program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000200)={0x14, &(0x7f0000000180)={0x40, 0xa, 0x56, {0x56, 0xc, "3ad316230641daed082caf119d7bdc2f38635463793147088ec485b7d26237529ed955d560d9c960daed2d8a79805f7f548d70da0275b27247df723dd3836741d7867cb02e459fcbf9ad82cb4762e5f729ac806b"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x401}}}, &(0x7f00000004c0)={0x44, &(0x7f0000000240)={0x40, 0x8, 0x18, "53d0a02b88b1714f206002851ed49c7c94f491a3f6cc2ff2"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000340)={0x20, 0x81, 0x3, "09d5e9"}, &(0x7f00000003c0)={0x20, 0x82, 0x2, "30a4"}, &(0x7f0000000400)={0x20, 0x83, 0x2, "843c"}, &(0x7f0000000440)={0x20, 0x84, 0x4, "52443490"}, &(0x7f0000000480)={0x20, 0x85, 0x3, "cf4c6a"}})
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r2, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x1018})
mount$cgroup(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x200080, &(0x7f0000000280)={[{@xattr}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@release_agent={'release_agent', 0x3d, './file0'}}]})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000000)={0x1c, "3ac071ffbc4c9a216d398df0f558125211b40d6539c50000000000001800000001"}})

[   86.680514][ T4684] Bluetooth: hci0: command tx timeout
[   86.995595][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   87.145515][    T9] usb 5-1: Using ep0 maxpacket: 16
[   87.154474][    T9] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   87.158598][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.162133][    T9] usb 5-1: Product: syz
[   87.163850][    T9] usb 5-1: Manufacturer: syz
[   87.169495][    T9] usb 5-1: SerialNumber: syz
[   87.176616][    T9] usb 5-1: config 0 descriptor??
[   87.586481][    T9] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   87.594754][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   87.600621][    T9] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   87.604163][    T9] usb 5-1: media controller created
[   87.615923][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   87.791169][    T9] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   87.795237][    T9] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   87.992717][ T5345] cgroup: release_agent respecified
[   88.685796][ T4684] Bluetooth: hci0: command tx timeout
[   88.725795][ T5349] ------------[ cut here ]------------
[   88.728265][ T5349] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   88.731852][ T5349] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#0: syz.0.0/5349
[   88.736373][ T5349] Modules linked in:
[   88.738291][ T5349] CPU: 0 UID: 0 PID: 5349 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.742419][ T5349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.747272][ T5349] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   88.749627][ T5349] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   88.757830][ T5349] RSP: 0018:ffffc9000ae17680 EFLAGS: 00010246
[   88.760613][ T5349] RAX: 0000000000000000 RBX: ffff88803766c600 RCX: 0000000080000280
[   88.764210][ T5349] RDX: ffff8880312b0500 RSI: ffffffff8c141c20 RDI: ffffffff8f8f0ad0
[   88.768719][ T5349] RBP: 1ffff11006d21314 R08: 00000000000000c0 R09: 0000000000000000
[   88.771833][ T5349] R10: ffffc9000ae17780 R11: fffff520015c2efc R12: ffff8880316a0100
[   88.775204][ T5349] R13: ffff8880369098a0 R14: 0000000080000280 R15: ffff8880312b0500
[   88.778489][ T5349] FS:  00007f03ebb586c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   88.782362][ T5349] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.785151][ T5349] CR2: 00007f03ebb57fc8 CR3: 00000000118ef000 CR4: 0000000000352ef0
[   88.788758][ T5349] Call Trace:
[   88.790247][ T5349]  <TASK>
[   88.791594][ T5349]  ? __init_swait_queue_head+0xa9/0x150
[   88.793965][ T5349]  usb_start_wait_urb+0x115/0x4f0
[   88.796206][ T5349]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   88.798683][ T5349]  usb_control_msg+0x232/0x3e0
[   88.800937][ T5349]  dtv5100_i2c_msg+0x231/0x2f0
[   88.803122][ T5349]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   88.805434][ T5349]  __i2c_transfer+0x79a/0x1f00
[   88.807567][ T5349]  ? __lock_acquire+0x146f/0x2cf0
[   88.809872][ T5349]  __i2c_smbus_xfer+0xf5d/0x1e20
[   88.812085][ T5349]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   88.814793][ T5349]  ? lockdep_hardirqs_on+0x7b/0x110
[   88.817543][ T5349]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   88.820158][ T5349]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   88.822539][ T5349]  i2c_smbus_xfer+0x1f4/0x310
[   88.824602][ T5349]  i2cdev_ioctl_smbus+0x3db/0x750
[   88.826897][ T5349]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   88.829265][ T5349]  i2cdev_ioctl+0x5d3/0x820
[   88.831273][ T5349]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.833490][ T5349]  ? __fget_files+0x2a/0x420
[   88.835700][ T5349]  ? __fget_files+0x3a0/0x420
[   88.837800][ T5349]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.840008][ T5349]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.842305][ T5349]  __se_sys_ioctl+0xfc/0x170
[   88.844323][ T5349]  do_syscall_64+0xec/0xf80
[   88.846454][ T5349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.849190][ T5349]  ? trace_irq_disable+0x37/0x100
