program:
r0 = io_uring_setup(0x9, &(0x7f00000000c0)={0x0, 0x0, 0x40, 0x2, 0x63})
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

[   79.317361][ T4533] Bluetooth: hci0: command tx timeout
[   79.865428][ T5100] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   80.017737][ T5100] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   80.020455][ T5100] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   80.023653][ T5100] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[   80.028130][ T5100] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   80.037580][ T5100] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   80.041173][ T5100] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   80.044249][ T5100] usb 5-1: Product: syz
[   80.047276][ T5100] usb 5-1: Manufacturer: syz
[   80.063440][ T5100] cdc_wdm 5-1:1.0: skipping garbage
[   80.066917][ T5100] cdc_wdm 5-1:1.0: skipping garbage
[   80.072876][ T5100] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[   80.076835][ T5100] cdc_wdm 5-1:1.0: Unknown control protocol
[   80.262615][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.266613][    C0] cdc_wdm 5-1:1.0: Cannot schedule work
[   80.269788][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.272240][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.274744][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.276871][    C0] cdc_wdm 5-1:1.0: Cannot schedule work
[   80.279169][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.281735][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.286581][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.290010][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.292897][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.295702][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.298333][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.303040][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.308063][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.310564][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.313093][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.316409][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.319772][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.322271][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.324759][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.327172][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.329725][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.332284][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.335122][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.338141][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.340832][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.343239][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.345574][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.347886][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.350343][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.353042][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.356276][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.359545][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.362332][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.364777][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.367238][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.369708][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.372257][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.374963][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.378195][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.381189][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.383599][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.386707][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.389279][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.391908][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.394772][    C0] cdc_wdm 5-1:1.0: Stall on int endpoint
[   80.408213][ T5100] ------------[ cut here ]------------
[   80.408323][    C0] cdc_wdm 5-1:1.0: Unexpected error -71
[   80.413228][ T5100] URB ffff88801ec72000 submitted while active
[   80.446169][ T5100] WARNING: CPU: 0 PID: 5100 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1039/0x1930
[   80.450438][ T5100] Modules linked in:
[   80.452031][ T5100] CPU: 0 UID: 0 PID: 5100 Comm: kworker/0:4 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[   80.456682][ T5100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.461770][ T5100] Workqueue: events wdm_rxwork
[   80.464284][ T5100] RIP: 0010:usb_submit_urb+0x1039/0x1930
[   80.466976][ T5100] Code: 00 eb 66 e8 d9 f0 5c fa e9 79 f0 ff ff e8 cf f0 5c fa c6 05 ee d0 ce 08 01 90 48 c7 c7 c0 10 b1 8c 4c 89 ee e8 d8 ea 1d fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 a9 f0 5c fa eb 12 e8 a2 f0 5c fa 41
[   80.474253][ T5100] RSP: 0018:ffffc90002fafae8 EFLAGS: 00010246
[   80.477516][ T5100] RAX: 27bcffff64e99600 RBX: 0000000000000cc0 RCX: ffff88801e262440
[   80.481148][ T5100] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   80.484266][ T5100] RBP: ffff88801ec72008 R08: ffffffff8155e402 R09: fffffbfff1cf9fd8
