program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9300a000600050009ff0200"], 0xf)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000680)={0x14, 0x1, 0x8, 0x5, 0x0, 0x0, {0x3, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x800)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000001800)={0x0, 0x7, 0x1, &(0x7f0000000080)={0x2, "4ec019dd10115d6d00a2a62a2de22fa402ec04001000"}})

[  101.909028][ T5301] Bluetooth: hci0: command tx timeout
[  102.227823][ T1374] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  102.377697][ T1374] usb 5-1: Using ep0 maxpacket: 16
[  102.390421][ T1374] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  102.395224][ T1374] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.399549][ T1374] usb 5-1: Product: syz
[  102.401146][ T1374] usb 5-1: Manufacturer: syz
[  102.403034][ T1374] usb 5-1: SerialNumber: syz
[  102.416206][ T1374] usb 5-1: config 0 descriptor??
[  102.627252][ T5301] Bluetooth: Unknown LE signaling command 0x09
[  102.630459][ T5301] Bluetooth: Wrong link type (-22)
[  102.836600][ T1374] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  102.848369][ T1374] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  102.852993][ T1374] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  102.856902][ T1374] usb 5-1: media controller created
[  102.871474][ T1374] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  103.041202][ T1374] zl10353_read_register: readreg error (reg=127, ret==0)
[  103.044568][ T1374] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  103.048761][ T1374] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  103.418149][ T5325] ------------[ cut here ]------------
[  103.421043][ T5325] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[  103.424361][ T5325] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5325
[  103.428573][ T5325] Modules linked in:
[  103.430520][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  103.434664][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.439667][ T5325] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[  103.442157][ T5325] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[  103.451246][ T5325] RSP: 0018:ffffc9000e1af688 EFLAGS: 00010246
[  103.454328][ T5325] RAX: 0000000000000000 RBX: ffff88801243a500 RCX: 0000000080000280
[  103.458371][ T5325] RDX: ffff88801cef7460 RSI: ffffffff8c7f4000 RDI: ffffffff901f3bd0
[  103.461873][ T5325] RBP: 1ffff110085685a4 R08: 00000000000000c0 R09: 0000000000000000
[  103.466562][ T5325] R10: ffffc9000e1af780 R11: fffff52001c35efc R12: ffff88803806a100
[  103.471446][ T5325] R13: ffff888042b42d20 R14: 0000000080000280 R15: ffff88801cef7460
[  103.474790][ T5325] FS:  00007fc5c13d46c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000
[  103.478787][ T5325] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  103.481695][ T5325] CR2: 00007fc5c13d3ff8 CR3: 00000000378c6000 CR4: 0000000000352ef0
[  103.485569][ T5325] Call Trace:
[  103.487718][ T5325]  <TASK>
[  103.489325][ T5325]  ? __init_swait_queue_head+0xa9/0x150
[  103.491890][ T5325]  usb_start_wait_urb+0x13f/0x5b0
[  103.494095][ T5325]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  103.496372][ T5325]  usb_control_msg+0x234/0x3e0
[  103.498553][ T5325]  dtv5100_i2c_msg+0x231/0x2f0
[  103.500985][ T5325]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  103.503403][ T5325]  ? __bfs+0x153/0x290
[  103.505640][ T5325]  __i2c_transfer+0x79a/0x2020
[  103.508288][ T5325]  __i2c_smbus_xfer+0xfca/0x1f70
[  103.510498][ T5325]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  103.512888][ T5325]  ? lockdep_hardirqs_on+0x7a/0x110
[  103.515320][ T5325]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  103.518633][ T5325]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  103.521805][ T5325]  i2c_smbus_xfer+0x1f4/0x310
[  103.524088][ T5325]  i2cdev_ioctl_smbus+0x1e7/0x730
[  103.526362][ T5325]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  103.528937][ T5325]  i2cdev_ioctl+0x615/0x880
[  103.530895][ T5325]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  103.533272][ T5325]  ? __fget_files+0x2a/0x420
[  103.535580][ T5325]  ? __fget_files+0x3a0/0x420
[  103.540007][ T5325]  ? bpf_lsm_file_ioctl+0x9/0x20
[  103.542676][ T5325]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  103.545062][ T5325]  __se_sys_ioctl+0xfc/0x170
[  103.547888][ T5325]  do_syscall_64+0x14d/0xf80
[  103.550638][ T5325]  ? trace_irq_disable+0x3b/0x150
[  103.553465][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.556376][ T5325]  ? clear_bhb_loop+0x40/0x90
[  103.558959][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.561915][ T5325] RIP: 0033:0x7fc5c4f9c819
[  103.563982][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.573455][ T5325] RSP: 002b:00007fc5c13d3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.577573][ T5325] RAX: ffffffffffffffda RBX: 00007fc5c5216090 RCX: 00007fc5c4f9c819
