][ T5324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.363984][ T5324]  ? __fget_files+0x2a/0x420
[   87.366688][ T5324]  ? __fget_files+0x3a0/0x420
[   87.371796][ T5324]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.375186][ T5324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.377480][ T5324]  __se_sys_ioctl+0xfc/0x170
[   87.379517][ T5324]  do_syscall_64+0x14d/0xf80
[   87.382299][ T5324]  ? trace_irq_disable+0x3b/0x150
[   87.385524][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.388501][ T5324]  ? clear_bhb_loop+0x40/0x90
[   87.390688][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.393513][ T5324] RIP: 0033:0x7fa46919c819
[   87.395690][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.405260][ T5324] RSP: 002b:00007fa4655f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.408976][ T5324] RAX: ffffffffffffffda RBX: 00007fa469415fa0 RCX: 00007fa46919c819
[   87.412617][ T5324] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[   87.417401][ T5324] RBP: 00007fa469232c91 R08: 0000000000000000 R09: 0000000000000000
[   87.422028][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.430445][ T5324] R13: 00007fa469416038 R14: 00007fa469415fa0 R15: 00007ffe1f0a9f38
[   87.434313][ T5324]  </TASK>
[   87.435759][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.440212][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.445409][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.450075][ T5324] Call Trace:
[   87.451695][ T5324]  <TASK>
[   87.453026][ T5324]  vpanic+0x56c/0xa60
[   87.454958][ T5324]  ? __pfx__printk+0x10/0x10
[   87.457050][ T5324]  ? __pfx_vpanic+0x10/0x10
[   87.459511][ T5324]  ? is_bpf_text_address+0x292/0x2b0
[   87.463204][ T5324]  ? is_bpf_text_address+0x26/0x2b0
[   87.466170][ T5324]  panic+0xc5/0xd0
[   87.467928][ T5324]  ? __pfx_panic+0x10/0x10
[   87.470015][ T5324]  __warn+0x315/0x4f0
[   87.471842][ T5324]  ? usb_submit_urb+0x1053/0x18b0
[   87.474198][ T5324]  ? usb_submit_urb+0x1053/0x18b0
[   87.476136][ T5324]  __report_bug+0x29a/0x540
[   87.478151][ T5324]  ? usb_submit_urb+0x1053/0x18b0
[   87.480683][ T5324]  ? __pfx___report_bug+0x10/0x10
[   87.483794][ T5324]  ? lockdep_hardirqs_on+0x7a/0x110
[   87.486612][ T5324]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.489279][ T5324]  report_bug_entry+0x19a/0x290
[   87.491686][ T5324]  ? usb_submit_urb+0x1115/0x18b0
[   87.493993][ T5324]  ? usb_submit_urb+0x111a/0x18b0
[   87.496329][ T5324]  handle_bug+0xce/0x200
[   87.498335][ T5324]  exc_invalid_op+0x1a/0x50
[   87.500397][ T5324]  asm_exc_invalid_op+0x1a/0x20
[   87.503341][ T5324] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   87.506896][ T5324] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   87.515821][ T5324] RSP: 0018:ffffc9000b1ef688 EFLAGS: 00010246
[   87.518859][ T5324] RAX: 0000000000000000 RBX: ffff8880383c6200 RCX: 0000000080000280
[   87.522522][ T5324] RDX: ffff88803f0c79c0 RSI: ffffffff8c7f4100 RDI: ffffffff901f3be0
[   87.526514][ T5324] RBP: 1ffff1100676aa70 R08: 00000000000000c0 R09: 0000000000000000
[   87.530067][ T5324] R10: ffffc9000b1ef780 R11: fffff5200163defc R12: ffff88801f03f100
[   87.533593][ T5324] R13: ffff888033b55380 R14: 0000000080000280 R15: ffff88803f0c79c0
[   87.537891][ T5324]  ? usb_submit_urb+0x10a4/0x18b0
[   87.540367][ T5324]  ? __init_swait_queue_head+0xa9/0x150
[   87.542941][ T5324]  usb_start_wait_urb+0x13f/0x5b0
[   87.545341][ T5324]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.548236][ T5324]  usb_control_msg+0x234/0x3e0
[   87.550644][ T5324]  dtv5100_i2c_msg+0x231/0x2f0
[   87.553504][ T5324]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   87.556001][ T5324]  __i2c_transfer+0x79a/0x2020
[   87.558391][ T5324]  __i2c_smbus_xfer+0xfca/0x1f70
[   87.560750][ T5324]  ? rt_mutex_slowlock+0x1fd/0x7b0
[   87.563034][ T5324]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   87.565422][ T5324]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.567894][ T5324]  ? rt_mutex_lock_nested+0x170/0x1e0
[   87.570395][ T5324]  ? do_vfs_ioctl+0x1166/0x1530
[   87.572778][ T5324]  i2c_smbus_xfer+0x1f4/0x310
[   87.575300][ T5324]  i2cdev_ioctl_smbus+0x1e7/0x730
[   87.577710][ T5324]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.580385][ T5324]  i2cdev_ioctl+0x615/0x880
[   87.582581][ T5324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.585176][ T5324]  ? __fget_files+0x2a/0x420
[   87.588240][ T5324]  ? __fget_files+0x3a0/0x420
[   87.590660][ T5324]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.592878][ T5324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.595197][ T5324]  __se_sys_ioctl+0xfc/0x170
[   87.597395][ T5324]  do_syscall_64+0x14d/0xf80
[   87.599745][ T5324]  ? trace_irq_disable+0x3b/0x150
[   87.602496][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.605475][ T5324]  ? clear_bhb_loop+0x40/0x90
[   87.607609][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.610126][ T5324] RIP: 0033:0x7fa46919c819
[   87.611934][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.621893][ T5324] RSP: 002b:00007fa4655f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.625679][ T5324] RAX: ffffffffffffffda RBX: 00007fa469415fa0 RCX: 00007fa46919c819
[   87.629210][ T5324] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[   87.632999][ T5324] RBP: 00007fa469232c91 R08: 0000000000000000 R09: 0000000000000000
[   87.638176][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.641621][ T5324] R13: 00007fa469416038 R14: 00007fa469415fa0 R15: 00007ffe1f0a9f38
[   87.645271][ T5324]  </TASK>
[   87.647040][ T5324] Kernel Offset: disabled
[   87.648994][ T5324] Rebooting in 86400 seconds..