program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000001800)={0x0, 0x7, 0x1, &(0x7f00000017c0)={0x11, "4ec0191e5bb41b08c198884329f6dd0711762717c44bc7c9b1cc22a10010115d6d"}})

[   86.455572][ T4671] Bluetooth: hci0: command tx timeout
[   86.765822][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   86.915367][    T9] usb 5-1: Using ep0 maxpacket: 16
[   86.923257][    T9] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   86.927416][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.930983][    T9] usb 5-1: Product: syz
[   86.932774][    T9] usb 5-1: Manufacturer: syz
[   86.934904][    T9] usb 5-1: SerialNumber: syz
[   86.946217][    T9] usb 5-1: config 0 descriptor??
[   87.356785][    T9] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   87.371161][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   87.379297][    T9] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   87.383444][    T9] usb 5-1: media controller created
[   87.402414][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   87.557650][    T9] zl10353_read_register: readreg error (reg=127, ret==0)
[   87.561975][    T9] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   87.566143][    T9] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   87.925824][ T5328] ------------[ cut here ]------------
[   87.928704][ T5328] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   87.932719][ T5328] WARNING: CPU: 0 PID: 5328 at drivers/usb/core/urb.c:414 usb_submit_urb+0x114d/0x18b0
[   87.937090][ T5328] Modules linked in:
[   87.938901][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.942904][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.947503][ T5328] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   87.949892][ T5328] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 c0 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 44 6c 8e fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   87.957568][ T5328] RSP: 0018:ffffc9000d2bf540 EFLAGS: 00010246
[   87.959777][ T5328] RAX: 686ab5174aebf100 RBX: ffff888036081600 RCX: 0000000000100000
[   87.962581][ T5328] RDX: ffffc9000e92b000 RSI: 0000000000000b7f RDI: 0000000000000b80
[   87.965773][ T5328] RBP: 1ffff11008691d04 R08: ffff88801fe24293 R09: 1ffff11003fc4852
[   87.969277][ T5328] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: ffff88803e21d100
[   87.972805][ T5328] R13: ffff88804348e820 R14: 0000000080000280 R15: ffff888030bfe360
[   87.976723][ T5328] FS:  00007fb3625d46c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000
[   87.980288][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.982786][ T5328] CR2: 00007fb3625d3fc8 CR3: 000000003de2a000 CR4: 0000000000352ef0
[   87.986124][ T5328] Call Trace:
[   87.987504][ T5328]  <TASK>
[   87.988689][ T5328]  usb_start_wait_urb+0x114/0x4c0
[   87.990686][ T5328]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.992786][ T5328]  usb_control_msg+0x232/0x3e0
[   87.994832][ T5328]  dtv5100_i2c_msg+0x250/0x330
[   87.996995][ T5328]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   87.998968][ T5328]  __i2c_transfer+0x874/0x2170
[   88.000929][ T5328]  ? validate_chain+0x897/0x2140
[   88.002891][ T5328]  ? __pfx___i2c_transfer+0x10/0x10
[   88.004981][ T5328]  __i2c_smbus_xfer+0xfb0/0x1e50
[   88.007097][ T5328]  ? __lock_acquire+0xab9/0xd20
[   88.009196][ T5328]  ? do_raw_spin_lock+0x121/0x290
[   88.011455][ T5328]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   88.013786][ T5328]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   88.016318][ T5328]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.018749][ T5328]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.021455][ T5328]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   88.023639][ T5328]  i2c_smbus_xfer+0x275/0x3c0
[   88.025607][ T5328]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   88.027755][ T5328]  ? __lock_acquire+0xab9/0xd20
[   88.029738][ T5328]  i2cdev_ioctl_smbus+0x1d1/0x6d0
[   88.031886][ T5328]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   88.034254][ T5328]  i2cdev_ioctl+0x5d3/0x7f0
[   88.036272][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.038375][ T5328]  ? __fget_files+0x2a/0x420
[   88.040357][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.042192][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.044633][ T5328]  __se_sys_ioctl+0xfc/0x170
[   88.046870][ T5328]  do_syscall_64+0xfa/0xfa0
[   88.048997][ T5328]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.051536][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.053728][ T5328]  ? clear_bhb_loop+0x60/0xb0
[   88.055511][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.057565][ T5328] RIP: 0033:0x7fb36618f6c9
[   88.059274][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.066493][ T5328] RSP: 002b:00007fb3625d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.069578][ T5328] RAX: ffffffffffffffda RBX: 00007fb3663e6090 RCX: 00007fb36618f6c9
