program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000140)={0x1, 0x9, 0x1, &(0x7f0000000100)={0x1c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})

[   90.916977][ T5299] Bluetooth: hci0: command tx timeout
[   91.215787][ T5313] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   91.367140][ T5313] usb 5-1: Using ep0 maxpacket: 16
[   91.374589][ T5313] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   91.379347][ T5313] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.383125][ T5313] usb 5-1: Product: syz
[   91.385003][ T5313] usb 5-1: Manufacturer: syz
[   91.388193][ T5313] usb 5-1: SerialNumber: syz
[   91.403835][ T5313] usb 5-1: config 0 descriptor??
[   91.773053][    T9] cfg80211: failed to load regulatory.db
[   91.812638][ T5313] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   91.821851][ T5313] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   91.833330][ T5313] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   91.839638][ T5313] usb 5-1: media controller created
[   91.852024][ T5313] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   92.025291][ T5313] zl10353_read_register: readreg error (reg=127, ret==0)
[   92.029524][ T5313] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   92.033122][ T5313] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   92.385959][ T5321] ------------[ cut here ]------------
[   92.388601][ T5321] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   92.392498][ T5321] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5321
[   92.397966][ T5321] Modules linked in:
[   92.400092][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   92.403934][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   92.409225][ T5321] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   92.411761][ T5321] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   92.420411][ T5321] RSP: 0018:ffffc90008c37688 EFLAGS: 00010246
[   92.423222][ T5321] RAX: 0000000000000000 RBX: ffff888041a33300 RCX: 0000000080000280
[   92.427160][ T5321] RDX: ffff8880428c99e0 RSI: ffffffff8c7f3d00 RDI: ffffffff901f2c50
[   92.430749][ T5321] RBP: 1ffff11007cb14b0 R08: 00000000000000c0 R09: 0000000000000000
[   92.434520][ T5321] R10: ffffc90008c37780 R11: fffff52001186efc R12: ffff888042ee5100
[   92.439120][ T5321] R13: ffff88803e58a580 R14: 0000000080000280 R15: ffff8880428c99e0
[   92.442865][ T5321] FS:  00007f07c17f56c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000
[   92.447311][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   92.450656][ T5321] CR2: 00007f07c17f4ff8 CR3: 0000000037e38000 CR4: 0000000000352ef0
[   92.454643][ T5321] Call Trace:
[   92.456416][ T5321]  <TASK>
[   92.457874][ T5321]  ? __init_swait_queue_head+0xa9/0x150
[   92.465288][ T5321]  usb_start_wait_urb+0x13f/0x5b0
[   92.468562][ T5321]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   92.471366][ T5321]  usb_control_msg+0x234/0x3e0
[   92.473549][ T5321]  dtv5100_i2c_msg+0x231/0x2f0
[   92.475952][ T5321]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   92.478565][ T5321]  ? __bfs+0x153/0x290
[   92.481494][ T5321]  __i2c_transfer+0x79a/0x2020
[   92.485073][ T5321]  __i2c_smbus_xfer+0xfca/0x1f70
[   92.488147][ T5321]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   92.490634][ T5321]  ? lockdep_hardirqs_on+0x7a/0x110
[   92.492975][ T5321]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   92.495396][ T5321]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   92.498682][ T5321]  i2c_smbus_xfer+0x1f4/0x310
[   92.500893][ T5321]  i2cdev_ioctl_smbus+0x434/0x730
[   92.502902][ T5321]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   92.505117][ T5321]  i2cdev_ioctl+0x615/0x880
[   92.507559][ T5321]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   92.509451][ T5321]  ? __fget_files+0x2a/0x420
[   92.511433][ T5321]  ? __fget_files+0x3a0/0x420
[   92.513446][ T5321]  ? bpf_lsm_file_ioctl+0x9/0x20
[   92.515952][ T5321]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   92.518510][ T5321]  __se_sys_ioctl+0xfc/0x170
[   92.520504][ T5321]  do_syscall_64+0x14d/0xf80
[   92.522635][ T5321]  ? trace_irq_disable+0x3b/0x150
[   92.525004][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.528787][ T5321]  ? clear_bhb_loop+0x40/0x90
[   92.531718][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.534844][ T5321] RIP: 0033:0x7f07c539c819
[   92.537189][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.546362][ T5321] RSP: 002b:00007f07c17f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.549972][ T5321] RAX: ffffffffffffffda RBX: 00007f07c5616090 RCX: 00007f07c539c819
[   92.553464][ T5321] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000004
