program:
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x2, 0x20002)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f00000003c0)=[{0x3, 0x2801, 0x0, 0x0}], 0x1})

[   84.598214][   T44] Bluetooth: hci0: command tx timeout
[   84.692307][ T5326] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   84.847780][ T5326] usb 5-1: Using ep0 maxpacket: 16
[   84.855768][ T5326] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[   84.859816][ T5326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.863051][ T5326] usb 5-1: Product: syz
[   84.865717][ T5326] usb 5-1: Manufacturer: syz
[   84.869297][ T5326] usb 5-1: SerialNumber: syz
[   85.090259][ T5326] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[   85.102189][ T5326] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   85.107053][ T5326] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[   85.111799][ T5326] usb 5-1: media controller created
[   85.125166][ T5326] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   85.350896][ T5328] ------------[ cut here ]------------
[   85.353705][ T5328] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   85.357424][ T5328] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5328
[   85.362011][ T5328] Modules linked in:
[   85.364201][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.368064][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.372218][ T5328] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   85.374648][ T5328] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   85.383128][ T5328] RSP: 0018:ffffc9000c33f8c8 EFLAGS: 00010246
[   85.386013][ T5328] RAX: 0000000000000000 RBX: ffff88801fc47a00 RCX: 0000000080000280
[   85.389766][ T5328] RDX: ffff888034bf5e20 RSI: ffffffff8c80d7e0 RDI: ffffffff903dbb80
[   85.393244][ T5328] RBP: 1ffff11006abe1bc R08: 00000000000000c0 R09: 0000000000000000
[   85.396667][ T5328] R10: ffffc9000c33f9c0 R11: fffff52001867f44 R12: ffff888012dec100
[   85.400240][ T5328] R13: ffff8880355f0de0 R14: 0000000080000280 R15: ffff888034bf5e20
[   85.403504][ T5328] FS:  00007f26e5b1b6c0(0000) GS:ffff88808c891000(0000) knlGS:0000000000000000
[   85.406838][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.409711][ T5328] CR2: 0000560e9256ca10 CR3: 000000001fd63000 CR4: 0000000000352ef0
[   85.412961][ T5328] Call Trace:
[   85.414496][ T5328]  <TASK>
[   85.415732][ T5328]  ? __init_swait_queue_head+0xa9/0x150
[   85.418184][ T5328]  usb_start_wait_urb+0x13f/0x5b0
[   85.420223][ T5328]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   85.422552][ T5328]  usb_control_msg+0x234/0x3e0
[   85.424573][ T5328]  gl861_ctrl_msg+0x207/0x420
[   85.426642][ T5328]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   85.428977][ T5328]  ? rt_mutex_slowlock+0x1fd/0x780
[   85.431587][ T5328]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   85.433907][ T5328]  gl861_i2c_master_xfer+0x439/0x6a0
[   85.436112][ T5328]  __i2c_transfer+0x79a/0x1f70
[   85.438393][ T5328]  ? i2c_transfer+0xc8/0x2d0
[   85.440410][ T5328]  i2c_transfer+0x1cc/0x2d0
[   85.442387][ T5328]  i2cdev_ioctl_rdwr+0x460/0x740
[   85.444489][ T5328]  i2cdev_ioctl+0x6a5/0x880
[   85.446364][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.448582][ T5328]  ? __fget_files+0x3a0/0x420
[   85.450625][ T5328]  ? __fget_files+0x2a/0x420
[   85.452660][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.454759][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.457013][ T5328]  __se_sys_ioctl+0xfc/0x170
[   85.459279][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.464596][ T5328]  do_syscall_64+0x174/0x580
[   85.466580][ T5328]  ? trace_irq_disable+0x3b/0x140
[   85.468925][ T5328]  ? clear_bhb_loop+0x40/0x90
[   85.471065][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.473532][ T5328] RIP: 0033:0x7f26e4b9ce59
[   85.475420][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.484053][ T5328] RSP: 002b:00007f26e5b1afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.487467][ T5328] RAX: ffffffffffffffda RBX: 00007f26e4e15fa0 RCX: 00007f26e4b9ce59
[   85.491390][ T5328] RDX: 0000200000000080 RSI: 0000000000000707 RDI: 0000000000000004
[   85.494746][ T5328] RBP: 00007f26e4c32d6f R08: 0000000000000000 R09: 0000000000000000
[   85.498233][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.501676][ T5328] R13: 00007f26e4e16038 R14: 00007f26e4e15fa0 R15: 00007ffe884ba1e8
