program:
syz_open_dev$tty20(0xc, 0x4, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000002c80)={{0x12, 0x1, 0x0, 0x41, 0x7, 0xf5, 0x40, 0xcf3, 0x9375, 0x1a9e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbe, 0xe4, 0xf9}}]}}]}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000700)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="00000c000000fa0fffffffffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000100)={0x20, 0xfb552330ac1ba51c}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
chdir(0x0)
creat(0x0, 0x0)

[   69.047169][ T5314] Bluetooth: hci0: command tx timeout
[   69.368482][ T5326] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   69.523397][ T5326] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[   69.526845][ T5326] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.539796][ T5326] usb 5-1: config 0 descriptor??
[   70.146911][ T5326] ------------[ cut here ]------------
[   70.149598][ T5326] WARNING: CPU: 0 PID: 5326 at drivers/net/wireless/ath/ath6kl/bmi.c:90 ath6kl_bmi_get_target_info+0x44a/0x590
[   70.154241][ T5326] Modules linked in:
[   70.155801][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: kworker/0:5 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0
[   70.159963][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.163572][ T5326] Workqueue: usb_hub_wq hub_event
[   70.165320][ T5326] RIP: 0010:ath6kl_bmi_get_target_info+0x44a/0x590
[   70.167489][ T5326] Code: 04 30 84 c0 0f 85 3a 01 00 00 48 8b 44 24 08 8b 30 48 c7 c7 c0 13 a5 8c 89 da e8 a1 1b fe ff e9 04 fe ff ff e8 d7 d9 be fa 90 <0f> 0b 90 bb ea ff ff ff e9 f1 fd ff ff e8 c4 d9 be fa 31 db e9 e5
[   70.174122][ T5326] RSP: 0018:ffffc9000d206b60 EFLAGS: 00010293
[   70.176450][ T5326] RAX: ffffffff86d61039 RBX: 0000000000000000 RCX: ffff88801eb4a440
[   70.179527][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000c
[   70.182495][ T5326] RBP: ffffc9000d206c30 R08: ffffffff86d60f90 R09: 1ffffffff285a10f
[   70.185491][ T5326] R10: dffffc0000000000 R11: fffffbfff285a110 R12: ffffc9000d206ce4
[   70.188587][ T5326] R13: ffff888050010e40 R14: dffffc0000000000 R15: 1ffff92001a40d74
[   70.191564][ T5326] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   70.194968][ T5326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.197443][ T5326] CR2: 0000000020000700 CR3: 0000000042db4000 CR4: 0000000000352ef0
[   70.200637][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.203752][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.206740][ T5326] Call Trace:
[   70.207941][ T5326]  <TASK>
[   70.209176][ T5326]  ? __warn+0x168/0x4e0
[   70.210724][ T5326]  ? ath6kl_bmi_get_target_info+0x44a/0x590
[   70.212590][ T5326]  ? report_bug+0x2b3/0x500
[   70.214261][ T5326]  ? ath6kl_bmi_get_target_info+0x44a/0x590
[   70.216302][ T5326]  ? handle_bug+0x60/0x90
[   70.217803][ T5326]  ? exc_invalid_op+0x1a/0x50
[   70.219573][ T5326]  ? asm_exc_invalid_op+0x1a/0x20
[   70.221364][ T5326]  ? ath6kl_bmi_get_target_info+0x3a0/0x590
[   70.223303][ T5326]  ? ath6kl_bmi_get_target_info+0x449/0x590
[   70.225332][ T5326]  ? ath6kl_bmi_get_target_info+0x44a/0x590