[   80.487733][ T5100] R10: dffffc0000000000 R11: fffffbfff1cf9fd8 R12: 1ffff11002457412
[   80.491624][ T5100] R13: ffff88801ec72000 R14: dffffc0000000000 R15: ffff8880122ba028
[   80.495077][ T5100] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   80.499080][ T5100] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   80.501925][ T5100] CR2: 000055f80a7e2ee0 CR3: 000000000e734000 CR4: 0000000000352ef0
[   80.505628][ T5100] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   80.508716][ T5100] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   80.512138][ T5100] Call Trace:
[   80.513645][ T5100]  <TASK>
[   80.515117][ T5100]  ? __warn+0x168/0x4e0
[   80.517026][ T5100]  ? usb_submit_urb+0x1039/0x1930
[   80.519281][ T5100]  ? report_bug+0x2b3/0x500
[   80.521142][ T5100]  ? usb_submit_urb+0x1039/0x1930
[   80.523149][ T5100]  ? handle_bug+0x60/0x90
[   80.524894][ T5100]  ? exc_invalid_op+0x1a/0x50
[   80.527153][ T5100]  ? asm_exc_invalid_op+0x1a/0x20
[   80.530224][ T5100]  ? __warn_printk+0x292/0x360
[   80.532533][ T5100]  ? usb_submit_urb+0x1039/0x1930
[   80.534481][ T5100]  ? usb_submit_urb+0x1038/0x1930
[   80.536458][ T5100]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   80.538933][ T5100]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   80.541688][ T5100]  wdm_rxwork+0x116/0x1f0
[   80.543757][ T5100]  ? process_scheduled_works+0x976/0x1850
[   80.547247][ T5100]  process_scheduled_works+0xa63/0x1850
[   80.549474][ T5100]  ? __pfx_process_scheduled_works+0x10/0x10
[   80.552263][ T5100]  ? assign_work+0x364/0x3d0
[   80.554170][ T5100]  worker_thread+0x870/0xd30
[   80.556199][ T5100]  ? __kthread_parkme+0x169/0x1d0
[   80.558138][ T5100]  ? __pfx_worker_thread+0x10/0x10
[   80.560219][ T5100]  kthread+0x2f0/0x390
[   80.561919][ T5100]  ? __pfx_worker_thread+0x10/0x10
[   80.564055][ T5100]  ? __pfx_kthread+0x10/0x10
[   80.565966][ T5100]  ret_from_fork+0x4b/0x80
[   80.567750][ T5100]  ? __pfx_kthread+0x10/0x10
[   80.569663][ T5100]  ret_from_fork_asm+0x1a/0x30
[   80.571638][ T5100]  </TASK>
[   80.572871][ T5100] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   80.575636][ T5100] CPU: 0 UID: 0 PID: 5100 Comm: kworker/0:4 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0
[   80.579762][ T5100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.584090][ T5100] Workqueue: events wdm_rxwork
[   80.586015][ T5100] Call Trace:
[   80.587326][ T5100]  <TASK>
[   80.588485][ T5100]  dump_stack_lvl+0x241/0x360
[   80.590345][ T5100]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.592455][ T5100]  ? __pfx__printk+0x10/0x10
[   80.594360][ T5100]  ? vscnprintf+0x5d/0x90
[   80.596132][ T5100]  panic+0x349/0x880
[   80.597750][ T5100]  ? __warn+0x177/0x4e0
[   80.600376][ T5100]  ? __pfx_panic+0x10/0x10
[   80.602232][ T5100]  ? ret_from_fork_asm+0x1a/0x30
[   80.604249][ T5100]  __warn+0x34b/0x4e0
[   80.605860][ T5100]  ? usb_submit_urb+0x1039/0x1930
[   80.607889][ T5100]  report_bug+0x2b3/0x500
[   80.609682][ T5100]  ? usb_submit_urb+0x1039/0x1930
[   80.611760][ T5100]  handle_bug+0x60/0x90
[   80.613426][ T5100]  exc_invalid_op+0x1a/0x50
[   80.615291][ T5100]  asm_exc_invalid_op+0x1a/0x20
[   80.617170][ T5100] RIP: 0010:usb_submit_urb+0x1039/0x1930
[   80.619449][ T5100] Code: 00 eb 66 e8 d9 f0 5c fa e9 79 f0 ff ff e8 cf f0 5c fa c6 05 ee d0 ce 08 01 90 48 c7 c7 c0 10 b1 8c 4c 89 ee e8 d8 ea 1d fa 90 <0f> 0b 90 90 e9 40 f0 ff ff e8 a9 f0 5c fa eb 12 e8 a2 f0 5c fa 41
[   80.626850][ T5100] RSP: 0018:ffffc90002fafae8 EFLAGS: 00010246
[   80.629742][ T5100] RAX: 27bcffff64e99600 RBX: 0000000000000cc0 RCX: ffff88801e262440
[   80.634228][ T5100] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   80.637961][ T5100] RBP: ffff88801ec72008 R08: ffffffff8155e402 R09: fffffbfff1cf9fd8
[   80.641002][ T5100] R10: dffffc0000000000 R11: fffffbfff1cf9fd8 R12: 1ffff11002457412
[   80.643935][ T5100] R13: ffff88801ec72000 R14: dffffc0000000000 R15: ffff8880122ba028
[   80.647063][ T5100]  ? __warn_printk+0x292/0x360
[   80.649010][ T5100]  ? usb_submit_urb+0x1038/0x1930
[   80.651521][ T5100]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   80.655549][ T5100]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   80.658178][ T5100]  wdm_rxwork+0x116/0x1f0
[   80.659974][ T5100]  ? process_scheduled_works+0x976/0x1850
[   80.662224][ T5100]  process_scheduled_works+0xa63/0x1850
[   80.664442][ T5100]  ? __pfx_process_scheduled_works+0x10/0x10
[   80.666772][ T5100]  ? assign_work+0x364/0x3d0
[   80.668719][ T5100]  worker_thread+0x870/0xd30
[   80.670677][ T5100]  ? __kthread_parkme+0x169/0x1d0
[   80.673024][ T5100]  ? __pfx_worker_thread+0x10/0x10
[   80.675375][ T5100]  kthread+0x2f0/0x390
[   80.677149][ T5100]  ? __pfx_worker_thread+0x10/0x10
[   80.679194][ T5100]  ? __pfx_kthread+0x10/0x10
[   80.680956][ T5100]  ret_from_fork+0x4b/0x80
[   80.682663][ T5100]  ? __pfx_kthread+0x10/0x10
[   80.685037][ T5100]  ret_from_fork_asm+0x1a/0x30
[   80.688067][ T5100]  </TASK>
[   80.689921][ T5100] Kernel Offset: disabled
[   80.691774][ T5100] Rebooting in 86400 seconds..