program:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xa8c, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x4, 0x19ef, 0x3, 0x6, 0x27fd, 0x2800, 0x440, 0xfff, 0xd, 0x3, {0x8, 0xffffffff}, 0xcd, 0x7}})
ioctl$EVIOCRMFF(r1, 0x4004550d, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000240)={0x20, 0x3, 0x2c, "0b2ec7ba0f20489480606e1d8168786a04477adf9e94239bcac390642b477ce5dfd6406c24ba7cfffbc4c0df"}, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/42, 0x2a}], 0x1, 0x2, 0x0)

[   69.718578][ T4670] Bluetooth: hci0: command tx timeout
[   70.065851][ T5318] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   70.219946][ T5318] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   70.223221][ T5318] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   70.227922][ T5318] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   70.231154][ T5318] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[   70.235042][ T5318] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[   70.241383][ T5318] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   70.244576][ T5318] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   70.248640][ T5318] usb 5-1: Product: syz
[   70.250328][ T5318] usb 5-1: Manufacturer: syz
[   70.262190][ T5318] cdc_wdm 5-1:1.0: skipping garbage
[   70.264033][ T5318] cdc_wdm 5-1:1.0: skipping garbage
[   70.271053][ T5318] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[   70.273206][ T5318] cdc_wdm 5-1:1.0: Unknown control protocol
[   70.468088][ T5318] usb 5-1: USB disconnect, device number 2
[   71.108282][ T5318] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   71.257788][ T5318] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   71.261056][ T5318] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   71.264701][ T5318] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   71.269867][ T5318] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[   71.274064][ T5318] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[   71.280562][ T5318] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   71.283979][ T5318] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   71.287978][ T5318] usb 5-1: Product: syz
[   71.289533][ T5318] usb 5-1: Manufacturer: syz
[   71.300811][ T5318] cdc_wdm 5-1:1.0: skipping garbage
[   71.303165][ T5318] cdc_wdm 5-1:1.0: skipping garbage
[   71.307521][ T5318] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[   71.309575][ T5318] cdc_wdm 5-1:1.0: Unknown control protocol
[   71.508986][ T5324] ------------[ cut here ]------------
[   71.511314][ T5324] WARNING: CPU: 0 PID: 5324 at mm/util.c:670 __kvmalloc_node_noprof+0x17a/0x190
[   71.514810][ T5324] Modules linked in:
[   71.516338][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller #0
[   71.519564][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.523630][ T5324] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190
[   71.526072][ T5324] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 5f e5 b9 ff 41 81 e7 00 20 00 00 74 0a e8 11 e1 b9 ff e9 3b ff ff ff e8 07 e1 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[   71.533598][ T5324] RSP: 0018:ffffc9000d327930 EFLAGS: 00010287
[   71.536468][ T5324] RAX: ffffffff81daf909 RBX: 0000000093733000 RCX: 0000000000040000
[   71.539550][ T5324] RDX: ffffc9000d709000 RSI: 000000000000088a RDI: 000000000000088b
