program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="180500000800000000000000000000008500000075000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='afs_make_fs_call2\x00', r1, 0x0, 0x6a19}, 0x18)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0x8001, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5})
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000040)={0x0, 0x40, 0x1, &(0x7f0000000000)={0xf, "4428967b23d183469b765b75751d09a04089092754edae1c6b8fd105eb046e7694"}})
ioctl$I2C_PEC(r2, 0x708, 0xd3c)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x5, &(0x7f0000000100)={0x1c, "3ac071ffbc8cd0d684737d99bb8bd238954c9a216d398df0f558125211b40c65fd"}})

[   87.170947][ T5286] Bluetooth: hci0: command tx timeout
[   87.571218][ T5320] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   87.729697][ T5320] usb 5-1: Using ep0 maxpacket: 16
[   87.737590][ T5320] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   87.742124][ T5320] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.745562][ T5320] usb 5-1: Product: syz
[   87.747547][ T5320] usb 5-1: Manufacturer: syz
[   87.750227][ T5320] usb 5-1: SerialNumber: syz
[   87.758268][ T5320] usb 5-1: config 0 descriptor??
[   88.233002][ T5320] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   88.242171][ T5320] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   88.246383][ T5320] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   88.251284][ T5320] usb 5-1: media controller created
[   88.263844][ T5320] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   88.435232][ T5320] zl10353_read_register: readreg error (reg=127, ret==0)
[   88.441025][ T5322] iommufd_mock iommufd_mock0: Adding to iommu group 11
[   88.447510][ T5320] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   88.459749][ T5320] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   88.479954][ T5322] ------------[ cut here ]------------
[   88.483392][ T5322] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   88.487331][ T5322] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5322
[   88.492420][ T5322] Modules linked in:
[   88.495200][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.500857][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   88.505481][ T5322] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   88.508040][ T5322] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   88.516122][ T5322] RSP: 0018:ffffc90005ebf688 EFLAGS: 00010246
[   88.518980][ T5322] RAX: 0000000000000000 RBX: ffff88803313e800 RCX: 0000000080000280
[   88.522517][ T5322] RDX: ffff88801ab9bfc0 RSI: ffffffff8c808560 RDI: ffffffff903e05c0
[   88.526190][ T5322] RBP: 1ffff1100880a28c R08: 00000000000000c0 R09: 0000000000000000
[   88.532123][ T5322] R10: ffffc90005ebf780 R11: fffff52000bd7efc R12: ffff888041a90100
[   88.536702][ T5322] R13: ffff888044051460 R14: 0000000080000280 R15: ffff88801ab9bfc0
[   88.541347][ T5322] FS:  00007fe89eb396c0(0000) GS:ffff88808c88b000(0000) knlGS:0000000000000000
[   88.545425][ T5322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   88.548500][ T5322] CR2: 000055f8ca210ae8 CR3: 0000000041276000 CR4: 0000000000352ef0
[   88.552389][ T5322] Call Trace:
[   88.553808][ T5322]  <TASK>
[   88.555116][ T5322]  ? __init_swait_queue_head+0xa9/0x150
[   88.557574][ T5322]  usb_start_wait_urb+0x13f/0x5b0
[   88.560211][ T5322]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   88.562621][ T5322]  usb_control_msg+0x234/0x3e0
[   88.564733][ T5322]  dtv5100_i2c_msg+0x231/0x2f0
[   88.566886][ T5322]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   88.569130][ T5322]  __i2c_transfer+0x79a/0x1f70
[   88.571445][ T5322]  ? __lock_acquire+0x146e/0x2cf0
[   88.573580][ T5322]  __i2c_smbus_xfer+0xfca/0x1eb0
[   88.575591][ T5322]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   88.578135][ T5322]  ? lockdep_hardirqs_on+0x7a/0x110
[   88.580438][ T5322]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   88.582798][ T5322]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   88.584968][ T5322]  i2c_smbus_xfer+0x1f4/0x310
[   88.587101][ T5322]  i2cdev_ioctl_smbus+0x1e7/0x730
[   88.589257][ T5322]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   88.591777][ T5322]  i2cdev_ioctl+0x615/0x880
[   88.593852][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.596181][ T5322]  ? __fget_files+0x2a/0x420
[   88.598405][ T5322]  ? __fget_files+0x3a0/0x420
[   88.600888][ T5322]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.603099][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.605659][ T5322]  __se_sys_ioctl+0xfc/0x170
[   88.607842][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.611492][ T5322]  do_syscall_64+0x15f/0xf80
[   88.613781][ T5322]  ? trace_irq_disable+0x3b/0x140
[   88.616331][ T5322]  ? clear_bhb_loop+0x40/0x90
[   88.618720][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.621315][ T5322] RIP: 0033:0x7fe89db9cdd9
