program:
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x25, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x4, 0x0, 0x1}) (async)
read(r1, 0x0, 0x0) (async)
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000180)=0x1) (async, rerun: 32)
r2 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) (rerun: 32)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000080)={0x1, 0xf9, 0x0, &(0x7f00000017c0)={0x1, "4ec0191e5bb41b08c198884329f6dd0711762717c44bc7c901cc22a10010115d6d"}})

[   84.530554][   T45] Bluetooth: hci0: command tx timeout
[   84.849963][ T5312] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.000504][ T5312] usb 5-1: Using ep0 maxpacket: 16
[   85.017003][ T5312] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[   85.026890][ T5312] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.040277][ T5312] usb 5-1: Product: syz
[   85.042176][ T5312] usb 5-1: Manufacturer: syz
[   85.044247][ T5312] usb 5-1: SerialNumber: syz
[   85.283114][ T5312] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[   85.293646][ T5312] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   85.298370][ T5312] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[   85.305830][ T5312] usb 5-1: media controller created
[   85.325886][ T5312] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   85.552379][ T5320] ------------[ cut here ]------------
[   85.554906][ T5320] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   85.559257][ T5320] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5320
[   85.564054][ T5320] Modules linked in:
[   85.566146][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.570205][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.573635][ T5320] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   85.575728][ T5320] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   85.584505][ T5320] RSP: 0018:ffffc9000e04f608 EFLAGS: 00010246
[   85.587477][ T5320] RAX: 0000000000000000 RBX: ffff888038047700 RCX: 0000000080000280
[   85.591637][ T5320] RDX: ffff888011f09160 RSI: ffffffff8c7f3d00 RDI: ffffffff901f2c50
[   85.595120][ T5320] RBP: 1ffff110023e134c R08: 00000000000000c0 R09: 0000000000000000
[   85.599047][ T5320] R10: ffffc9000e04f700 R11: fffff52001c09eec R12: ffff888036813100
[   85.602877][ T5320] R13: ffff888011f09a60 R14: 0000000080000280 R15: ffff888011f09160
[   85.606428][ T5320] FS:  00007f18995126c0(0000) GS:ffff88808ca4c000(0000) knlGS:0000000000000000
[   85.613469][ T5320] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.616317][ T5320] CR2: 00002000000017c0 CR3: 000000004487a000 CR4: 0000000000352ef0
[   85.619571][ T5320] Call Trace:
[   85.621225][ T5320]  <TASK>
[   85.622743][ T5320]  ? __init_swait_queue_head+0xa9/0x150
[   85.625633][ T5320]  usb_start_wait_urb+0x13f/0x5b0
[   85.627934][ T5320]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   85.630641][ T5320]  usb_control_msg+0x234/0x3e0
[   85.633068][ T5320]  ? __lock_acquire+0x6b5/0x2cf0
[   85.635597][ T5320]  gl861_ctrl_msg+0x207/0x420
[   85.637919][ T5320]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   85.640580][ T5320]  gl861_i2c_master_xfer+0x439/0x6a0
[   85.643022][ T5320]  ? rcu_is_watching+0x15/0xb0
[   85.645495][ T5320]  __i2c_transfer+0x79a/0x2020
[   85.647788][ T5320]  __i2c_smbus_xfer+0xfca/0x1f70
[   85.650308][ T5320]  ? rt_mutex_slowlock+0x1fd/0x7b0
[   85.652785][ T5320]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   85.655420][ T5320]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   85.658692][ T5320]  ? rt_mutex_lock_nested+0x170/0x1e0
[   85.662074][ T5320]  ? do_vfs_ioctl+0x1166/0x1530
[   85.664240][ T5320]  i2c_smbus_xfer+0x1f4/0x310
[   85.666380][ T5320]  i2cdev_ioctl_smbus+0x1e7/0x730
[   85.669056][ T5320]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   85.672609][ T5320]  i2cdev_ioctl+0x615/0x880
[   85.675769][ T5320]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.678951][ T5320]  ? __fget_files+0x2a/0x420
[   85.681553][ T5320]  ? __fget_files+0x3a0/0x420
[   85.684731][ T5320]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.688059][ T5320]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.691314][ T5320]  __se_sys_ioctl+0xfc/0x170
[   85.694110][ T5320]  do_syscall_64+0x14d/0xf80
[   85.696386][ T5320]  ? trace_irq_disable+0x3b/0x150
[   85.698722][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.701429][ T5320]  ? clear_bhb_loop+0x40/0x90
[   85.703367][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.706305][ T5320] RIP: 0033:0x7f189859c819
[   85.708727][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.718110][ T5320] RSP: 002b:00007f1899511fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.722726][ T5320] RAX: ffffffffffffffda RBX: 00007f1898815fa0 RCX: 00007f189859c819
[   85.726112][ T5320] RDX: 0000200000000080 RSI: 0000000000000720 RDI: 0000000000000005