[   85.505105][ T5328]  </TASK>
[   85.506568][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.509799][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.514011][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.518241][ T5328] Call Trace:
[   85.519634][ T5328]  <TASK>
[   85.520859][ T5328]  vpanic+0x56c/0xa60
[   85.522484][ T5328]  ? __pfx__printk+0x10/0x10
[   85.524543][ T5328]  ? __pfx_vpanic+0x10/0x10
[   85.526622][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   85.528922][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   85.531042][ T5328]  panic+0xc5/0xd0
[   85.532589][ T5328]  ? __pfx_panic+0x10/0x10
[   85.534579][ T5328]  __warn+0x315/0x4c0
[   85.536543][ T5328]  ? usb_submit_urb+0x1053/0x18b0
[   85.538789][ T5328]  ? usb_submit_urb+0x1053/0x18b0
[   85.540759][ T5328]  __report_bug+0x29a/0x540
[   85.542623][ T5328]  ? usb_submit_urb+0x1053/0x18b0
[   85.544671][ T5328]  ? __pfx___report_bug+0x10/0x10
[   85.546833][ T5328]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.549087][ T5328]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   85.551623][ T5328]  report_bug_entry+0x19a/0x290
[   85.553661][ T5328]  ? usb_submit_urb+0x1115/0x18b0
[   85.555765][ T5328]  ? usb_submit_urb+0x111a/0x18b0
[   85.557836][ T5328]  handle_bug+0xce/0x200
[   85.559984][ T5328]  exc_invalid_op+0x1a/0x50
[   85.561923][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   85.563831][ T5328] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   85.566192][ T5328] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   85.574018][ T5328] RSP: 0018:ffffc9000c33f8c8 EFLAGS: 00010246
[   85.576401][ T5328] RAX: 0000000000000000 RBX: ffff88801fc47a00 RCX: 0000000080000280
[   85.579724][ T5328] RDX: ffff888034bf5e20 RSI: ffffffff8c80d7e0 RDI: ffffffff903dbb80
[   85.583055][ T5328] RBP: 1ffff11006abe1bc R08: 00000000000000c0 R09: 0000000000000000
[   85.586300][ T5328] R10: ffffc9000c33f9c0 R11: fffff52001867f44 R12: ffff888012dec100
[   85.589552][ T5328] R13: ffff8880355f0de0 R14: 0000000080000280 R15: ffff888034bf5e20
[   85.593010][ T5328]  ? usb_submit_urb+0x10a4/0x18b0
[   85.595285][ T5328]  ? __init_swait_queue_head+0xa9/0x150
[   85.597880][ T5328]  usb_start_wait_urb+0x13f/0x5b0
[   85.600571][ T5328]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   85.603069][ T5328]  usb_control_msg+0x234/0x3e0
[   85.605117][ T5328]  gl861_ctrl_msg+0x207/0x420
[   85.607195][ T5328]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   85.609466][ T5328]  ? rt_mutex_slowlock+0x1fd/0x780
[   85.611650][ T5328]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   85.613944][ T5328]  gl861_i2c_master_xfer+0x439/0x6a0
[   85.616204][ T5328]  __i2c_transfer+0x79a/0x1f70
[   85.618279][ T5328]  ? i2c_transfer+0xc8/0x2d0
[   85.620247][ T5328]  i2c_transfer+0x1cc/0x2d0
[   85.622173][ T5328]  i2cdev_ioctl_rdwr+0x460/0x740
[   85.624318][ T5328]  i2cdev_ioctl+0x6a5/0x880
[   85.626281][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.628305][ T5328]  ? __fget_files+0x3a0/0x420
[   85.630285][ T5328]  ? __fget_files+0x2a/0x420
[   85.632212][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.634171][ T5328]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.636262][ T5328]  __se_sys_ioctl+0xfc/0x170
[   85.638273][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.640814][ T5328]  do_syscall_64+0x174/0x580
[   85.642752][ T5328]  ? trace_irq_disable+0x3b/0x140
[   85.644843][ T5328]  ? clear_bhb_loop+0x40/0x90
[   85.646848][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.649560][ T5328] RIP: 0033:0x7f26e4b9ce59
[   85.651567][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.659929][ T5328] RSP: 002b:00007f26e5b1afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.663420][ T5328] RAX: ffffffffffffffda RBX: 00007f26e4e15fa0 RCX: 00007f26e4b9ce59
[   85.666793][ T5328] RDX: 0000200000000080 RSI: 0000000000000707 RDI: 0000000000000004
[   85.670193][ T5328] RBP: 00007f26e4c32d6f R08: 0000000000000000 R09: 0000000000000000
[   85.673383][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.676663][ T5328] R13: 00007f26e4e16038 R14: 00007f26e4e15fa0 R15: 00007ffe884ba1e8
[   85.680058][ T5328]  </TASK>
[   85.681807][ T5328] Kernel Offset: disabled
[   85.683664][ T5328] Rebooting in 86400 seconds..