program:
r0 = io_uring_setup(0x3f0f, &(0x7f00000001c0)={0x0, 0xfdc9, 0x40})
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x48, 0x0, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_usb_disconnect(r1)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r2)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
ioctl$EVIOCRMFF(r2, 0x4004550d, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[   59.731037][ T5313] Bluetooth: hci0: command tx timeout
[   59.821673][ T5312] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   59.973981][ T5312] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   59.977383][ T5312] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   59.981965][ T5312] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   59.985258][ T5312] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[   59.989430][ T5312] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[   59.996995][ T5312] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   60.001473][ T5312] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   60.004376][ T5312] usb 5-1: Product: syz
[   60.005879][ T5312] usb 5-1: Manufacturer: syz
[   60.016195][ T5312] cdc_wdm 5-1:1.0: skipping garbage
[   60.018253][ T5312] cdc_wdm 5-1:1.0: skipping garbage
[   60.024643][ T5312] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[   60.026825][ T5312] cdc_wdm 5-1:1.0: Unknown control protocol
[   60.217414][ T5312] usb 5-1: USB disconnect, device number 2
[   60.869999][ T5312] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   61.022736][ T5312] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   61.026164][ T5312] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   61.030595][ T5312] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   61.034080][ T5312] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[   61.038362][ T5312] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[   61.045969][ T5312] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   61.049637][ T5312] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   61.053441][ T5312] usb 5-1: Product: syz
[   61.055082][ T5312] usb 5-1: Manufacturer: syz
[   61.062430][ T5312] cdc_wdm 5-1:1.0: skipping garbage
[   61.064724][ T5312] cdc_wdm 5-1:1.0: skipping garbage
[   61.067711][ T5312] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[   61.070827][ T5312] cdc_wdm 5-1:1.0: Unknown control protocol
[   61.614241][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.616476][    C0] cdc_wdm 5-1:1.0: Cannot schedule work
[   61.618919][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.621119][    C0] cdc_wdm 5-1:1.0: Cannot schedule work
[   61.623652][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.625786][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.627937][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.630214][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.632440][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.634591][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.636848][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.638993][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.641180][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.643344][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.645585][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.647809][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.650389][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.652641][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.654938][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.657164][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.659384][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.661714][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.663970][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.666114][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   61.673188][ T5321] ------------[ cut here ]------------
[   61.675400][ T5321] URB ffff88803663e000 submitted while active
[   61.678009][ T5321] WARNING: CPU: 0 PID: 5321 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1039/0x1930
[   61.683119][ T5321] Modules linked in:
[   61.684533][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: kworker/0:4 Not tainted 6.12.0-rc7-syzkaller-00012-g3022e9d00ebe #0
[   61.688276][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   61.692400][ T5321] Workqueue: events wdm_rxwork
[   61.694374][ T5321] RIP: 0010:usb_submit_urb+0x1039/0x1930
[   61.696808][ T5321] Code: 00 eb 66 e8 39 06 5c fa e9 79 f0 ff ff e8 2f 06 5c fa c6 05 cd ff cd 08 01 90 48 c7 c7 80 1e b1 8c 4c 89 ee e8 88 fc 1c fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 09 06 5c fa eb 12 e8 02 06 5c fa 41
[   61.704530][ T5321] RSP: 0018:ffffc9000d39fae8 EFLAGS: 00010246
[   61.707020][ T5321] RAX: 0f5518250652cf00 RBX: 0000000000000cc0 RCX: ffff88801f8ac880
[   61.709916][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   61.712732][ T5321] RBP: ffff88803663e008 R08: ffffffff8155d312 R09: fffffbfff1cf9fd0
[   61.715602][ T5321] R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: 1ffff11009db4b12
