program:
r0 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x1, 0x5, 0x1, &(0x7f0000000000)={0x16, "aef41899d330849bbbe2b66a800874c408c32698d5549b97b5d7e94e1c50263110"}})
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000580)=[{0x4, 0x1010, 0x0, 0x0}, {0xc, 0xf200, 0x0, 0x0}, {0x0, 0x801, 0x0, 0x0}], 0x3})

[  162.700304][ T5306] Bluetooth: hci0: command tx timeout
[  163.001610][ T5328] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  163.151932][ T5328] usb 5-1: Using ep0 maxpacket: 16
[  163.159111][ T5328] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  163.164395][ T5328] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.169112][ T5328] usb 5-1: Product: syz
[  163.172258][ T5328] usb 5-1: Manufacturer: syz
[  163.174410][ T5328] usb 5-1: SerialNumber: syz
[  163.182516][ T5328] usb 5-1: config 0 descriptor??
[  163.594235][ T5328] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  163.605339][ T5328] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  163.610654][ T5328] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  163.616514][ T5328] usb 5-1: media controller created
[  163.629679][ T5328] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  164.173624][ T5328] zl10353_read_register: readreg error (reg=127, ret==0)
[  164.178910][ T5328] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  164.185126][ T5328] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  164.192715][ T5330] ------------[ cut here ]------------
[  164.195801][ T5330] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[  164.199903][ T5330] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.0.0/5330
[  164.206784][ T5330] Modules linked in:
[  164.209217][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  164.213631][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  164.218422][ T5330] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  164.221295][ T5330] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  164.231662][ T5330] RSP: 0018:ffffc9000d9b7688 EFLAGS: 00010246
[  164.234566][ T5330] RAX: 0000000000000000 RBX: ffff888034417b00 RCX: 0000000080000280
[  164.238417][ T5330] RDX: ffff888038f7dc40 RSI: ffffffff8c7f1ba0 RDI: ffffffff901eec10
[  164.243261][ T5330] RBP: 1ffff1100813e3c8 R08: 00000000000000c0 R09: 0000000000000000
[  164.248163][ T5330] R10: ffffc9000d9b7780 R11: fffff52001b36efc R12: ffff888034708100
[  164.252633][ T5330] R13: ffff8880409f1e40 R14: 0000000080000280 R15: ffff888038f7dc40
[  164.256335][ T5330] FS:  00007fec4678f6c0(0000) GS:ffff88808ca58000(0000) knlGS:0000000000000000
[  164.260962][ T5330] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  164.264837][ T5330] CR2: 000055e6a1dbc9c0 CR3: 0000000041dc9000 CR4: 0000000000352ef0
[  164.269207][ T5330] Call Trace:
[  164.271342][ T5330]  <TASK>
[  164.272902][ T5330]  ? __init_swait_queue_head+0xa9/0x150
[  164.275623][ T5330]  usb_start_wait_urb+0x12b/0x510
[  164.278047][ T5330]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  164.280836][ T5330]  usb_control_msg+0x232/0x3e0
[  164.283961][ T5330]  dtv5100_i2c_msg+0x231/0x2f0
[  164.286879][ T5330]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  164.289560][ T5330]  __i2c_transfer+0x79a/0x2020
[  164.291887][ T5330]  __i2c_smbus_xfer+0xfca/0x1f70
[  164.294205][ T5330]  ? rt_mutex_slowlock+0x1fd/0x7b0
[  164.296647][ T5330]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  164.299325][ T5330]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  164.302002][ T5330]  ? rt_mutex_lock_nested+0x170/0x1e0
[  164.304829][ T5330]  ? do_vfs_ioctl+0x1166/0x1530
[  164.307551][ T5330]  i2c_smbus_xfer+0x1f4/0x310
[  164.310058][ T5330]  i2cdev_ioctl_smbus+0x434/0x730
[  164.312716][ T5330]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  164.315418][ T5330]  i2cdev_ioctl+0x615/0x880
[  164.317658][ T5330]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  164.320134][ T5330]  ? __fget_files+0x2a/0x420
[  164.322833][ T5330]  ? __fget_files+0x3a0/0x420
[  164.325533][ T5330]  ? bpf_lsm_file_ioctl+0x9/0x20
[  164.328340][ T5330]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  164.330796][ T5330]  __se_sys_ioctl+0xfc/0x170
[  164.333668][ T5330]  do_syscall_64+0x14d/0xf80
[  164.335944][ T5330]  ? trace_irq_disable+0x3b/0x150
[  164.338791][ T5330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.341834][ T5330]  ? clear_bhb_loop+0x40/0x90
[  164.344354][ T5330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.347596][ T5330] RIP: 0033:0x7fec4599c799
[  164.350618][ T5330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  164.359335][ T5330] RSP: 002b:00007fec4678efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  164.363815][ T5330] RAX: ffffffffffffffda RBX: 00007fec45c15fa0 RCX: 00007fec4599c799
