program:
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000)
read(r1, 0x0, 0x0)

00: failed command: WRITE FPDMA QUEUED
[   84.208177][ T4669] Bluetooth: hci0: command tx timeout
[   84.350108][ T1018] ata1.00: cmd 61/e0:00:fe:08:08/04:00:00:00:00/40 tag 0 ncq dma 638976 out
[   84.350108][ T1018]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   84.361258][ T1018] ata1.00: status: { DRDY }
[   84.364639][ T1018] ata1.00: failed command: WRITE FPDMA QUEUED
[   84.367496][ T1018] ata1.00: cmd 61/c8:f0:36:01:08/07:00:00:00:00/40 tag 30 ncq dma 1019904 ou
[   84.367496][ T1018]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   84.375361][ T1018] ata1.00: status: { DRDY }
[   84.378466][ T1018] ata1.00: configured for UDMA/100
[   84.381938][ T1018] ata1: EH complete
[   84.605316][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   84.754142][   T10] usb 5-1: Using ep0 maxpacket: 16
[   84.762246][   T10] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[   84.766982][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.770682][   T10] usb 5-1: Product: syz
[   84.772367][   T10] usb 5-1: Manufacturer: syz
[   84.774651][   T10] usb 5-1: SerialNumber: syz
[   85.005933][   T10] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[   85.026603][   T10] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   85.031131][   T10] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[   85.036345][   T10] usb 5-1: media controller created
[   85.048845][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   85.287737][ T5325] ------------[ cut here ]------------
[   85.290828][ T5325] usb 5-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0
[   85.294674][ T5325] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1053/0x18b0, CPU#0: syz.0.0/5325
[   85.299255][ T5325] Modules linked in:
[   85.301873][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.305369][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.309892][ T5325] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   85.312571][ T5325] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   85.320373][ T5325] RSP: 0018:ffffc9000e28f708 EFLAGS: 00010246
[   85.323141][ T5325] RAX: 0000000000000000 RBX: ffff8880348d9b00 RCX: 0000000080000280
[   85.327458][ T5325] RDX: ffff888037858880 RSI: ffffffff8c808260 RDI: ffffffff90407970
[   85.331665][ T5325] RBP: 1ffff1100884f3c4 R08: 00000000000000c0 R09: 0000000000000000
[   85.335281][ T5325] R10: ffffc9000e28f800 R11: fffff52001c51f0c R12: ffff888012740100
[   85.338774][ T5325] R13: ffff888044279e20 R14: 0000000080000280 R15: ffff888037858880
[   85.342319][ T5325] FS:  00007f51445dc6c0(0000) GS:ffff88808c826000(0000) knlGS:0000000000000000
[   85.346420][ T5325] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.349623][ T5325] CR2: 000056026f144880 CR3: 000000003c0c1000 CR4: 0000000000352ef0
[   85.353934][ T5325] Call Trace:
[   85.356106][ T5325]  <TASK>
[   85.357805][ T5325]  ? __init_swait_queue_head+0xa9/0x150
[   85.360810][ T5325]  usb_start_wait_urb+0x13f/0x5b0
[   85.363501][ T5325]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   85.366316][ T5325]  usb_control_msg+0x234/0x3e0
[   85.368535][ T5325]  gl861_ctrl_msg+0x207/0x420
[   85.370676][ T5325]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.373374][ T5325]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   85.375803][ T5325]  ? rt_mutex_slowlock+0x1fd/0x780
[   85.378019][ T5325]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   85.380452][ T5325]  ? aa_file_perm+0x50e/0x15e0
[   85.382769][ T5325]  gl861_i2c_master_xfer+0x439/0x6a0
[   85.385893][ T5325]  __i2c_transfer+0x79a/0x1f70
[   85.388389][ T5325]  ? i2c_transfer+0xc8/0x2d0
[   85.390424][ T5325]  i2c_transfer+0x1cc/0x2d0
[   85.392446][ T5325]  i2c_transfer_buffer_flags+0x10d/0x1a0
[   85.395224][ T5325]  ? __lock_acquire+0x6b5/0x2cf0
[   85.397460][ T5325]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[   85.400252][ T5325]  ? i2cdev_read+0xe8/0x250
[   85.402414][ T5325]  i2cdev_read+0x10d/0x250
[   85.405514][ T5325]  ? __pfx_i2cdev_read+0x10/0x10
[   85.407807][ T5325]  vfs_read+0x20c/0xa70
[   85.409690][ T5325]  ? __pfx_vfs_read+0x10/0x10
[   85.411726][ T5325]  ? __fget_files+0x2a/0x420
[   85.413639][ T5325]  ? __fget_files+0x2a/0x420
[   85.415592][ T5325]  ? __fget_files+0x3a0/0x420
[   85.417616][ T5325]  ? __fget_files+0x2a/0x420
[   85.419673][ T5325]  ksys_read+0x150/0x270
[   85.421519][ T5325]  ? __pfx_ksys_read+0x10/0x10
[   85.423709][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.426557][ T5325]  do_syscall_64+0x15f/0xf80
[   85.428613][ T5325]  ? clear_bhb_loop+0x40/0x90
[   85.430630][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.433108][ T5325] RIP: 0033:0x7f514379c819
[   85.435759][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.444451][ T5325] RSP: 002b:00007f51445dbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   85.447716][ T5325] RAX: ffffffffffffffda RBX: 00007f5143a15fa0 RCX: 00007f514379c819
