program:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf1a91"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KIOCSOUND(r1, 0x4b2f, 0x7)

[   85.572696][ T5325] Bluetooth: hci0: command tx timeout
[   85.876402][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   86.027462][   T10] usb 5-1: Using ep0 maxpacket: 16
[   86.035010][   T10] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[   86.039654][   T10] usb 5-1: config 0 has no interface number 0
[   86.042642][   T10] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   86.048858][   T10] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 33050, setting to 1024
[   86.058846][   T10] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[   86.062829][   T10] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[   86.067938][   T10] usb 5-1: Product: syz
[   86.070044][   T10] usb 5-1: SerialNumber: syz
[   86.075491][   T10] usb 5-1: config 0 descriptor??
[   86.088240][   T10] cm109 5-1:0.8: invalid payload size 1024, expected 4
[   86.096887][   T10] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input5
[   86.493730][    C0] cm109 5-1:0.8: cm109_urb_irq_callback: urb status -71
[   86.496575][    C0] ------------[ cut here ]------------
[   86.498798][    C0] URB ffff888042ae0f00 submitted while active
[   86.501569][    C0] WARNING: CPU: 0 PID: 5348 at drivers/usb/core/urb.c:379 usb_submit_urb+0xff3/0x1890
[   86.505998][    C0] Modules linked in:
[   86.508217][    C0] CPU: 0 UID: 0 PID: 5348 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[   86.513911][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.518760][    C0] RIP: 0010:usb_submit_urb+0xff3/0x1890
[   86.521142][    C0] Code: 00 eb 5c e8 ef f1 9e fa e9 be f0 ff ff e8 e5 f1 9e fa c6 05 ab a7 6a 08 01 90 48 c7 c7 40 42 34 8c 48 89 de e8 9e d4 62 fa 90 <0f> 0b 90 90 e9 85 f0 ff ff e8 bf f1 9e fa eb 11 e8 b8 f1 9e fa bd
[   86.530736][    C0] RSP: 0018:ffffc900000077b8 EFLAGS: 00010046
[   86.533348][    C0] RAX: eebe4fa4793afe00 RBX: ffff888042ae0f00 RCX: ffff88803eed2440
[   86.537224][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[   86.540652][    C0] RBP: 000000000000000f R08: ffff88801fc24293 R09: 1ffff11003f84852
[   86.544181][    C0] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff1100a6ab50a
[   86.547466][    C0] R13: dffffc0000000000 R14: ffff888042ae0f08 R15: 0000000000000820
[   86.550830][    C0] FS:  0000555579943500(0000) GS:ffff88808d21b000(0000) knlGS:0000000000000000
[   86.554873][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.557811][    C0] CR2: 00007f4cbefa26e8 CR3: 000000004357d000 CR4: 0000000000352ef0
[   86.561276][    C0] Call Trace:
[   86.562740][    C0]  <IRQ>
[   86.564119][    C0]  ? kcov_remote_start+0x97/0x7f0
[   86.566210][    C0]  cm109_urb_irq_callback+0x718/0xc80
[   86.568569][    C0]  __usb_hcd_giveback_urb+0x417/0x690
[   86.570987][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[   86.573768][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[   86.576268][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[   86.578866][    C0]  dummy_timer+0x862/0x4550
[   86.580882][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   86.583170][    C0]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   86.585457][    C0]  ? __pfx_dummy_timer+0x10/0x10
[   86.587442][    C0]  ? __pfx_dummy_timer+0x10/0x10
[   86.589743][    C0]  ? __pfx_dummy_timer+0x10/0x10
[   86.592083][    C0]  __hrtimer_run_queues+0x529/0xc60
[   86.594396][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   86.596882][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   86.599386][    C0]  hrtimer_run_softirq+0x187/0x2b0
[   86.601671][    C0]  handle_softirqs+0x286/0x870
[   86.603807][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[   86.605859][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   86.608064][    C0]  ? irqtime_account_irq+0x18/0x1c0
[   86.610105][    C0]  __irq_exit_rcu+0xca/0x1f0
[   86.612151][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[   86.614454][    C0]  irq_exit_rcu+0x9/0x30
[   86.616325][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   86.618915][    C0]  </IRQ>
[   86.620348][    C0]  <TASK>
[   86.621759][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   86.624526][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[   86.627639][    C0] Code: 74 05 e8 4b e9 55 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 0d 1f f6 65 8b 05 bc 79 2e 07 85 c0 74 40 48 c7 04 24 0e 36
[   86.636046][    C0] RSP: 0018:ffffc9000d547a00 EFLAGS: 00000206