[   70.227533][ T5326]  ? __pfx_ath6kl_bmi_get_target_info+0x10/0x10
[   70.230091][ T5326]  ? ath6kl_bmi_init+0x6d/0xf0
[   70.231833][ T5326]  ? __kmalloc_noprof+0x21a/0x400
[   70.233778][ T5326]  ath6kl_core_init+0x1eb/0x1140
[   70.235737][ T5326]  ? __pfx_lockdep_init_map_type+0x10/0x10
[   70.238323][ T5326]  ? __kasan_kmalloc+0x98/0xb0
[   70.240302][ T5326]  ? __pfx_ath6kl_core_init+0x10/0x10
[   70.242933][ T5326]  ? ath6kl_core_create+0x7d8/0x950
[   70.245449][ T5326]  ath6kl_usb_probe+0x129b/0x1390
[   70.247703][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   70.250403][ T5326]  ? usb_disable_lpm+0x77/0x380
[   70.252234][ T5326]  usb_probe_interface+0x645/0xbb0
[   70.254242][ T5326]  ? __pfx_usb_probe_interface+0x10/0x10
[   70.256314][ T5326]  really_probe+0x2b8/0xad0
[   70.258038][ T5326]  __driver_probe_device+0x1a2/0x390
[   70.260210][ T5326]  driver_probe_device+0x50/0x430
[   70.262134][ T5326]  __device_attach_driver+0x2d6/0x530
[   70.264500][ T5326]  bus_for_each_drv+0x24e/0x2e0
[   70.266803][ T5326]  ? __pfx___device_attach_driver+0x10/0x10
[   70.269649][ T5326]  ? __pfx_bus_for_each_drv+0x10/0x10
[   70.271706][ T5326]  __device_attach+0x333/0x520
[   70.273584][ T5326]  ? __pfx_lock_release+0x10/0x10
[   70.275468][ T5326]  ? __pfx___device_attach+0x10/0x10
[   70.277514][ T5326]  ? do_raw_spin_unlock+0x58/0x8b0
[   70.279620][ T5326]  bus_probe_device+0x189/0x260
[   70.281532][ T5326]  device_add+0x856/0xbf0
[   70.283197][ T5326]  usb_set_configuration+0x1976/0x1fb0
[   70.285219][ T5326]  usb_generic_driver_probe+0x88/0x140
[   70.287443][ T5326]  usb_probe_device+0x1b8/0x380
[   70.289477][ T5326]  ? __pfx_usb_probe_device+0x10/0x10
[   70.291529][ T5326]  really_probe+0x2b8/0xad0
[   70.293271][ T5326]  __driver_probe_device+0x1a2/0x390
[   70.295579][ T5326]  driver_probe_device+0x50/0x430
[   70.297422][ T5326]  __device_attach_driver+0x2d6/0x530
[   70.299567][ T5326]  bus_for_each_drv+0x24e/0x2e0
[   70.301435][ T5326]  ? __pfx___device_attach_driver+0x10/0x10
[   70.303654][ T5326]  ? __pfx_bus_for_each_drv+0x10/0x10
[   70.305665][ T5326]  __device_attach+0x333/0x520
[   70.307484][ T5326]  ? __pfx___device_attach+0x10/0x10
[   70.309521][ T5326]  bus_probe_device+0x189/0x260
[   70.311569][ T5326]  device_add+0x856/0xbf0
[   70.313262][ T5326]  usb_new_device+0x104a/0x19a0
[   70.315122][ T5326]  ? __pfx_usb_new_device+0x10/0x10
[   70.317079][ T5326]  ? _raw_spin_unlock_irq+0x23/0x50
[   70.319139][ T5326]  ? lockdep_hardirqs_on+0x99/0x150
[   70.321038][ T5326]  hub_event+0x2d6d/0x5150
[   70.322753][ T5326]  ? __pfx_hub_event+0x10/0x10
[   70.324667][ T5326]  ? __pfx_lock_acquire+0x10/0x10
[   70.326782][ T5326]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   70.329505][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   70.331995][ T5326]  ? process_scheduled_works+0x976/0x1850
[   70.334178][ T5326]  process_scheduled_works+0xa63/0x1850
[   70.336364][ T5326]  ? __pfx_process_scheduled_works+0x10/0x10
[   70.338913][ T5326]  ? assign_work+0x364/0x3d0
[   70.340955][ T5326]  worker_thread+0x870/0xd30