[   71.542539][ T5324] RBP: 0000000000000000 R08: ffffffff81daf8f1 R09: 00000000ffffffff
[   71.545331][ T5324] R10: ffffc9000d3277a0 R11: fffff52001a64ef9 R12: 0000000093733000
[   71.548285][ T5324] R13: ffffc9000d327a60 R14: 00000000ffffffff R15: 0000000000000000
[   71.551168][ T5324] FS:  00007f8f545266c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   71.554365][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.556788][ T5324] CR2: 000055a7620d6fc0 CR3: 000000003eb00000 CR4: 0000000000352ef0
[   71.559590][ T5324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   71.562504][ T5324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   71.565335][ T5324] Call Trace:
[   71.566711][ T5324]  <TASK>
[   71.567885][ T5324]  ? __warn+0x168/0x4e0
[   71.569382][ T5324]  ? __kvmalloc_node_noprof+0x17a/0x190
[   71.571544][ T5324]  ? report_bug+0x2b3/0x500
[   71.573284][ T5324]  ? __kvmalloc_node_noprof+0x17a/0x190
[   71.575157][ T5324]  ? handle_bug+0x60/0x90
[   71.576739][ T5324]  ? exc_invalid_op+0x1a/0x50
[   71.578421][ T5324]  ? asm_exc_invalid_op+0x1a/0x20
[   71.580264][ T5324]  ? __kvmalloc_node_noprof+0x161/0x190
[   71.582252][ T5324]  ? __kvmalloc_node_noprof+0x179/0x190
[   71.584214][ T5324]  ? __kvmalloc_node_noprof+0x17a/0x190
[   71.586336][ T5324]  __v4l2_ctrl_modify_dimensions+0x43b/0xb60
[   71.588471][ T5324]  ? tpg_update_mv_step+0x361/0x4f0
[   71.590423][ T5324]  vivid_update_format_cap+0x133c/0x2090
[   71.592470][ T5324]  ? __pfx_vivid_update_format_cap+0x10/0x10
[   71.594589][ T5324]  vivid_vid_cap_s_dv_timings+0x535/0x1230
[   71.596781][ T5324]  __video_do_ioctl+0xc23/0xdd0
[   71.598596][ T5324]  ? __pfx___video_do_ioctl+0x10/0x10
[   71.600715][ T5324]  ? __might_fault+0xc6/0x120
[   71.602530][ T5324]  video_usercopy+0x89b/0x1180
[   71.604322][ T5324]  ? __pfx___video_do_ioctl+0x10/0x10
[   71.606534][ T5324]  ? __pfx_video_usercopy+0x10/0x10
[   71.608437][ T5324]  ? __fget_files+0x29/0x470
[   71.610206][ T5324]  ? __fget_files+0x3f3/0x470
[   71.611976][ T5324]  v4l2_ioctl+0x189/0x1e0
[   71.613600][ T5324]  ? __pfx_v4l2_ioctl+0x10/0x10
[   71.615437][ T5324]  __se_sys_ioctl+0xf9/0x170
[   71.617363][ T5324]  do_syscall_64+0xf3/0x230
[   71.619138][ T5324]  ? clear_bhb_loop+0x35/0x90
[   71.620904][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.622964][ T5324] RIP: 0033:0x7f8f5377e719
[   71.624578][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.632573][ T5324] RSP: 002b:00007f8f54526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   71.635911][ T5324] RAX: ffffffffffffffda RBX: 00007f8f53935f80 RCX: 00007f8f5377e719
[   71.638813][ T5324] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000004
[   71.641678][ T5324] RBP: 00007f8f537f139e R08: 0000000000000000 R09: 0000000000000000
[   71.644580][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.647558][ T5324] R13: 0000000000000000 R14: 00007f8f53935f80 R15: 00007ffe760dc2b8
[   71.650483][ T5324]  </TASK>
[   71.651734][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   71.654459][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller #0
[   71.657615][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   71.661382][ T5324] Call Trace:
[   71.662695][ T5324]  <TASK>
[   71.663854][ T5324]  dump_stack_lvl+0x241/0x360
[   71.665545][ T5324]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.667425][ T5324]  ? __pfx__printk+0x10/0x10