[  103.581010][ T5325] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000004
[  103.584532][ T5325] RBP: 00007fc5c5032c91 R08: 0000000000000000 R09: 0000000000000000
[  103.588348][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.592322][ T5325] R13: 00007fc5c5216128 R14: 00007fc5c5216090 R15: 00007ffcaf8ec708
[  103.595990][ T5325]  </TASK>
[  103.597402][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  103.600600][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  103.606044][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  103.611089][ T5325] Call Trace:
[  103.612565][ T5325]  <TASK>
[  103.613917][ T5325]  vpanic+0x56c/0xa60
[  103.615715][ T5325]  ? __pfx__printk+0x10/0x10
[  103.617756][ T5325]  ? __pfx_vpanic+0x10/0x10
[  103.619708][ T5325]  ? is_bpf_text_address+0x292/0x2b0
[  103.622143][ T5325]  ? is_bpf_text_address+0x26/0x2b0
[  103.624770][ T5325]  panic+0xc5/0xd0
[  103.626776][ T5325]  ? __pfx_panic+0x10/0x10
[  103.628989][ T5325]  __warn+0x315/0x4f0
[  103.630610][ T5325]  ? usb_submit_urb+0x1053/0x18b0
[  103.632741][ T5325]  ? usb_submit_urb+0x1053/0x18b0
[  103.634804][ T5325]  __report_bug+0x29a/0x540
[  103.636919][ T5325]  ? usb_submit_urb+0x1053/0x18b0
[  103.639595][ T5325]  ? __pfx___report_bug+0x10/0x10
[  103.642190][ T5325]  ? lockdep_hardirqs_on+0x7a/0x110
[  103.645037][ T5325]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  103.647525][ T5325]  report_bug_entry+0x19a/0x290
[  103.649736][ T5325]  ? usb_submit_urb+0x1115/0x18b0
[  103.652014][ T5325]  ? usb_submit_urb+0x111a/0x18b0
[  103.654216][ T5325]  handle_bug+0xce/0x200
[  103.656143][ T5325]  exc_invalid_op+0x1a/0x50
[  103.658343][ T5325]  asm_exc_invalid_op+0x1a/0x20
[  103.660570][ T5325] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[  103.663087][ T5325] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[  103.672770][ T5325] RSP: 0018:ffffc9000e1af688 EFLAGS: 00010246
[  103.675868][ T5325] RAX: 0000000000000000 RBX: ffff88801243a500 RCX: 0000000080000280
[  103.679567][ T5325] RDX: ffff88801cef7460 RSI: ffffffff8c7f4000 RDI: ffffffff901f3bd0
[  103.683311][ T5325] RBP: 1ffff110085685a4 R08: 00000000000000c0 R09: 0000000000000000
[  103.686983][ T5325] R10: ffffc9000e1af780 R11: fffff52001c35efc R12: ffff88803806a100
[  103.690636][ T5325] R13: ffff888042b42d20 R14: 0000000080000280 R15: ffff88801cef7460
[  103.694244][ T5325]  ? usb_submit_urb+0x10a4/0x18b0
[  103.696579][ T5325]  ? __init_swait_queue_head+0xa9/0x150
[  103.699209][ T5325]  usb_start_wait_urb+0x13f/0x5b0
[  103.701817][ T5325]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  103.704647][ T5325]  usb_control_msg+0x234/0x3e0
[  103.707205][ T5325]  dtv5100_i2c_msg+0x231/0x2f0
[  103.709791][ T5325]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  103.712097][ T5325]  ? __bfs+0x153/0x290
[  103.714137][ T5325]  __i2c_transfer+0x79a/0x2020
[  103.716214][ T5325]  __i2c_smbus_xfer+0xfca/0x1f70
[  103.718860][ T5325]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  103.721852][ T5325]  ? lockdep_hardirqs_on+0x7a/0x110
[  103.724298][ T5325]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  103.726790][ T5325]  ? rt_mutex_lock_nested+0x15c/0x1e0
[  103.729174][ T5325]  i2c_smbus_xfer+0x1f4/0x310
[  103.731475][ T5325]  i2cdev_ioctl_smbus+0x1e7/0x730
[  103.734223][ T5325]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  103.737205][ T5325]  i2cdev_ioctl+0x615/0x880
[  103.739644][ T5325]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  103.742027][ T5325]  ? __fget_files+0x2a/0x420
[  103.744034][ T5325]  ? __fget_files+0x3a0/0x420
[  103.746114][ T5325]  ? bpf_lsm_file_ioctl+0x9/0x20
[  103.748192][ T5325]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  103.750412][ T5325]  __se_sys_ioctl+0xfc/0x170
[  103.752577][ T5325]  do_syscall_64+0x14d/0xf80
[  103.755274][ T5325]  ? trace_irq_disable+0x3b/0x150
[  103.757584][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.760267][ T5325]  ? clear_bhb_loop+0x40/0x90
[  103.762580][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.765150][ T5325] RIP: 0033:0x7fc5c4f9c819
[  103.767266][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.776660][ T5325] RSP: 002b:00007fc5c13d3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.780436][ T5325] RAX: ffffffffffffffda RBX: 00007fc5c5216090 RCX: 00007fc5c4f9c819
[  103.783877][ T5325] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000004
[  103.787258][ T5325] RBP: 00007fc5c5032c91 R08: 0000000000000000 R09: 0000000000000000
[  103.790805][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.794451][ T5325] R13: 00007fc5c5216128 R14: 00007fc5c5216090 R15: 00007ffcaf8ec708
[  103.797815][ T5325]  </TASK>
[  103.799584][ T5325] Kernel Offset: disabled
[  103.806079][ T5325] Rebooting in 86400 seconds..