[   70.342846][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   70.345457][ T5326]  ? __kthread_parkme+0x169/0x1d0
[   70.347765][ T5326]  ? __pfx_worker_thread+0x10/0x10
[   70.349970][ T5326]  kthread+0x2f0/0x390
[   70.351522][ T5326]  ? __pfx_worker_thread+0x10/0x10
[   70.353544][ T5326]  ? __pfx_kthread+0x10/0x10
[   70.355324][ T5326]  ret_from_fork+0x4b/0x80
[   70.357027][ T5326]  ? __pfx_kthread+0x10/0x10
[   70.358977][ T5326]  ret_from_fork_asm+0x1a/0x30
[   70.360864][ T5326]  </TASK>
[   70.362306][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   70.365055][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: kworker/0:5 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0
[   70.369069][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.373044][ T5326] Workqueue: usb_hub_wq hub_event
[   70.375008][ T5326] Call Trace:
[   70.376303][ T5326]  <TASK>
[   70.377585][ T5326]  dump_stack_lvl+0x241/0x360
[   70.379420][ T5326]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.381413][ T5326]  ? __pfx__printk+0x10/0x10
[   70.383252][ T5326]  ? vscnprintf+0x5d/0x90
[   70.384935][ T5326]  panic+0x349/0x880
[   70.386429][ T5326]  ? __warn+0x177/0x4e0
[   70.388032][ T5326]  ? __pfx_panic+0x10/0x10
[   70.389684][ T5326]  ? ret_from_fork_asm+0x1a/0x30
[   70.391566][ T5326]  __warn+0x34b/0x4e0
[   70.393112][ T5326]  ? ath6kl_bmi_get_target_info+0x44a/0x590
[   70.395434][ T5326]  report_bug+0x2b3/0x500
[   70.397030][ T5326]  ? ath6kl_bmi_get_target_info+0x44a/0x590
[   70.399238][ T5326]  handle_bug+0x60/0x90
[   70.400695][ T5326]  exc_invalid_op+0x1a/0x50
[   70.402414][ T5326]  asm_exc_invalid_op+0x1a/0x20
[   70.404289][ T5326] RIP: 0010:ath6kl_bmi_get_target_info+0x44a/0x590
[   70.406804][ T5326] Code: 04 30 84 c0 0f 85 3a 01 00 00 48 8b 44 24 08 8b 30 48 c7 c7 c0 13 a5 8c 89 da e8 a1 1b fe ff e9 04 fe ff ff e8 d7 d9 be fa 90 <0f> 0b 90 bb ea ff ff ff e9 f1 fd ff ff e8 c4 d9 be fa 31 db e9 e5
[   70.414024][ T5326] RSP: 0018:ffffc9000d206b60 EFLAGS: 00010293
[   70.416372][ T5326] RAX: ffffffff86d61039 RBX: 0000000000000000 RCX: ffff88801eb4a440
[   70.419359][ T5326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000c
[   70.422360][ T5326] RBP: ffffc9000d206c30 R08: ffffffff86d60f90 R09: 1ffffffff285a10f
[   70.425326][ T5326] R10: dffffc0000000000 R11: fffffbfff285a110 R12: ffffc9000d206ce4
[   70.428017][ T5326] R13: ffff888050010e40 R14: dffffc0000000000 R15: 1ffff92001a40d74
[   70.430741][ T5326]  ? ath6kl_bmi_get_target_info+0x3a0/0x590
[   70.432848][ T5326]  ? ath6kl_bmi_get_target_info+0x449/0x590
[   70.434889][ T5326]  ? __pfx_ath6kl_bmi_get_target_info+0x10/0x10
[   70.436918][ T5326]  ? ath6kl_bmi_init+0x6d/0xf0
[   70.438621][ T5326]  ? __kmalloc_noprof+0x21a/0x400
[   70.440393][ T5326]  ath6kl_core_init+0x1eb/0x1140
[   70.442159][ T5326]  ? __pfx_lockdep_init_map_type+0x10/0x10
[   70.444361][ T5326]  ? __kasan_kmalloc+0x98/0xb0
[   70.446251][ T5326]  ? __pfx_ath6kl_core_init+0x10/0x10
[   70.448343][ T5326]  ? ath6kl_core_create+0x7d8/0x950
[   70.450410][ T5326]  ath6kl_usb_probe+0x129b/0x1390
[   70.452354][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   70.454631][ T5326]  ? usb_disable_lpm+0x77/0x380