[   71.669083][ T5324]  ? _printk+0xd5/0x120
[   71.670699][ T5324]  ? __init_begin+0x41000/0x41000
[   71.672647][ T5324]  ? vscnprintf+0x5d/0x90
[   71.674527][ T5324]  panic+0x349/0x880
[   71.676120][ T5324]  ? __warn+0x177/0x4e0
[   71.677536][ T5324]  ? __pfx_panic+0x10/0x10
[   71.679331][ T5324]  ? show_trace_log_lvl+0x3b2/0x410
[   71.681529][ T5324]  __warn+0x34b/0x4e0
[   71.683103][ T5324]  ? __kvmalloc_node_noprof+0x17a/0x190
[   71.685273][ T5324]  report_bug+0x2b3/0x500
[   71.686982][ T5324]  ? __kvmalloc_node_noprof+0x17a/0x190
[   71.689115][ T5324]  handle_bug+0x60/0x90
[   71.690792][ T5324]  exc_invalid_op+0x1a/0x50
[   71.692555][ T5324]  asm_exc_invalid_op+0x1a/0x20
[   71.694396][ T5324] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190
[   71.696815][ T5324] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 5f e5 b9 ff 41 81 e7 00 20 00 00 74 0a e8 11 e1 b9 ff e9 3b ff ff ff e8 07 e1 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[   71.703995][ T5324] RSP: 0018:ffffc9000d327930 EFLAGS: 00010287
[   71.706211][ T5324] RAX: ffffffff81daf909 RBX: 0000000093733000 RCX: 0000000000040000
[   71.709046][ T5324] RDX: ffffc9000d709000 RSI: 000000000000088a RDI: 000000000000088b
[   71.711922][ T5324] RBP: 0000000000000000 R08: ffffffff81daf8f1 R09: 00000000ffffffff
[   71.714699][ T5324] R10: ffffc9000d3277a0 R11: fffff52001a64ef9 R12: 0000000093733000
[   71.717384][ T5324] R13: ffffc9000d327a60 R14: 00000000ffffffff R15: 0000000000000000
[   71.720440][ T5324]  ? __kvmalloc_node_noprof+0x161/0x190
[   71.722476][ T5324]  ? __kvmalloc_node_noprof+0x179/0x190
[   71.724516][ T5324]  __v4l2_ctrl_modify_dimensions+0x43b/0xb60
[   71.726744][ T5324]  ? tpg_update_mv_step+0x361/0x4f0
[   71.728766][ T5324]  vivid_update_format_cap+0x133c/0x2090
[   71.730726][ T5324]  ? __pfx_vivid_update_format_cap+0x10/0x10
[   71.732816][ T5324]  vivid_vid_cap_s_dv_timings+0x535/0x1230
[   71.735011][ T5324]  __video_do_ioctl+0xc23/0xdd0
[   71.736736][ T5324]  ? __pfx___video_do_ioctl+0x10/0x10
[   71.738674][ T5324]  ? __might_fault+0xc6/0x120
[   71.740403][ T5324]  video_usercopy+0x89b/0x1180
[   71.742130][ T5324]  ? __pfx___video_do_ioctl+0x10/0x10
[   71.744026][ T5324]  ? __pfx_video_usercopy+0x10/0x10
[   71.745910][ T5324]  ? __fget_files+0x29/0x470
[   71.747556][ T5324]  ? __fget_files+0x3f3/0x470
[   71.749183][ T5324]  v4l2_ioctl+0x189/0x1e0
[   71.750756][ T5324]  ? __pfx_v4l2_ioctl+0x10/0x10
[   71.752624][ T5324]  __se_sys_ioctl+0xf9/0x170
[   71.754337][ T5324]  do_syscall_64+0xf3/0x230
[   71.755877][ T5324]  ? clear_bhb_loop+0x35/0x90
[   71.757549][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.759809][ T5324] RIP: 0033:0x7f8f5377e719
[   71.761492][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.768283][ T5324] RSP: 002b:00007f8f54526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   71.771359][ T5324] RAX: ffffffffffffffda RBX: 00007f8f53935f80 RCX: 00007f8f5377e719
[   71.774202][ T5324] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000004
[   71.777077][ T5324] RBP: 00007f8f537f139e R08: 0000000000000000 R09: 0000000000000000
[   71.779986][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.782867][ T5324] R13: 0000000000000000 R14: 00007f8f53935f80 R15: 00007ffe760dc2b8
[   71.785762][ T5324]  </TASK>
[   71.787172][ T5324] Kernel Offset: disabled
[   71.788850][ T5324] Rebooting in 86400 seconds..