[   92.557887][ T5321] RBP: 00007f07c5432c91 R08: 0000000000000000 R09: 0000000000000000
[   92.562184][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.566612][ T5321] R13: 00007f07c5616128 R14: 00007f07c5616090 R15: 00007ffc476c3158
[   92.570132][ T5321]  </TASK>
[   92.571781][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   92.575866][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   92.580242][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   92.585019][ T5321] Call Trace:
[   92.586994][ T5321]  <TASK>
[   92.589002][ T5321]  vpanic+0x56c/0xa60
[   92.591176][ T5321]  ? __pfx__printk+0x10/0x10
[   92.593222][ T5321]  ? __pfx_vpanic+0x10/0x10
[   92.595236][ T5321]  ? is_bpf_text_address+0x292/0x2b0
[   92.597878][ T5321]  ? is_bpf_text_address+0x26/0x2b0
[   92.600735][ T5321]  panic+0xc5/0xd0
[   92.602733][ T5321]  ? __pfx_panic+0x10/0x10
[   92.604754][ T5321]  __warn+0x315/0x4f0
[   92.606830][ T5321]  ? usb_submit_urb+0x1053/0x18b0
[   92.609751][ T5321]  ? usb_submit_urb+0x1053/0x18b0
[   92.612602][ T5321]  __report_bug+0x29a/0x540
[   92.615005][ T5321]  ? usb_submit_urb+0x1053/0x18b0
[   92.617204][ T5321]  ? __pfx___report_bug+0x10/0x10
[   92.619756][ T5321]  ? lockdep_hardirqs_on+0x7a/0x110
[   92.622312][ T5321]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   92.625254][ T5321]  report_bug_entry+0x19a/0x290
[   92.628122][ T5321]  ? usb_submit_urb+0x1115/0x18b0
[   92.630405][ T5321]  ? usb_submit_urb+0x111a/0x18b0
[   92.632197][ T5321]  handle_bug+0xce/0x200
[   92.634048][ T5321]  exc_invalid_op+0x1a/0x50
[   92.636249][ T5321]  asm_exc_invalid_op+0x1a/0x20
[   92.638697][ T5321] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   92.641553][ T5321] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   92.650562][ T5321] RSP: 0018:ffffc90008c37688 EFLAGS: 00010246
[   92.653517][ T5321] RAX: 0000000000000000 RBX: ffff888041a33300 RCX: 0000000080000280
[   92.657381][ T5321] RDX: ffff8880428c99e0 RSI: ffffffff8c7f3d00 RDI: ffffffff901f2c50
[   92.660874][ T5321] RBP: 1ffff11007cb14b0 R08: 00000000000000c0 R09: 0000000000000000
[   92.664645][ T5321] R10: ffffc90008c37780 R11: fffff52001186efc R12: ffff888042ee5100
[   92.668785][ T5321] R13: ffff88803e58a580 R14: 0000000080000280 R15: ffff8880428c99e0
[   92.672548][ T5321]  ? usb_submit_urb+0x10a4/0x18b0
[   92.674961][ T5321]  ? __init_swait_queue_head+0xa9/0x150
[   92.677774][ T5321]  usb_start_wait_urb+0x13f/0x5b0
[   92.680099][ T5321]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   92.682680][ T5321]  usb_control_msg+0x234/0x3e0
[   92.684861][ T5321]  dtv5100_i2c_msg+0x231/0x2f0
[   92.687188][ T5321]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   92.689606][ T5321]  ? __bfs+0x153/0x290
[   92.691838][ T5321]  __i2c_transfer+0x79a/0x2020
[   92.694281][ T5321]  __i2c_smbus_xfer+0xfca/0x1f70
[   92.697121][ T5321]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   92.700181][ T5321]  ? lockdep_hardirqs_on+0x7a/0x110
[   92.702366][ T5321]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   92.705546][ T5321]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   92.708529][ T5321]  i2c_smbus_xfer+0x1f4/0x310
[   92.710794][ T5321]  i2cdev_ioctl_smbus+0x434/0x730
[   92.713143][ T5321]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   92.715913][ T5321]  i2cdev_ioctl+0x615/0x880
[   92.718267][ T5321]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   92.720769][ T5321]  ? __fget_files+0x2a/0x420
[   92.722928][ T5321]  ? __fget_files+0x3a0/0x420
[   92.725146][ T5321]  ? bpf_lsm_file_ioctl+0x9/0x20
[   92.727752][ T5321]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   92.730622][ T5321]  __se_sys_ioctl+0xfc/0x170
[   92.732996][ T5321]  do_syscall_64+0x14d/0xf80
[   92.735079][ T5321]  ? trace_irq_disable+0x3b/0x150
[   92.737459][ T5321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.740183][ T5321]  ? clear_bhb_loop+0x40/0x90
[   92.742673][ T5321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.746172][ T5321] RIP: 0033:0x7f07c539c819
[   92.748450][ T5321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.757955][ T5321] RSP: 002b:00007f07c17f4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.762061][ T5321] RAX: ffffffffffffffda RBX: 00007f07c5616090 RCX: 00007f07c539c819
[   92.765812][ T5321] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000004
[   92.770209][ T5321] RBP: 00007f07c5432c91 R08: 0000000000000000 R09: 0000000000000000
[   92.773912][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   92.777531][ T5321] R13: 00007f07c5616128 R14: 00007f07c5616090 R15: 00007ffc476c3158
[   92.781761][ T5321]  </TASK>
[   92.783801][ T5321] Kernel Offset: disabled
[   92.785787][ T5321] Rebooting in 86400 seconds..