program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000000)={0x0, 0x6, 0x1, &(0x7f0000000100)={0x15, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2a, &(0x7f0000fee000)=0x3fa, 0x4)

[  100.750074][ T5312] Bluetooth: hci0: command tx timeout
[  101.180482][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  101.329279][   T10] usb 5-1: Using ep0 maxpacket: 16
[  101.342470][   T10] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  101.346490][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.350717][   T10] usb 5-1: Product: syz
[  101.352942][   T10] usb 5-1: Manufacturer: syz
[  101.355990][   T10] usb 5-1: SerialNumber: syz
[  101.366460][   T10] usb 5-1: config 0 descriptor??
[  101.788972][   T10] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  101.808528][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  101.813938][   T10] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  101.820111][   T10] usb 5-1: media controller created
[  101.847511][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  102.004285][   T10] zl10353_read_register: readreg error (reg=127, ret==0)
[  102.007736][   T10] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  102.013189][   T10] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  102.369446][ T5337] ------------[ cut here ]------------
[  102.372719][ T5337] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[  102.376516][ T5337] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5337
[  102.382092][ T5337] Modules linked in:
[  102.384380][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.388637][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.393198][ T5337] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[  102.395780][ T5337] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[  102.403985][ T5337] RSP: 0018:ffffc90005b9f688 EFLAGS: 00010246
[  102.406680][ T5337] RAX: 0000000000000000 RBX: ffff8880337e2f00 RCX: 0000000080000280
[  102.410292][ T5337] RDX: ffff88804243bc20 RSI: ffffffff8c80aae0 RDI: ffffffff9040dbf0
[  102.414041][ T5337] RBP: 1ffff110081cff80 R08: 00000000000000c0 R09: 0000000000000000
[  102.418168][ T5337] R10: ffffc90005b9f780 R11: fffff52000b73efc R12: ffff88801faa0100
[  102.422296][ T5337] R13: ffff888040e7fc00 R14: 0000000080000280 R15: ffff88804243bc20
[  102.426379][ T5337] FS:  00007fd72963a6c0(0000) GS:ffff88808c812000(0000) knlGS:0000000000000000
[  102.430658][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.433795][ T5337] CR2: 00007fd729639ff8 CR3: 0000000012e48000 CR4: 0000000000352ef0
[  102.437788][ T5337] Call Trace:
[  102.439980][ T5337]  <TASK>
[  102.441460][ T5337]  ? __init_swait_queue_head+0xa9/0x150
[  102.443935][ T5337]  usb_start_wait_urb+0x13f/0x5b0
[  102.446232][ T5337]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  102.449512][ T5337]  usb_control_msg+0x234/0x3e0
[  102.451928][ T5337]  dtv5100_i2c_msg+0x231/0x2f0
[  102.454044][ T5337]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  102.456314][ T5337]  __i2c_transfer+0x79a/0x1f70
[  102.459246][ T5337]  ? __lock_acquire+0x146e/0x2cf0
[  102.462213][ T5337]  __i2c_smbus_xfer+0xfca/0x1eb0
[  102.464736][ T5337]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  102.467103][ T5337]  ? lockdep_hardirqs_on+0x7a/0x110
[  102.469564][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  102.472187][ T5337]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  102.474633][ T5337]  i2c_smbus_xfer+0x1f4/0x310
[  102.476775][ T5337]  i2cdev_ioctl_smbus+0x1e7/0x730
[  102.480332][ T5337]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  102.483662][ T5337]  i2cdev_ioctl+0x615/0x880
[  102.485782][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  102.488055][ T5337]  ? __fget_files+0x2a/0x420
[  102.490509][ T5337]  ? __fget_files+0x3a0/0x420
[  102.492702][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[  102.495141][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  102.497664][ T5337]  __se_sys_ioctl+0xfc/0x170
[  102.499876][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.502569][ T5337]  do_syscall_64+0x15f/0xf80
[  102.504702][ T5337]  ? trace_irq_disable+0x3b/0x140
[  102.507150][ T5337]  ? clear_bhb_loop+0x40/0x90
[  102.510239][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.513382][ T5337] RIP: 0033:0x7fd72879c819
[  102.515488][ T5337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.524416][ T5337] RSP: 002b:00007fd729639fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  102.529034][ T5337] RAX: ffffffffffffffda RBX: 00007fd728a16090 RCX: 00007fd72879c819
[  102.532630][ T5337] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000004
[  102.536211][ T5337] RBP: 00007fd728832c91 R08: 0000000000000000 R09: 0000000000000000