[   85.450773][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   85.453880][ T5325] RBP: 00007f5143832c91 R08: 0000000000000000 R09: 0000000000000000
[   85.457171][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.460549][ T5325] R13: 00007f5143a16038 R14: 00007f5143a15fa0 R15: 00007ffc8e8d9828
[   85.464053][ T5325]  </TASK>
[   85.465308][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.468239][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.471743][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.475751][ T5325] Call Trace:
[   85.477196][ T5325]  <TASK>
[   85.478590][ T5325]  vpanic+0x56c/0xa60
[   85.480559][ T5325]  ? __pfx__printk+0x10/0x10
[   85.482637][ T5325]  ? __pfx_vpanic+0x10/0x10
[   85.484609][ T5325]  ? is_bpf_text_address+0x292/0x2b0
[   85.486897][ T5325]  ? is_bpf_text_address+0x26/0x2b0
[   85.489509][ T5325]  panic+0xc5/0xd0
[   85.491595][ T5325]  ? __pfx_panic+0x10/0x10
[   85.493834][ T5325]  __warn+0x315/0x4c0
[   85.495699][ T5325]  ? usb_submit_urb+0x1053/0x18b0
[   85.497976][ T5325]  ? usb_submit_urb+0x1053/0x18b0
[   85.500125][ T5325]  __report_bug+0x29a/0x540
[   85.501953][ T5325]  ? usb_submit_urb+0x1053/0x18b0
[   85.504130][ T5325]  ? __pfx___report_bug+0x10/0x10
[   85.506394][ T5325]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.508751][ T5325]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   85.511477][ T5325]  report_bug_entry+0x19a/0x290
[   85.513706][ T5325]  ? usb_submit_urb+0x1115/0x18b0
[   85.516197][ T5325]  ? usb_submit_urb+0x111a/0x18b0
[   85.518551][ T5325]  handle_bug+0xce/0x200
[   85.520500][ T5325]  exc_invalid_op+0x1a/0x50
[   85.522432][ T5325]  asm_exc_invalid_op+0x1a/0x20
[   85.524431][ T5325] RIP: 0010:usb_submit_urb+0x1115/0x18b0
[   85.526795][ T5325] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c1 f2 ff ff 89 e9
[   85.535170][ T5325] RSP: 0018:ffffc9000e28f708 EFLAGS: 00010246
[   85.537898][ T5325] RAX: 0000000000000000 RBX: ffff8880348d9b00 RCX: 0000000080000280
[   85.541258][ T5325] RDX: ffff888037858880 RSI: ffffffff8c808260 RDI: ffffffff90407970
[   85.544852][ T5325] RBP: 1ffff1100884f3c4 R08: 00000000000000c0 R09: 0000000000000000
[   85.548113][ T5325] R10: ffffc9000e28f800 R11: fffff52001c51f0c R12: ffff888012740100
[   85.551570][ T5325] R13: ffff888044279e20 R14: 0000000080000280 R15: ffff888037858880
[   85.554969][ T5325]  ? usb_submit_urb+0x10a4/0x18b0
[   85.557314][ T5325]  ? __init_swait_queue_head+0xa9/0x150
[   85.559896][ T5325]  usb_start_wait_urb+0x13f/0x5b0
[   85.562211][ T5325]  ? __pfx_usb_start_wait_urb+0x10/0x10
[   85.564853][ T5325]  usb_control_msg+0x234/0x3e0
[   85.567151][ T5325]  gl861_ctrl_msg+0x207/0x420
[   85.569077][ T5325]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.571262][ T5325]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[   85.573481][ T5325]  ? rt_mutex_slowlock+0x1fd/0x780
[   85.575750][ T5325]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[   85.578202][ T5325]  ? aa_file_perm+0x50e/0x15e0
[   85.580319][ T5325]  gl861_i2c_master_xfer+0x439/0x6a0
[   85.582563][ T5325]  __i2c_transfer+0x79a/0x1f70
[   85.584550][ T5325]  ? i2c_transfer+0xc8/0x2d0
[   85.586523][ T5325]  i2c_transfer+0x1cc/0x2d0
[   85.588535][ T5325]  i2c_transfer_buffer_flags+0x10d/0x1a0
[   85.590993][ T5325]  ? __lock_acquire+0x6b5/0x2cf0
[   85.593115][ T5325]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[   85.595872][ T5325]  ? i2cdev_read+0xe8/0x250
[   85.597945][ T5325]  i2cdev_read+0x10d/0x250
[   85.599948][ T5325]  ? __pfx_i2cdev_read+0x10/0x10
[   85.602171][ T5325]  vfs_read+0x20c/0xa70
[   85.604099][ T5325]  ? __pfx_vfs_read+0x10/0x10
[   85.606267][ T5325]  ? __fget_files+0x2a/0x420
[   85.608279][ T5325]  ? __fget_files+0x2a/0x420
[   85.610328][ T5325]  ? __fget_files+0x3a0/0x420
[   85.612186][ T5325]  ? __fget_files+0x2a/0x420
[   85.614315][ T5325]  ksys_read+0x150/0x270
[   85.616263][ T5325]  ? __pfx_ksys_read+0x10/0x10
[   85.618437][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.621036][ T5325]  do_syscall_64+0x15f/0xf80
[   85.623076][ T5325]  ? clear_bhb_loop+0x40/0x90
[   85.624947][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.627432][ T5325] RIP: 0033:0x7f514379c819
[   85.629374][ T5325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.637782][ T5325] RSP: 002b:00007f51445dbfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   85.641637][ T5325] RAX: ffffffffffffffda RBX: 00007f5143a15fa0 RCX: 00007f514379c819
[   85.645032][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   85.648466][ T5325] RBP: 00007f5143832c91 R08: 0000000000000000 R09: 0000000000000000
[   85.651929][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.655675][ T5325] R13: 00007f5143a16038 R14: 00007f5143a15fa0 R15: 00007ffc8e8d9828
[   85.659492][ T5325]  </TASK>
[   85.661206][ T5325] Kernel Offset: disabled
[   85.663073][ T5325] Rebooting in 86400 seconds..