program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0xa, 0x5, 0x7})
ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000040)={0xb480000000000000, 0x6000, 0x7ffffffffffffffd, 0x0, 0x4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x14b082)
ioctl$SG_GET_PACK_ID(r4, 0x227c, &(0x7f0000000000))
r5 = syz_open_dev$I2C(&(0x7f0000000040), 0xc, 0x88000)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000140)={0x1, 0x6, 0x1, &(0x7f0000000000)={0x18, "3ac071ffbc4c9a216d398df0f558125211b40d6539c50000000000001800000001"}})

[   68.525017][ T4684] Bluetooth: hci0: command tx timeout
[   68.883057][ T5323] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   69.043372][ T5323] usb 5-1: Using ep0 maxpacket: 16
[   69.050853][ T5323] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   69.060598][ T5323] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.064491][ T5323] usb 5-1: Product: syz
[   69.066538][ T5323] usb 5-1: Manufacturer: syz
[   69.068484][ T5323] usb 5-1: SerialNumber: syz
[   69.076772][ T5323] usb 5-1: config 0 descriptor??
[   69.483949][ T5323] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[   69.495705][ T5323] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[   69.500412][ T5323] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[   69.506169][ T5323] usb 5-1: media controller created
[   69.518198][ T5323] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   69.691599][ T5323] zl10353_read_register: readreg error (reg=127, ret==0)
[   69.695300][ T5323] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[   69.698920][ T5323] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[   70.063263][ T5338] ------------[ cut here ]------------
[   70.065657][ T5338] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   70.069229][ T5338] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#0: syz.0.0/5338
[   70.073806][ T5338] Modules linked in:
[   70.075661][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.079046][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.083736][ T5338] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   70.086096][ T5338] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   70.095318][ T5338] RSP: 0018:ffffc9000ba67680 EFLAGS: 00010246
[   70.099049][ T5338] RAX: 0000000000000000 RBX: ffff888011435600 RCX: 0000000080000280
[   70.103137][ T5338] RDX: ffff888032c6f7e0 RSI: ffffffff8c141c20 RDI: ffffffff8f8f0ad0
[   70.106944][ T5338] RBP: 1ffff110084c386c R08: 00000000000000c0 R09: 0000000000000000
[   70.110499][ T5338] R10: ffffc9000ba67780 R11: fffff5200174cefc R12: ffff888000f80100
[   70.114143][ T5338] R13: ffff88804261c360 R14: 0000000080000280 R15: ffff888032c6f7e0
[   70.117910][ T5338] FS:  00007f10544436c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   70.121788][ T5338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.124936][ T5338] CR2: 00007f1054442fc8 CR3: 0000000036f14000 CR4: 0000000000352ef0
[   70.128586][ T5338] Call Trace:
[   70.130139][ T5338]  <TASK>
[   70.131523][ T5338]  ? __init_swait_queue_head+0xa9/0x150
[   70.133912][ T5338]  usb_start_wait_urb+0x115/0x4f0
[   70.136337][ T5338]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   70.138980][ T5338]  usb_control_msg+0x232/0x3e0
[   70.141271][ T5338]  dtv5100_i2c_msg+0x231/0x2f0
[   70.143536][ T5338]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   70.145797][ T5338]  __i2c_transfer+0x79a/0x1f00
[   70.148001][ T5338]  ? __lock_acquire+0x146f/0x2cf0
[   70.150243][ T5338]  __i2c_smbus_xfer+0xf5d/0x1e20
[   70.152473][ T5338]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   70.154950][ T5338]  ? lockdep_hardirqs_on+0x7b/0x110
[   70.157344][ T5338]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   70.159854][ T5338]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   70.162195][ T5338]  i2c_smbus_xfer+0x1f4/0x310
[   70.164353][ T5338]  i2cdev_ioctl_smbus+0x3db/0x750
[   70.166678][ T5338]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   70.169195][ T5338]  i2cdev_ioctl+0x5d3/0x820
[   70.171300][ T5338]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.173472][ T5338]  ? __fget_files+0x2a/0x420
[   70.175419][ T5338]  ? __fget_files+0x3a0/0x420
[   70.177441][ T5338]  ? bpf_lsm_file_ioctl+0x9/0x20
[   70.179428][ T5338]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.181624][ T5338]  __se_sys_ioctl+0xfc/0x170
[   70.183907][ T5338]  do_syscall_64+0xec/0xf80
[   70.186564][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.189297][ T5338]  ? trace_irq_disable+0x37/0x100
[   70.191477][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   70.193513][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.196120][ T5338] RIP: 0033:0x7f105358f7c9