[  102.540433][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.544435][ T5337] R13: 00007fd728a16128 R14: 00007fd728a16090 R15: 00007ffeda6a5a68
[  102.547936][ T5337]  </TASK>
[  102.549329][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  102.552529][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  102.556539][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  102.561733][ T5337] Call Trace:
[  102.563716][ T5337]  <TASK>
[  102.565278][ T5337]  vpanic+0x56c/0xa60
[  102.566998][ T5337]  ? __pfx__printk+0x10/0x10
[  102.569066][ T5337]  ? __pfx_vpanic+0x10/0x10
[  102.571034][ T5337]  ? is_bpf_text_address+0x292/0x2b0
[  102.573387][ T5337]  ? is_bpf_text_address+0x26/0x2b0
[  102.575918][ T5337]  panic+0xc5/0xd0
[  102.577931][ T5337]  ? __pfx_panic+0x10/0x10
[  102.580357][ T5337]  __warn+0x315/0x4c0
[  102.582316][ T5337]  ? usb_submit_urb+0x1053/0x18b0
[  102.584562][ T5337]  ? usb_submit_urb+0x1053/0x18b0
[  102.586966][ T5337]  __report_bug+0x29a/0x540
[  102.589344][ T5337]  ? usb_submit_urb+0x1053/0x18b0
[  102.591840][ T5337]  ? __pfx___report_bug+0x10/0x10
[  102.594382][ T5337]  ? lockdep_hardirqs_on+0x7a/0x110
[  102.596709][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  102.599297][ T5337]  report_bug_entry+0x19a/0x290
[  102.601677][ T5337]  ? usb_submit_urb+0x1115/0x18b0
[  102.604281][ T5337]  ? usb_submit_urb+0x111a/0x18b0
[  102.606816][ T5337]  handle_bug+0xce/0x200
[  102.609007][ T5337]  exc_invalid_op+0x1a/0x50
[  102.610961][ T5337]  asm_exc_invalid_op+0x1a/0x20
[  102.612971][ T5337] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[  102.615388][ T5337] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[  102.623620][ T5337] RSP: 0018:ffffc90005b9f688 EFLAGS: 00010246
[  102.626481][ T5337] RAX: 0000000000000000 RBX: ffff8880337e2f00 RCX: 0000000080000280
[  102.630992][ T5337] RDX: ffff88804243bc20 RSI: ffffffff8c80aae0 RDI: ffffffff9040dbf0
[  102.634883][ T5337] RBP: 1ffff110081cff80 R08: 00000000000000c0 R09: 0000000000000000
[  102.638669][ T5337] R10: ffffc90005b9f780 R11: fffff52000b73efc R12: ffff88801faa0100
[  102.642251][ T5337] R13: ffff888040e7fc00 R14: 0000000080000280 R15: ffff88804243bc20
[  102.646259][ T5337]  ? usb_submit_urb+0x10a4/0x18b0
[  102.648867][ T5337]  ? __init_swait_queue_head+0xa9/0x150
[  102.651472][ T5337]  usb_start_wait_urb+0x13f/0x5b0
[  102.654666][ T5337]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  102.657152][ T5337]  usb_control_msg+0x234/0x3e0
[  102.659298][ T5337]  dtv5100_i2c_msg+0x231/0x2f0
[  102.661595][ T5337]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  102.664491][ T5337]  __i2c_transfer+0x79a/0x1f70
[  102.667215][ T5337]  ? __lock_acquire+0x146e/0x2cf0
[  102.669937][ T5337]  __i2c_smbus_xfer+0xfca/0x1eb0
[  102.672124][ T5337]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  102.674521][ T5337]  ? lockdep_hardirqs_on+0x7a/0x110
[  102.676879][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  102.679492][ T5337]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  102.681951][ T5337]  i2c_smbus_xfer+0x1f4/0x310
[  102.684302][ T5337]  i2cdev_ioctl_smbus+0x1e7/0x730
[  102.687035][ T5337]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  102.689911][ T5337]  i2cdev_ioctl+0x615/0x880
[  102.691928][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  102.694123][ T5337]  ? __fget_files+0x2a/0x420
[  102.696121][ T5337]  ? __fget_files+0x3a0/0x420
[  102.698174][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[  102.700448][ T5337]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  102.703116][ T5337]  __se_sys_ioctl+0xfc/0x170
[  102.705851][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.709173][ T5337]  do_syscall_64+0x15f/0xf80
[  102.711207][ T5337]  ? trace_irq_disable+0x3b/0x140
[  102.713356][ T5337]  ? clear_bhb_loop+0x40/0x90
[  102.715157][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.717826][ T5337] RIP: 0033:0x7fd72879c819
[  102.720168][ T5337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  102.728830][ T5337] RSP: 002b:00007fd729639fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  102.732472][ T5337] RAX: ffffffffffffffda RBX: 00007fd728a16090 RCX: 00007fd72879c819
[  102.736683][ T5337] RDX: 0000200000000000 RSI: 0000000000000720 RDI: 0000000000000004
[  102.740924][ T5337] RBP: 00007fd728832c91 R08: 0000000000000000 R09: 0000000000000000
[  102.744882][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  102.749689][ T5337] R13: 00007fd728a16128 R14: 00007fd728a16090 R15: 00007ffeda6a5a68
[  102.756366][ T5337]  </TASK>
[  102.758596][ T5337] Kernel Offset: disabled
[  102.760922][ T5337] Rebooting in 86400 seconds..