program:
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000037c0)='-', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000003ac0)="bb", 0x1}], 0x1}}], 0x2, 0x60cd894)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000001800)={0x1, 0x88, 0x0, &(0x7f00000017c0)={0xe, "71a3000000180017c44bc71b476711532fa807596d0000000000000000f9ff00"}})

[   86.167774][ T4657] Bluetooth: hci0: command tx timeout
[   86.327675][ T5318] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   86.478357][ T5318] usb 5-1: Using ep0 maxpacket: 16
[   86.489494][ T5318] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[   86.493563][ T5318] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.497392][ T5318] usb 5-1: Product: syz
[   86.500268][ T5318] usb 5-1: Manufacturer: syz
[   86.502727][ T5318] usb 5-1: SerialNumber: syz
[   86.731138][ T5318] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[   86.748568][ T5318] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   86.753369][ T5318] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[   86.759726][ T5318] usb 5-1: media controller created
[   86.774561][ T5318] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   87.010783][ T5333] ------------[ cut here ]------------
[   87.013773][ T5333] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   87.017226][ T5333] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5333
[   87.021513][ T5333] Modules linked in:
[   87.024296][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.028427][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.032863][ T5333] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   87.035482][ T5333] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   87.045773][ T5333] RSP: 0018:ffffc900075ff608 EFLAGS: 00010246
[   87.050131][ T5333] RAX: 0000000000000000 RBX: ffff88803674ab00 RCX: 0000000080000280
[   87.053768][ T5333] RDX: ffff8880425bd800 RSI: ffffffff8c80b580 RDI: ffffffff903e6660
[   87.057203][ T5333] RBP: 1ffff110084b7a50 R08: 00000000000000c0 R09: 0000000000000000
[   87.060889][ T5333] R10: ffffc900075ff700 R11: fffff52000ebfeec R12: ffff888041e45100
[   87.065070][ T5333] R13: ffff8880425bd280 R14: 0000000080000280 R15: ffff8880425bd800
[   87.069819][ T5333] FS:  00007f7e3ee9d6c0(0000) GS:ffff88808c87c000(0000) knlGS:0000000000000000
[   87.074117][ T5333] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.077074][ T5333] CR2: 0000200000001800 CR3: 0000000036259000 CR4: 0000000000352ef0
[   87.080541][ T5333] Call Trace:
[   87.082235][ T5333]  <TASK>
[   87.083723][ T5333]  ? __init_swait_queue_head+0xa9/0x150
[   87.086099][ T5333]  usb_start_wait_urb+0x13f/0x5b0
[   87.088548][ T5333]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.090977][ T5333]  usb_control_msg+0x234/0x3e0
[   87.093137][ T5333]  gl861_ctrl_msg+0x207/0x420
[   87.095233][ T5333]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   87.097736][ T5333]  gl861_i2c_master_xfer+0x439/0x6a0
[   87.100681][ T5333]  ? rcu_is_watching+0x15/0xb0
[   87.103165][ T5333]  __i2c_transfer+0x79a/0x1f70
[   87.105469][ T5333]  __i2c_smbus_xfer+0x113e/0x2050
[   87.107971][ T5333]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.110303][ T5333]  ? rt_mutex_lock_nested+0x170/0x1e0
[   87.112776][ T5333]  ? do_vfs_ioctl+0x1166/0x1530
[   87.114962][ T5333]  i2c_smbus_xfer+0x1f4/0x310
[   87.117078][ T5333]  i2cdev_ioctl_smbus+0x1e7/0x730
[   87.119444][ T5333]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.121893][ T5333]  i2cdev_ioctl+0x615/0x880
[   87.123859][ T5333]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.126004][ T5333]  ? __fget_files+0x2a/0x420
[   87.128240][ T5333]  ? __fget_files+0x3a0/0x420
[   87.130065][ T5333]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.131935][ T5333]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.133853][ T5333]  __se_sys_ioctl+0xfc/0x170
[   87.135536][ T5333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.138003][ T5333]  do_syscall_64+0x15f/0xf80
[   87.139910][ T5333]  ? trace_irq_disable+0x3b/0x140
[   87.142304][ T5333]  ? clear_bhb_loop+0x40/0x90
[   87.144606][ T5333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.147381][ T5333] RIP: 0033:0x7f7e3df9ce59
[   87.149442][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.158264][ T5333] RSP: 002b:00007f7e3ee9cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.162315][ T5333] RAX: ffffffffffffffda RBX: 00007f7e3e215fa0 RCX: 00007f7e3df9ce59
[   87.166225][ T5333] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000007
[   87.169954][ T5333] RBP: 00007f7e3e032d6f R08: 0000000000000000 R09: 0000000000000000