[   88.623243][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   88.631969][ T5322] RSP: 002b:00007fe89eb38fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.636383][ T5322] RAX: ffffffffffffffda RBX: 00007fe89de15fa0 RCX: 00007fe89db9cdd9
[   88.640504][ T5322] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000005
[   88.644156][ T5322] RBP: 00007fe89dc32d69 R08: 0000000000000000 R09: 0000000000000000
[   88.647543][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.651113][ T5322] R13: 00007fe89de16038 R14: 00007fe89de15fa0 R15: 00007ffe430a3248
[   88.654689][ T5322]  </TASK>
[   88.656079][ T5322] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   88.659308][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   88.663371][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   88.667786][ T5322] Call Trace:
[   88.669355][ T5322]  <TASK>
[   88.670769][ T5322]  vpanic+0x56c/0xa60
[   88.672781][ T5322]  ? __pfx__printk+0x10/0x10
[   88.674886][ T5322]  ? __pfx_vpanic+0x10/0x10
[   88.676944][ T5322]  ? is_bpf_text_address+0x292/0x2b0
[   88.679269][ T5322]  ? is_bpf_text_address+0x26/0x2b0
[   88.681581][ T5322]  panic+0xc5/0xd0
[   88.683252][ T5322]  ? __pfx_panic+0x10/0x10
[   88.685320][ T5322]  __warn+0x315/0x4c0
[   88.687087][ T5322]  ? usb_submit_urb+0x1053/0x18b0
[   88.689381][ T5322]  ? usb_submit_urb+0x1053/0x18b0
[   88.691636][ T5322]  __report_bug+0x29a/0x540
[   88.693692][ T5322]  ? usb_submit_urb+0x1053/0x18b0
[   88.696013][ T5322]  ? __pfx___report_bug+0x10/0x10
[   88.698320][ T5322]  ? lockdep_hardirqs_on+0x7a/0x110
[   88.700741][ T5322]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   88.703390][ T5322]  report_bug_entry+0x19a/0x290
[   88.705629][ T5322]  ? usb_submit_urb+0x1115/0x18b0
[   88.707922][ T5322]  ? usb_submit_urb+0x111a/0x18b0
[   88.710328][ T5322]  handle_bug+0xce/0x200
[   88.712305][ T5322]  exc_invalid_op+0x1a/0x50
[   88.714384][ T5322]  asm_exc_invalid_op+0x1a/0x20
[   88.716700][ T5322] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   88.719171][ T5322] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   88.727758][ T5322] RSP: 0018:ffffc90005ebf688 EFLAGS: 00010246
[   88.730467][ T5322] RAX: 0000000000000000 RBX: ffff88803313e800 RCX: 0000000080000280
[   88.733942][ T5322] RDX: ffff88801ab9bfc0 RSI: ffffffff8c808560 RDI: ffffffff903e05c0
[   88.737377][ T5322] RBP: 1ffff1100880a28c R08: 00000000000000c0 R09: 0000000000000000
[   88.740843][ T5322] R10: ffffc90005ebf780 R11: fffff52000bd7efc R12: ffff888041a90100
[   88.744310][ T5322] R13: ffff888044051460 R14: 0000000080000280 R15: ffff88801ab9bfc0
[   88.747883][ T5322]  ? usb_submit_urb+0x10a4/0x18b0
[   88.750329][ T5322]  ? __init_swait_queue_head+0xa9/0x150
[   88.752906][ T5322]  usb_start_wait_urb+0x13f/0x5b0
[   88.755248][ T5322]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   88.757750][ T5322]  usb_control_msg+0x234/0x3e0
[   88.760005][ T5322]  dtv5100_i2c_msg+0x231/0x2f0
[   88.762235][ T5322]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   88.764440][ T5322]  __i2c_transfer+0x79a/0x1f70
[   88.766623][ T5322]  ? __lock_acquire+0x146e/0x2cf0
[   88.769061][ T5322]  __i2c_smbus_xfer+0xfca/0x1eb0
[   88.771391][ T5322]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   88.773919][ T5322]  ? lockdep_hardirqs_on+0x7a/0x110
[   88.776297][ T5322]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   88.778977][ T5322]  ? rt_mutex_lock_nested+0x15c/0x1e0
[   88.781453][ T5322]  i2c_smbus_xfer+0x1f4/0x310
[   88.783621][ T5322]  i2cdev_ioctl_smbus+0x1e7/0x730
[   88.785944][ T5322]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   88.788553][ T5322]  i2cdev_ioctl+0x615/0x880
[   88.790690][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.793011][ T5322]  ? __fget_files+0x2a/0x420
[   88.795165][ T5322]  ? __fget_files+0x3a0/0x420
[   88.797313][ T5322]  ? bpf_lsm_file_ioctl+0x9/0x20
[   88.799634][ T5322]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   88.802000][ T5322]  __se_sys_ioctl+0xfc/0x170
[   88.804186][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.806975][ T5322]  do_syscall_64+0x15f/0xf80
[   88.809059][ T5322]  ? trace_irq_disable+0x3b/0x140
[   88.811345][ T5322]  ? clear_bhb_loop+0x40/0x90
[   88.813539][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.816322][ T5322] RIP: 0033:0x7fe89db9cdd9
[   88.818420][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   88.827360][ T5322] RSP: 002b:00007fe89eb38fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.831075][ T5322] RAX: ffffffffffffffda RBX: 00007fe89de15fa0 RCX: 00007fe89db9cdd9
[   88.834734][ T5322] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000005
[   88.838352][ T5322] RBP: 00007fe89dc32d69 R08: 0000000000000000 R09: 0000000000000000
[   88.841952][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.845535][ T5322] R13: 00007fe89de16038 R14: 00007fe89de15fa0 R15: 00007ffe430a3248
[   88.849084][ T5322]  </TASK>
[   88.850891][ T5322] Kernel Offset: disabled
[   88.852899][ T5322] Rebooting in 86400 seconds..