[   61.718610][ T5321] R13: ffff88803663e000 R14: dffffc0000000000 R15: ffff88804eda5828
[   61.721610][ T5321] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   61.724699][ T5321] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   61.727057][ T5321] CR2: 00007f6b18d16f98 CR3: 000000001e0b0000 CR4: 0000000000352ef0
[   61.730672][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   61.733531][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   61.736344][ T5321] Call Trace:
[   61.737528][ T5321]  <TASK>
[   61.738680][ T5321]  ? __warn+0x168/0x4e0
[   61.740260][ T5321]  ? usb_submit_urb+0x1039/0x1930
[   61.742104][ T5321]  ? report_bug+0x2b3/0x500
[   61.743802][ T5321]  ? usb_submit_urb+0x1039/0x1930
[   61.745634][ T5321]  ? handle_bug+0x60/0x90
[   61.747368][ T5321]  ? exc_invalid_op+0x1a/0x50
[   61.749246][ T5321]  ? asm_exc_invalid_op+0x1a/0x20
[   61.751347][ T5321]  ? __warn_printk+0x292/0x360
[   61.753059][ T5321]  ? usb_submit_urb+0x1039/0x1930
[   61.754972][ T5321]  ? usb_submit_urb+0x1038/0x1930
[   61.756922][ T5321]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   61.759240][ T5321]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.761673][ T5321]  wdm_rxwork+0x116/0x1f0
[   61.763360][ T5321]  ? process_scheduled_works+0x976/0x1850
[   61.765479][ T5321]  process_scheduled_works+0xa63/0x1850
[   61.767594][ T5321]  ? __pfx_process_scheduled_works+0x10/0x10
[   61.769898][ T5321]  ? assign_work+0x364/0x3d0
[   61.771582][ T5321]  worker_thread+0x870/0xd30
[   61.773174][ T5321]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.775313][ T5321]  ? __kthread_parkme+0x169/0x1d0
[   61.777235][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   61.779182][ T5321]  kthread+0x2f0/0x390
[   61.780745][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   61.782755][ T5321]  ? __pfx_kthread+0x10/0x10
[   61.784605][ T5321]  ret_from_fork+0x4b/0x80
[   61.786380][ T5321]  ? __pfx_kthread+0x10/0x10
[   61.788202][ T5321]  ret_from_fork_asm+0x1a/0x30
[   61.789947][ T5321]  </TASK>
[   61.791148][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   61.793703][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: kworker/0:4 Not tainted 6.12.0-rc7-syzkaller-00012-g3022e9d00ebe #0
[   61.797452][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   61.801631][ T5321] Workqueue: events wdm_rxwork
[   61.803352][ T5321] Call Trace:
[   61.804559][ T5321]  <TASK>
[   61.805609][ T5321]  dump_stack_lvl+0x241/0x360
[   61.807220][ T5321]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.809019][ T5321]  ? __pfx__printk+0x10/0x10
[   61.810794][ T5321]  ? vscnprintf+0x5d/0x90
[   61.812385][ T5321]  panic+0x349/0x880
[   61.813763][ T5321]  ? __warn+0x177/0x4e0
[   61.815250][ T5321]  ? __pfx_panic+0x10/0x10
[   61.816825][ T5321]  ? ret_from_fork_asm+0x1a/0x30
[   61.818576][ T5321]  __warn+0x34b/0x4e0
[   61.820017][ T5321]  ? usb_submit_urb+0x1039/0x1930
[   61.821971][ T5321]  report_bug+0x2b3/0x500
[   61.823488][ T5321]  ? usb_submit_urb+0x1039/0x1930
[   61.825265][ T5321]  handle_bug+0x60/0x90
[   61.826727][ T5321]  exc_invalid_op+0x1a/0x50
[   61.828339][ T5321]  asm_exc_invalid_op+0x1a/0x20
[   61.830066][ T5321] RIP: 0010:usb_submit_urb+0x1039/0x1930
[   61.832151][ T5321] Code: 00 eb 66 e8 39 06 5c fa e9 79 f0 ff ff e8 2f 06 5c fa c6 05 cd ff cd 08 01 90 48 c7 c7 80 1e b1 8c 4c 89 ee e8 88 fc 1c fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 09 06 5c fa eb 12 e8 02 06 5c fa 41
[   61.839053][ T5321] RSP: 0018:ffffc9000d39fae8 EFLAGS: 00010246
[   61.841389][ T5321] RAX: 0f5518250652cf00 RBX: 0000000000000cc0 RCX: ffff88801f8ac880
[   61.844330][ T5321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   61.847398][ T5321] RBP: ffff88803663e008 R08: ffffffff8155d312 R09: fffffbfff1cf9fd0
[   61.850188][ T5321] R10: dffffc0000000000 R11: fffffbfff1cf9fd0 R12: 1ffff11009db4b12
[   61.852720][ T5321] R13: ffff88803663e000 R14: dffffc0000000000 R15: ffff88804eda5828
[   61.855485][ T5321]  ? __warn_printk+0x292/0x360
[   61.857228][ T5321]  ? usb_submit_urb+0x1038/0x1930
[   61.858916][ T5321]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   61.861219][ T5321]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   61.863498][ T5321]  wdm_rxwork+0x116/0x1f0
[   61.865117][ T5321]  ? process_scheduled_works+0x976/0x1850
[   61.867063][ T5321]  process_scheduled_works+0xa63/0x1850
[   61.869001][ T5321]  ? __pfx_process_scheduled_works+0x10/0x10
[   61.871088][ T5321]  ? assign_work+0x364/0x3d0
[   61.872842][ T5321]  worker_thread+0x870/0xd30
[   61.874553][ T5321]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   61.876695][ T5321]  ? __kthread_parkme+0x169/0x1d0
[   61.878474][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   61.880298][ T5321]  kthread+0x2f0/0x390
[   61.881817][ T5321]  ? __pfx_worker_thread+0x10/0x10
[   61.883683][ T5321]  ? __pfx_kthread+0x10/0x10
[   61.885302][ T5321]  ret_from_fork+0x4b/0x80
[   61.886892][ T5321]  ? __pfx_kthread+0x10/0x10
[   61.888539][ T5321]  ret_from_fork_asm+0x1a/0x30
[   61.890342][ T5321]  </TASK>
[   61.891789][ T5321] Kernel Offset: disabled
[   61.893404][ T5321] Rebooting in 86400 seconds..