[   87.173422][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.176987][ T5333] R13: 00007f7e3e216038 R14: 00007f7e3e215fa0 R15: 00007ffeaeb39028
[   87.180416][ T5333]  </TASK>
[   87.181872][ T5333] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.185096][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.189035][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.193372][ T5333] Call Trace:
[   87.194957][ T5333]  <TASK>
[   87.196386][ T5333]  vpanic+0x56c/0xa60
[   87.198372][ T5333]  ? __pfx__printk+0x10/0x10
[   87.200800][ T5333]  ? __pfx_vpanic+0x10/0x10
[   87.202771][ T5333]  ? is_bpf_text_address+0x292/0x2b0
[   87.205087][ T5333]  ? is_bpf_text_address+0x26/0x2b0
[   87.207342][ T5333]  panic+0xc5/0xd0
[   87.209064][ T5333]  ? __pfx_panic+0x10/0x10
[   87.211054][ T5333]  __warn+0x315/0x4c0
[   87.212882][ T5333]  ? usb_submit_urb+0x1053/0x18b0
[   87.215073][ T5333]  ? usb_submit_urb+0x1053/0x18b0
[   87.217200][ T5333]  __report_bug+0x29a/0x540
[   87.219411][ T5333]  ? usb_submit_urb+0x1053/0x18b0
[   87.221621][ T5333]  ? __pfx___report_bug+0x10/0x10
[   87.224021][ T5333]  ? lockdep_hardirqs_on+0x7a/0x110
[   87.226273][ T5333]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   87.228839][ T5333]  report_bug_entry+0x19a/0x290
[   87.231072][ T5333]  ? usb_submit_urb+0x1115/0x18b0
[   87.233243][ T5333]  ? usb_submit_urb+0x111a/0x18b0
[   87.235475][ T5333]  handle_bug+0xce/0x200
[   87.237240][ T5333]  exc_invalid_op+0x1a/0x50
[   87.239243][ T5333]  asm_exc_invalid_op+0x1a/0x20
[   87.241407][ T5333] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   87.243843][ T5333] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   87.252304][ T5333] RSP: 0018:ffffc900075ff608 EFLAGS: 00010246
[   87.254939][ T5333] RAX: 0000000000000000 RBX: ffff88803674ab00 RCX: 0000000080000280
[   87.258317][ T5333] RDX: ffff8880425bd800 RSI: ffffffff8c80b580 RDI: ffffffff903e6660
[   87.261803][ T5333] RBP: 1ffff110084b7a50 R08: 00000000000000c0 R09: 0000000000000000
[   87.265169][ T5333] R10: ffffc900075ff700 R11: fffff52000ebfeec R12: ffff888041e45100
[   87.268554][ T5333] R13: ffff8880425bd280 R14: 0000000080000280 R15: ffff8880425bd800
[   87.272238][ T5333]  ? usb_submit_urb+0x10a4/0x18b0
[   87.274652][ T5333]  ? __init_swait_queue_head+0xa9/0x150
[   87.277023][ T5333]  usb_start_wait_urb+0x13f/0x5b0
[   87.279224][ T5333]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   87.281620][ T5333]  usb_control_msg+0x234/0x3e0
[   87.283845][ T5333]  gl861_ctrl_msg+0x207/0x420
[   87.285970][ T5333]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   87.288301][ T5333]  gl861_i2c_master_xfer+0x439/0x6a0
[   87.290717][ T5333]  ? rcu_is_watching+0x15/0xb0
[   87.292899][ T5333]  __i2c_transfer+0x79a/0x1f70
[   87.295022][ T5333]  __i2c_smbus_xfer+0x113e/0x2050
[   87.297260][ T5333]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   87.299639][ T5333]  ? rt_mutex_lock_nested+0x170/0x1e0
[   87.302070][ T5333]  ? do_vfs_ioctl+0x1166/0x1530
[   87.304254][ T5333]  i2c_smbus_xfer+0x1f4/0x310
[   87.306428][ T5333]  i2cdev_ioctl_smbus+0x1e7/0x730
[   87.308662][ T5333]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   87.311129][ T5333]  i2cdev_ioctl+0x615/0x880
[   87.313268][ T5333]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.316169][ T5333]  ? __fget_files+0x2a/0x420
[   87.318716][ T5333]  ? __fget_files+0x3a0/0x420
[   87.321203][ T5333]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.323646][ T5333]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   87.326445][ T5333]  __se_sys_ioctl+0xfc/0x170
[   87.329142][ T5333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.332453][ T5333]  do_syscall_64+0x15f/0xf80
[   87.334929][ T5333]  ? trace_irq_disable+0x3b/0x140
[   87.337568][ T5333]  ? clear_bhb_loop+0x40/0x90
[   87.339965][ T5333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.342960][ T5333] RIP: 0033:0x7f7e3df9ce59
[   87.345282][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.353909][ T5333] RSP: 002b:00007f7e3ee9cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.357508][ T5333] RAX: ffffffffffffffda RBX: 00007f7e3e215fa0 RCX: 00007f7e3df9ce59
[   87.361052][ T5333] RDX: 0000200000001800 RSI: 0000000000000720 RDI: 0000000000000007
[   87.364589][ T5333] RBP: 00007f7e3e032d6f R08: 0000000000000000 R09: 0000000000000000
[   87.368025][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.371725][ T5333] R13: 00007f7e3e216038 R14: 00007f7e3e215fa0 R15: 00007ffeaeb39028
[   87.375538][ T5333]  </TASK>
[   87.377325][ T5333] Kernel Offset: disabled
[   87.379295][ T5333] Rebooting in 86400 seconds..