[   70.197944][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.206231][ T5338] RSP: 002b:00007f1054443038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.210434][ T5338] RAX: ffffffffffffffda RBX: 00007f10537e6090 RCX: 00007f105358f7c9
[   70.214305][ T5338] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000008
[   70.217994][ T5338] RBP: 00007f1053613f91 R08: 0000000000000000 R09: 0000000000000000
[   70.221620][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.225294][ T5338] R13: 00007f10537e6128 R14: 00007f10537e6090 R15: 00007fff6d880098
[   70.228747][ T5338]  </TASK>
[   70.230140][ T5338] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   70.233188][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   70.237085][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.241664][ T5338] Call Trace:
[   70.243211][ T5338]  <TASK>
[   70.244577][ T5338]  vpanic+0x1e0/0x670
[   70.246310][ T5338]  panic+0xb9/0xc0
[   70.248040][ T5338]  ? __pfx_panic+0x10/0x10
[   70.249942][ T5338]  __warn+0x317/0x4b0
[   70.251763][ T5338]  ? usb_submit_urb+0x105c/0x18d0
[   70.254016][ T5338]  ? usb_submit_urb+0x105c/0x18d0
[   70.256502][ T5338]  __report_bug+0x288/0x500
[   70.258220][ T5338]  ? usb_submit_urb+0x105c/0x18d0
[   70.260171][ T5338]  ? __pfx___report_bug+0x10/0x10
[   70.262481][ T5338]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   70.264990][ T5338]  ? lockdep_hardirqs_on+0x7b/0x110
[   70.267335][ T5338]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   70.269800][ T5338]  ? stack_depot_save_flags+0x3f3/0x810
[   70.272218][ T5338]  report_bug_entry+0x19a/0x290
[   70.274287][ T5338]  ? usb_submit_urb+0x111c/0x18d0
[   70.276455][ T5338]  ? usb_submit_urb+0x1121/0x18d0
[   70.278597][ T5338]  handle_bug+0xca/0x200
[   70.280344][ T5338]  exc_invalid_op+0x1a/0x50
[   70.282238][ T5338]  asm_exc_invalid_op+0x1a/0x20
[   70.284383][ T5338] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[   70.286824][ T5338] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[   70.295109][ T5338] RSP: 0018:ffffc9000ba67680 EFLAGS: 00010246
[   70.297723][ T5338] RAX: 0000000000000000 RBX: ffff888011435600 RCX: 0000000080000280
[   70.301359][ T5338] RDX: ffff888032c6f7e0 RSI: ffffffff8c141c20 RDI: ffffffff8f8f0ad0
[   70.305054][ T5338] RBP: 1ffff110084c386c R08: 00000000000000c0 R09: 0000000000000000
[   70.308994][ T5338] R10: ffffc9000ba67780 R11: fffff5200174cefc R12: ffff888000f80100
[   70.312610][ T5338] R13: ffff88804261c360 R14: 0000000080000280 R15: ffff888032c6f7e0
[   70.315931][ T5338]  ? __init_swait_queue_head+0xa9/0x150
[   70.318288][ T5338]  usb_start_wait_urb+0x115/0x4f0
[   70.320601][ T5338]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   70.322910][ T5338]  usb_control_msg+0x232/0x3e0
[   70.324860][ T5338]  dtv5100_i2c_msg+0x231/0x2f0
[   70.326691][ T5338]  dtv5100_i2c_xfer+0x1a4/0x3c0
[   70.328537][ T5338]  __i2c_transfer+0x79a/0x1f00
[   70.330380][ T5338]  ? __lock_acquire+0x146f/0x2cf0
[   70.332544][ T5338]  __i2c_smbus_xfer+0xf5d/0x1e20
[   70.334321][ T5338]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   70.336674][ T5338]  ? lockdep_hardirqs_on+0x7b/0x110
[   70.338896][ T5338]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   70.341180][ T5338]  ? rt_mutex_lock_nested+0x15e/0x1e0
[   70.343464][ T5338]  i2c_smbus_xfer+0x1f4/0x310
[   70.345369][ T5338]  i2cdev_ioctl_smbus+0x3db/0x750
[   70.347571][ T5338]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   70.349787][ T5338]  i2cdev_ioctl+0x5d3/0x820
[   70.351612][ T5338]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.353813][ T5338]  ? __fget_files+0x2a/0x420
[   70.355928][ T5338]  ? __fget_files+0x3a0/0x420
[   70.358057][ T5338]  ? bpf_lsm_file_ioctl+0x9/0x20
[   70.360408][ T5338]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   70.362629][ T5338]  __se_sys_ioctl+0xfc/0x170
[   70.364717][ T5338]  do_syscall_64+0xec/0xf80
[   70.366821][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.369568][ T5338]  ? trace_irq_disable+0x37/0x100
[   70.371871][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   70.373981][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.376689][ T5338] RIP: 0033:0x7f105358f7c9
[   70.378654][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.386380][ T5338] RSP: 002b:00007f1054443038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.390025][ T5338] RAX: ffffffffffffffda RBX: 00007f10537e6090 RCX: 00007f105358f7c9
[   70.393555][ T5338] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000008
[   70.397160][ T5338] RBP: 00007f1053613f91 R08: 0000000000000000 R09: 0000000000000000
[   70.400338][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   70.403949][ T5338] R13: 00007f10537e6128 R14: 00007f10537e6090 R15: 00007fff6d880098
[   70.406810][ T5338]  </TASK>
[   70.408493][ T5338] Kernel Offset: disabled
[   70.410495][ T5338] Rebooting in 86400 seconds..