[   85.729147][ T5320] RBP: 00007f1898632c91 R08: 0000000000000000 R09: 0000000000000000
[   85.732528][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.736906][ T5320] R13: 00007f1898816038 R14: 00007f1898815fa0 R15: 00007ffda7307388
[   85.740833][ T5320]  </TASK>
[   85.742251][ T5320] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.745526][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.749732][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.754977][ T5320] Call Trace:
[   85.756667][ T5320]  <TASK>
[   85.758073][ T5320]  vpanic+0x56c/0xa60
[   85.760126][ T5320]  ? __pfx__printk+0x10/0x10
[   85.762322][ T5320]  ? __pfx_vpanic+0x10/0x10
[   85.764470][ T5320]  ? is_bpf_text_address+0x292/0x2b0
[   85.767268][ T5320]  ? is_bpf_text_address+0x26/0x2b0
[   85.769808][ T5320]  panic+0xc5/0xd0
[   85.771527][ T5320]  ? __pfx_panic+0x10/0x10
[   85.773321][ T5320]  __warn+0x315/0x4f0
[   85.775158][ T5320]  ? usb_submit_urb+0x1053/0x18b0
[   85.777577][ T5320]  ? usb_submit_urb+0x1053/0x18b0
[   85.780326][ T5320]  __report_bug+0x29a/0x540
[   85.782704][ T5320]  ? usb_submit_urb+0x1053/0x18b0
[   85.785125][ T5320]  ? __pfx___report_bug+0x10/0x10
[   85.787517][ T5320]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.789871][ T5320]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   85.792450][ T5320]  report_bug_entry+0x19a/0x290
[   85.794929][ T5320]  ? usb_submit_urb+0x1115/0x18b0
[   85.797503][ T5320]  ? usb_submit_urb+0x111a/0x18b0
[   85.800158][ T5320]  handle_bug+0xce/0x200
[   85.802252][ T5320]  exc_invalid_op+0x1a/0x50
[   85.804215][ T5320]  asm_exc_invalid_op+0x1a/0x20
[   85.806578][ T5320] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   85.809719][ T5320] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   85.818291][ T5320] RSP: 0018:ffffc9000e04f608 EFLAGS: 00010246
[   85.821645][ T5320] RAX: 0000000000000000 RBX: ffff888038047700 RCX: 0000000080000280
[   85.825993][ T5320] RDX: ffff888011f09160 RSI: ffffffff8c7f3d00 RDI: ffffffff901f2c50
[   85.829732][ T5320] RBP: 1ffff110023e134c R08: 00000000000000c0 R09: 0000000000000000
[   85.833348][ T5320] R10: ffffc9000e04f700 R11: fffff52001c09eec R12: ffff888036813100
[   85.837787][ T5320] R13: ffff888011f09a60 R14: 0000000080000280 R15: ffff888011f09160
[   85.841686][ T5320]  ? usb_submit_urb+0x10a4/0x18b0
[   85.843897][ T5320]  ? __init_swait_queue_head+0xa9/0x150
[   85.846233][ T5320]  usb_start_wait_urb+0x13f/0x5b0
[   85.848266][ T5320]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   85.851057][ T5320]  usb_control_msg+0x234/0x3e0
[   85.853337][ T5320]  ? __lock_acquire+0x6b5/0x2cf0
[   85.855507][ T5320]  gl861_ctrl_msg+0x207/0x420
[   85.858328][ T5320]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   85.860720][ T5320]  gl861_i2c_master_xfer+0x439/0x6a0
[   85.863368][ T5320]  ? rcu_is_watching+0x15/0xb0
[   85.865554][ T5320]  __i2c_transfer+0x79a/0x2020
[   85.867544][ T5320]  __i2c_smbus_xfer+0xfca/0x1f70
[   85.869601][ T5320]  ? rt_mutex_slowlock+0x1fd/0x7b0
[   85.871907][ T5320]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   85.874721][ T5320]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[   85.878018][ T5320]  ? rt_mutex_lock_nested+0x170/0x1e0
[   85.880997][ T5320]  ? do_vfs_ioctl+0x1166/0x1530
[   85.883390][ T5320]  i2c_smbus_xfer+0x1f4/0x310
[   85.885628][ T5320]  i2cdev_ioctl_smbus+0x1e7/0x730
[   85.888118][ T5320]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[   85.890577][ T5320]  i2cdev_ioctl+0x615/0x880
[   85.892583][ T5320]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.895071][ T5320]  ? __fget_files+0x2a/0x420
[   85.898050][ T5320]  ? __fget_files+0x3a0/0x420
[   85.900391][ T5320]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.902423][ T5320]  ? __pfx_i2cdev_ioctl+0x10/0x10
[   85.904558][ T5320]  __se_sys_ioctl+0xfc/0x170
[   85.906641][ T5320]  do_syscall_64+0x14d/0xf80
[   85.908704][ T5320]  ? trace_irq_disable+0x3b/0x150
[   85.911339][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.914821][ T5320]  ? clear_bhb_loop+0x40/0x90
[   85.917284][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.919973][ T5320] RIP: 0033:0x7f189859c819
[   85.921975][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.931501][ T5320] RSP: 002b:00007f1899511fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.935118][ T5320] RAX: ffffffffffffffda RBX: 00007f1898815fa0 RCX: 00007f189859c819
[   85.938768][ T5320] RDX: 0000200000000080 RSI: 0000000000000720 RDI: 0000000000000005
[   85.942564][ T5320] RBP: 00007f1898632c91 R08: 0000000000000000 R09: 0000000000000000
[   85.946947][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.950396][ T5320] R13: 00007f1898816038 R14: 00007f1898815fa0 R15: 00007ffda7307388
[   85.954059][ T5320]  </TASK>
[   85.956154][ T5320] Kernel Offset: disabled
[   85.958904][ T5320] Rebooting in 86400 seconds..