[   88.072884][ T5328] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000004
[   88.076191][ T5328] RBP: 00007fb366211f91 R08: 0000000000000000 R09: 0000000000000000
[   88.079651][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.083288][ T5328] R13: 00007fb3663e6128 R14: 00007fb3663e6090 R15: 00007ffff7be7628
[   88.087234][ T5328]  </TASK>
[   88.088634][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.091857][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.095879][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.100626][ T5328] Call Trace:
[   88.102151][ T5328]  <TASK>
[   88.103527][ T5328]  dump_stack_lvl+0x99/0x250
[   88.105592][ T5328]  ? __asan_memcpy+0x40/0x70
[   88.107532][ T5328]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.109733][ T5328]  ? __pfx__printk+0x10/0x10
[   88.111835][ T5328]  vpanic+0x237/0x6d0
[   88.113640][ T5328]  ? __pfx_vpanic+0x10/0x10
[   88.115677][ T5328]  panic+0xb9/0xc0
[   88.117346][ T5328]  ? __pfx_panic+0x10/0x10
[   88.119333][ T5328]  __warn+0x31b/0x4b0
[   88.121059][ T5328]  ? usb_submit_urb+0x114d/0x18b0
[   88.123273][ T5328]  ? usb_submit_urb+0x114d/0x18b0
[   88.125293][ T5328]  report_bug+0x2be/0x4f0
[   88.126905][ T5328]  ? usb_submit_urb+0x114d/0x18b0
[   88.128767][ T5328]  ? usb_submit_urb+0x114d/0x18b0
[   88.130833][ T5328]  ? usb_submit_urb+0x114f/0x18b0
[   88.132743][ T5328]  handle_bug+0x84/0x160
[   88.134279][ T5328]  exc_invalid_op+0x1a/0x50
[   88.136298][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   88.138710][ T5328] RIP: 0010:usb_submit_urb+0x114d/0x18b0
[   88.141417][ T5328] Code: df 0f b6 44 05 00 84 c0 0f 85 2a 06 00 00 45 0f b6 45 00 48 c7 c7 c0 25 11 8c 48 8b 34 24 4c 89 fa 44 89 f1 e8 44 6c 8e fa 90 <0f> 0b 90 90 49 bf 00 00 00 00 00 fc ff df e9 95 f2 ff ff 89 e9 80
[   88.149143][ T5328] RSP: 0018:ffffc9000d2bf540 EFLAGS: 00010246
[   88.151495][ T5328] RAX: 686ab5174aebf100 RBX: ffff888036081600 RCX: 0000000000100000
[   88.154632][ T5328] RDX: ffffc9000e92b000 RSI: 0000000000000b7f RDI: 0000000000000b80
[   88.157869][ T5328] RBP: 1ffff11008691d04 R08: ffff88801fe24293 R09: 1ffff11003fc4852
[   88.161043][ T5328] R10: dffffc0000000000 R11: ffffed1003fc4853 R12: ffff88803e21d100
[   88.164271][ T5328] R13: ffff88804348e820 R14: 0000000080000280 R15: ffff888030bfe360
[   88.167487][ T5328]  usb_start_wait_urb+0x114/0x4c0
[   88.169834][ T5328]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   88.172323][ T5328]  usb_control_msg+0x232/0x3e0
[   88.174295][ T5328]  dtv5100_i2c_msg+0x250/0x330
[   88.176262][ T5328]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   88.178330][ T5328]  __i2c_transfer+0x874/0x2170
[   88.180323][ T5328]  ? validate_chain+0x897/0x2140
[   88.182684][ T5328]  ? __pfx___i2c_transfer+0x10/0x10
[   88.185056][ T5328]  __i2c_smbus_xfer+0xfb0/0x1e50
[   88.186934][ T5328]  ? __lock_acquire+0xab9/0xd20
[   88.188728][ T5328]  ? do_raw_spin_lock+0x121/0x290
[   88.190541][ T5328]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   88.192537][ T5328]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   88.195187][ T5328]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.197579][ T5328]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.200184][ T5328]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   88.202462][ T5328]  i2c_smbus_xfer+0x275/0x3c0
[   88.204498][ T5328]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[   88.206778][ T5328]  ? __lock_acquire+0xab9/0xd20
[   88.209011][ T5328]  i2cdev_ioctl_smbus+0x1d1/0x6d0
[   88.211452][ T5328]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   88.214473][ T5328]  i2cdev_ioctl+0x5d3/0x7f0
[   88.216658][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.218848][ T5328]  ? __fget_files+0x2a/0x420
[   88.220874][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.222878][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.225000][ T5328]  __se_sys_ioctl+0xfc/0x170
[   88.227063][ T5328]  do_syscall_64+0xfa/0xfa0
[   88.229123][ T5328]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.231420][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.234012][ T5328]  ? clear_bhb_loop+0x60/0xb0
[   88.236187][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.238963][ T5328] RIP: 0033:0x7fb36618f6c9
[   88.240951][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.249569][ T5328] RSP: 002b:00007fb3625d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.253183][ T5328] RAX: ffffffffffffffda RBX: 00007fb3663e6090 RCX: 00007fb36618f6c9
[   88.256655][ T5328] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000004
[   88.260181][ T5328] RBP: 00007fb366211f91 R08: 0000000000000000 R09: 0000000000000000
[   88.263656][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.266797][ T5328] R13: 00007fb3663e6128 R14: 00007fb3663e6090 R15: 00007ffff7be7628
[   88.269982][ T5328]  </TASK>
[   88.271630][ T5328] Kernel Offset: disabled
[   88.273410][ T5328] Rebooting in 86400 seconds..