[   70.456617][ T5326]  usb_probe_interface+0x645/0xbb0
[   70.458715][ T5326]  ? __pfx_usb_probe_interface+0x10/0x10
[   70.460883][ T5326]  really_probe+0x2b8/0xad0
[   70.462590][ T5326]  __driver_probe_device+0x1a2/0x390
[   70.464588][ T5326]  driver_probe_device+0x50/0x430
[   70.466532][ T5326]  __device_attach_driver+0x2d6/0x530
[   70.468600][ T5326]  bus_for_each_drv+0x24e/0x2e0
[   70.470489][ T5326]  ? __pfx___device_attach_driver+0x10/0x10
[   70.472702][ T5326]  ? __pfx_bus_for_each_drv+0x10/0x10
[   70.474743][ T5326]  __device_attach+0x333/0x520
[   70.476577][ T5326]  ? __pfx_lock_release+0x10/0x10
[   70.478615][ T5326]  ? __pfx___device_attach+0x10/0x10
[   70.481005][ T5326]  ? do_raw_spin_unlock+0x58/0x8b0
[   70.483030][ T5326]  bus_probe_device+0x189/0x260
[   70.484907][ T5326]  device_add+0x856/0xbf0
[   70.486593][ T5326]  usb_set_configuration+0x1976/0x1fb0
[   70.488688][ T5326]  usb_generic_driver_probe+0x88/0x140
[   70.490750][ T5326]  usb_probe_device+0x1b8/0x380
[   70.492579][ T5326]  ? __pfx_usb_probe_device+0x10/0x10
[   70.494710][ T5326]  really_probe+0x2b8/0xad0
[   70.496515][ T5326]  __driver_probe_device+0x1a2/0x390
[   70.498597][ T5326]  driver_probe_device+0x50/0x430
[   70.500598][ T5326]  __device_attach_driver+0x2d6/0x530
[   70.502689][ T5326]  bus_for_each_drv+0x24e/0x2e0
[   70.504521][ T5326]  ? __pfx___device_attach_driver+0x10/0x10
[   70.506815][ T5326]  ? __pfx_bus_for_each_drv+0x10/0x10
[   70.508886][ T5326]  __device_attach+0x333/0x520
[   70.510743][ T5326]  ? __pfx___device_attach+0x10/0x10
[   70.512760][ T5326]  bus_probe_device+0x189/0x260
[   70.514660][ T5326]  device_add+0x856/0xbf0
[   70.516138][ T5326]  usb_new_device+0x104a/0x19a0
[   70.517874][ T5326]  ? __pfx_usb_new_device+0x10/0x10
[   70.519667][ T5326]  ? _raw_spin_unlock_irq+0x23/0x50
[   70.521496][ T5326]  ? lockdep_hardirqs_on+0x99/0x150
[   70.523334][ T5326]  hub_event+0x2d6d/0x5150
[   70.525102][ T5326]  ? __pfx_hub_event+0x10/0x10
[   70.526852][ T5326]  ? __pfx_lock_acquire+0x10/0x10
[   70.528653][ T5326]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   70.530902][ T5326]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   70.533366][ T5326]  ? process_scheduled_works+0x976/0x1850
[   70.535567][ T5326]  process_scheduled_works+0xa63/0x1850
[   70.537718][ T5326]  ? __pfx_process_scheduled_works+0x10/0x10
[   70.540119][ T5326]  ? assign_work+0x364/0x3d0
[   70.541962][ T5326]  worker_thread+0x870/0xd30
[   70.543700][ T5326]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   70.545926][ T5326]  ? __kthread_parkme+0x169/0x1d0
[   70.547829][ T5326]  ? __pfx_worker_thread+0x10/0x10
[   70.549749][ T5326]  kthread+0x2f0/0x390
[   70.551247][ T5326]  ? __pfx_worker_thread+0x10/0x10
[   70.553199][ T5326]  ? __pfx_kthread+0x10/0x10
[   70.555061][ T5326]  ret_from_fork+0x4b/0x80
[   70.556777][ T5326]  ? __pfx_kthread+0x10/0x10
[   70.558649][ T5326]  ret_from_fork_asm+0x1a/0x30
[   70.560341][ T5326]  </TASK>
[   70.561700][ T5326] Kernel Offset: disabled
[   70.563258][ T5326] Rebooting in 86400 seconds..