[   88.851460][ T5349]  ? clear_bhb_loop+0x60/0xb0
[   88.853658][ T5349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.856526][ T5349] RIP: 0033:0x7f03ead8f7c9
[   88.858634][ T5349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.867036][ T5349] RSP: 002b:00007f03ebb58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.870760][ T5349] RAX: ffffffffffffffda RBX: 00007f03eafe6180 RCX: 00007f03ead8f7c9
[   88.874279][ T5349] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000004
[   88.877765][ T5349] RBP: 00007f03eae13f91 R08: 0000000000000000 R09: 0000000000000000
[   88.881313][ T5349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.884760][ T5349] R13: 00007f03eafe6218 R14: 00007f03eafe6180 R15: 00007fff2e397bb8
[   88.888166][ T5349]  </TASK>
[   88.889513][ T5349] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.892694][ T5349] CPU: 0 UID: 0 PID: 5349 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.896765][ T5349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.901575][ T5349] Call Trace:
[   88.903113][ T5349]  <TASK>
[   88.904467][ T5349]  vpanic+0x1e0/0x670
[   88.906280][ T5349]  panic+0xb9/0xc0
[   88.907941][ T5349]  ? __pfx_panic+0x10/0x10
[   88.910002][ T5349]  __warn+0x317/0x4b0
[   88.911782][ T5349]  ? usb_submit_urb+0x105c/0x18d0
[   88.913990][ T5349]  ? usb_submit_urb+0x105c/0x18d0
[   88.916239][ T5349]  __report_bug+0x288/0x500
[   88.918453][ T5349]  ? usb_submit_urb+0x105c/0x18d0
[   88.920647][ T5349]  ? __pfx___report_bug+0x10/0x10
[   88.922782][ T5349]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   88.925167][ T5349]  ? lockdep_hardirqs_on+0x7b/0x110
[   88.927524][ T5349]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   88.930071][ T5349]  ? stack_depot_save_flags+0x3f3/0x810
[   88.932470][ T5349]  report_bug_entry+0x19a/0x290
[   88.934626][ T5349]  ? usb_submit_urb+0x111c/0x18d0
[   88.936790][ T5349]  ? usb_submit_urb+0x1121/0x18d0
[   88.939167][ T5349]  handle_bug+0xca/0x200
[   88.940996][ T5349]  exc_invalid_op+0x1a/0x50
[   88.943115][ T5349]  asm_exc_invalid_op+0x1a/0x20
[   88.945246][ T5349] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   88.948055][ T5349] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   88.957163][ T5349] RSP: 0018:ffffc9000ae17680 EFLAGS: 00010246
[   88.959973][ T5349] RAX: 0000000000000000 RBX: ffff88803766c600 RCX: 0000000080000280
[   88.963610][ T5349] RDX: ffff8880312b0500 RSI: ffffffff8c141c20 RDI: ffffffff8f8f0ad0
[   88.967325][ T5349] RBP: 1ffff11006d21314 R08: 00000000000000c0 R09: 0000000000000000
[   88.971012][ T5349] R10: ffffc9000ae17780 R11: fffff520015c2efc R12: ffff8880316a0100
[   88.974432][ T5349] R13: ffff8880369098a0 R14: 0000000080000280 R15: ffff8880312b0500
[   88.977846][ T5349]  ? __init_swait_queue_head+0xa9/0x150
[   88.980322][ T5349]  usb_start_wait_urb+0x115/0x4f0
[   88.982508][ T5349]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   88.985028][ T5349]  usb_control_msg+0x232/0x3e0
[   88.987346][ T5349]  dtv5100_i2c_msg+0x231/0x2f0
[   88.989534][ T5349]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   88.991829][ T5349]  __i2c_transfer+0x79a/0x1f00
[   88.994005][ T5349]  ? __lock_acquire+0x146f/0x2cf0
[   88.996336][ T5349]  __i2c_smbus_xfer+0xf5d/0x1e20
[   88.998663][ T5349]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   89.001139][ T5349]  ? lockdep_hardirqs_on+0x7b/0x110
[   89.003465][ T5349]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   89.006055][ T5349]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   89.008429][ T5349]  i2c_smbus_xfer+0x1f4/0x310
[   89.010485][ T5349]  i2cdev_ioctl_smbus+0x3db/0x750
[   89.012802][ T5349]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   89.015421][ T5349]  i2cdev_ioctl+0x5d3/0x820
[   89.017496][ T5349]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   89.019848][ T5349]  ? __fget_files+0x2a/0x420
[   89.021889][ T5349]  ? __fget_files+0x3a0/0x420
[   89.023969][ T5349]  ? bpf_lsm_file_ioctl+0x9/0x20
[   89.026237][ T5349]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   89.028461][ T5349]  __se_sys_ioctl+0xfc/0x170
[   89.030506][ T5349]  do_syscall_64+0xec/0xf80
[   89.032492][ T5349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.035183][ T5349]  ? trace_irq_disable+0x37/0x100
[   89.037477][ T5349]  ? clear_bhb_loop+0x60/0xb0
[   89.039625][ T5349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.042274][ T5349] RIP: 0033:0x7f03ead8f7c9
[   89.044288][ T5349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.052582][ T5349] RSP: 002b:00007f03ebb58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   89.056395][ T5349] RAX: ffffffffffffffda RBX: 00007f03eafe6180 RCX: 00007f03ead8f7c9
[   89.059940][ T5349] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000004
[   89.063446][ T5349] RBP: 00007f03eae13f91 R08: 0000000000000000 R09: 0000000000000000
[   89.066971][ T5349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.070502][ T5349] R13: 00007f03eafe6218 R14: 00007f03eafe6180 R15: 00007fff2e397bb8
[   89.074014][ T5349]  </TASK>
[   89.075683][ T5349] Kernel Offset: disabled
[   89.077631][ T5349] Rebooting in 86400 seconds..