[  164.367447][ T5330] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[  164.370984][ T5330] RBP: 00007fec45a32c99 R08: 0000000000000000 R09: 0000000000000000
[  164.375939][ T5330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  164.380022][ T5330] R13: 00007fec45c16038 R14: 00007fec45c15fa0 R15: 00007ffc9af80a18
[  164.383768][ T5330]  </TASK>
[  164.385196][ T5330] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  164.388932][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  164.393203][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  164.397642][ T5330] Call Trace:
[  164.399144][ T5330]  <TASK>
[  164.400686][ T5330]  vpanic+0x56c/0xa60
[  164.402858][ T5330]  ? __pfx__printk+0x10/0x10
[  164.405398][ T5330]  ? __pfx_vpanic+0x10/0x10
[  164.407644][ T5330]  ? is_bpf_text_address+0x292/0x2b0
[  164.410067][ T5330]  ? is_bpf_text_address+0x26/0x2b0
[  164.412529][ T5330]  panic+0xc5/0xd0
[  164.414363][ T5330]  ? __pfx_panic+0x10/0x10
[  164.416966][ T5330]  __warn+0x315/0x4f0
[  164.419466][ T5330]  ? usb_submit_urb+0x1052/0x18b0
[  164.422215][ T5330]  ? usb_submit_urb+0x1052/0x18b0
[  164.424541][ T5330]  __report_bug+0x29a/0x540
[  164.426974][ T5330]  ? usb_submit_urb+0x1052/0x18b0
[  164.429286][ T5330]  ? __pfx___report_bug+0x10/0x10
[  164.432043][ T5330]  ? lockdep_hardirqs_on+0x7a/0x110
[  164.434911][ T5330]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  164.437925][ T5330]  report_bug_entry+0x19a/0x290
[  164.440237][ T5330]  ? usb_submit_urb+0x1114/0x18b0
[  164.442546][ T5330]  ? usb_submit_urb+0x1119/0x18b0
[  164.444922][ T5330]  handle_bug+0xce/0x200
[  164.447889][ T5330]  exc_invalid_op+0x1a/0x50
[  164.450347][ T5330]  asm_exc_invalid_op+0x1a/0x20
[  164.452876][ T5330] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  164.455393][ T5330] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  164.464296][ T5330] RSP: 0018:ffffc9000d9b7688 EFLAGS: 00010246
[  164.467774][ T5330] RAX: 0000000000000000 RBX: ffff888034417b00 RCX: 0000000080000280
[  164.471665][ T5330] RDX: ffff888038f7dc40 RSI: ffffffff8c7f1ba0 RDI: ffffffff901eec10
[  164.475229][ T5330] RBP: 1ffff1100813e3c8 R08: 00000000000000c0 R09: 0000000000000000
[  164.479024][ T5330] R10: ffffc9000d9b7780 R11: fffff52001b36efc R12: ffff888034708100
[  164.483039][ T5330] R13: ffff8880409f1e40 R14: 0000000080000280 R15: ffff888038f7dc40
[  164.487259][ T5330]  ? usb_submit_urb+0x10a3/0x18b0
[  164.490123][ T5330]  ? __init_swait_queue_head+0xa9/0x150
[  164.492917][ T5330]  usb_start_wait_urb+0x12b/0x510
[  164.495404][ T5330]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  164.498113][ T5330]  usb_control_msg+0x232/0x3e0
[  164.500443][ T5330]  dtv5100_i2c_msg+0x231/0x2f0
[  164.502718][ T5330]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  164.505136][ T5330]  __i2c_transfer+0x79a/0x2020
[  164.507774][ T5330]  __i2c_smbus_xfer+0xfca/0x1f70
[  164.510193][ T5330]  ? rt_mutex_slowlock+0x1fd/0x7b0
[  164.512679][ T5330]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  164.515233][ T5330]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  164.517768][ T5330]  ? rt_mutex_lock_nested+0x170/0x1e0
[  164.520272][ T5330]  ? do_vfs_ioctl+0x1166/0x1530
[  164.522571][ T5330]  i2c_smbus_xfer+0x1f4/0x310
[  164.524819][ T5330]  i2cdev_ioctl_smbus+0x434/0x730
[  164.527215][ T5330]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  164.529801][ T5330]  i2cdev_ioctl+0x615/0x880
[  164.532052][ T5330]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  164.534392][ T5330]  ? __fget_files+0x2a/0x420
[  164.536452][ T5330]  ? __fget_files+0x3a0/0x420
[  164.538517][ T5330]  ? bpf_lsm_file_ioctl+0x9/0x20
[  164.540890][ T5330]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  164.543264][ T5330]  __se_sys_ioctl+0xfc/0x170
[  164.545518][ T5330]  do_syscall_64+0x14d/0xf80
[  164.547816][ T5330]  ? trace_irq_disable+0x3b/0x150
[  164.550206][ T5330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.552918][ T5330]  ? clear_bhb_loop+0x40/0x90
[  164.555183][ T5330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.558004][ T5330] RIP: 0033:0x7fec4599c799
[  164.560143][ T5330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  164.569884][ T5330] RSP: 002b:00007fec4678efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  164.573806][ T5330] RAX: ffffffffffffffda RBX: 00007fec45c15fa0 RCX: 00007fec4599c799
[  164.577614][ T5330] RDX: 0000200000000040 RSI: 0000000000000720 RDI: 0000000000000004
[  164.581555][ T5330] RBP: 00007fec45a32c99 R08: 0000000000000000 R09: 0000000000000000
[  164.585915][ T5330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  164.589356][ T5330] R13: 00007fec45c16038 R14: 00007fec45c15fa0 R15: 00007ffc9af80a18
[  164.592853][ T5330]  </TASK>
[  164.594615][ T5330] Kernel Offset: disabled
[  164.596769][ T5330] Rebooting in 86400 seconds..