[   86.638825][    C0] RAX: eebe4fa4793afe00 RBX: 0000000000000a02 RCX: eebe4fa4793afe00
[   86.642503][    C0] RDX: 0000000000000006 RSI: ffffffff8d998d6f RDI: 0000000000000001
[   86.646245][    C0] RBP: ffffc9000d547a90 R08: ffffffff8fa1f5f7 R09: 1ffffffff1f43ebe
[   86.650085][    C0] R10: dffffc0000000000 R11: fffffbfff1f43ebf R12: dffffc0000000000
[   86.653894][    C0] R13: ffff88801e809000 R14: ffffffff8ede1540 R15: 1ffff92001aa8f40
[   86.657236][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.660337][    C0]  ? usb_hcd_giveback_urb+0x2f8/0x420
[   86.662586][    C0]  usb_hcd_poll_rh_status+0x406/0x620
[   86.664733][    C0]  ? __pfx_usb_hcd_poll_rh_status+0x10/0x10
[   86.667180][    C0]  dummy_pullup+0x19b/0x200
[   86.669347][    C0]  ? __pfx_dummy_pullup+0x10/0x10
[   86.671656][    C0]  usb_gadget_disconnect_locked+0x140/0x4b0
[   86.674109][    C0]  gadget_unbind_driver+0xc4/0x430
[   86.676191][    C0]  ? __pfx_gadget_unbind_driver+0x10/0x10
[   86.678834][    C0]  device_release_driver_internal+0x46f/0x7c0
[   86.681426][    C0]  driver_detach+0x1f3/0x2d0
[   86.683269][    C0]  bus_remove_driver+0x226/0x2f0
[   86.685304][    C0]  usb_gadget_unregister_driver+0x4e/0x70
[   86.687817][    C0]  raw_release+0xd7/0x260
[   86.689934][    C0]  ? __pfx_raw_release+0x10/0x10
[   86.692378][    C0]  __fput+0x449/0xa70
[   86.694352][    C0]  task_work_run+0x1d1/0x260
[   86.696666][    C0]  ? __pfx_task_work_run+0x10/0x10
[   86.698980][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[   86.701437][    C0]  exit_to_user_mode_loop+0xec/0x110
[   86.703637][    C0]  do_syscall_64+0x2bd/0x3b0
[   86.705830][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.708505][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   86.711194][    C0]  ? clear_bhb_loop+0x60/0xb0
[   86.713321][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.715932][    C0] RIP: 0033:0x7f4cbed8e929
[   86.717909][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.726939][    C0] RSP: 002b:00007fff69411a88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   86.730328][    C0] RAX: 0000000000000000 RBX: 0000000000014de7 RCX: 00007f4cbed8e929
[   86.733566][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   86.737028][    C0] RBP: 00007f4cbefb7ba0 R08: 0000000000000001 R09: 0000000469411d7f
[   86.740424][    C0] R10: 00007f4cbebff030 R11: 0000000000000246 R12: 00007f4cbefb5fac
[   86.743775][    C0] R13: 00007f4cbefb5fa0 R14: ffffffffffffffff R15: 00007fff69411ba0
[   86.747252][    C0]  </TASK>
[   86.748680][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.751848][    C0] CPU: 0 UID: 0 PID: 5348 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[   86.757237][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.762287][    C0] Call Trace:
[   86.764002][    C0]  <IRQ>
[   86.765374][    C0]  dump_stack_lvl+0x99/0x250
[   86.767792][    C0]  ? __asan_memcpy+0x40/0x70
[   86.770052][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.772538][    C0]  ? __pfx__printk+0x10/0x10
[   86.774531][    C0]  panic+0x2db/0x790
[   86.776262][    C0]  ? __pfx_panic+0x10/0x10
[   86.777994][    C0]  __warn+0x31b/0x4b0
[   86.779375][    C0]  ? usb_submit_urb+0xff3/0x1890
[   86.781143][    C0]  ? usb_submit_urb+0xff3/0x1890
[   86.783128][    C0]  report_bug+0x2be/0x4f0
[   86.784909][    C0]  ? usb_submit_urb+0xff3/0x1890
[   86.786906][    C0]  ? usb_submit_urb+0xff3/0x1890
[   86.788953][    C0]  ? usb_submit_urb+0xff5/0x1890
[   86.791117][    C0]  handle_bug+0x84/0x160
[   86.793042][    C0]  exc_invalid_op+0x1a/0x50
[   86.795090][    C0]  asm_exc_invalid_op+0x1a/0x20
[   86.797256][    C0] RIP: 0010:usb_submit_urb+0xff3/0x1890
[   86.799458][    C0] Code: 00 eb 5c e8 ef f1 9e fa e9 be f0 ff ff e8 e5 f1 9e fa c6 05 ab a7 6a 08 01 90 48 c7 c7 40 42 34 8c 48 89 de e8 9e d4 62 fa 90 <0f> 0b 90 90 e9 85 f0 ff ff e8 bf f1 9e fa eb 11 e8 b8 f1 9e fa bd
[   86.807723][    C0] RSP: 0018:ffffc900000077b8 EFLAGS: 00010046
[   86.810516][    C0] RAX: eebe4fa4793afe00 RBX: ffff888042ae0f00 RCX: ffff88803eed2440
[   86.813950][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[   86.816702][    C0] RBP: 000000000000000f R08: ffff88801fc24293 R09: 1ffff11003f84852
[   86.819909][    C0] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff1100a6ab50a
[   86.823444][    C0] R13: dffffc0000000000 R14: ffff888042ae0f08 R15: 0000000000000820
[   86.827066][    C0]  ? usb_submit_urb+0xff2/0x1890
[   86.829412][    C0]  ? kcov_remote_start+0x97/0x7f0
[   86.831553][    C0]  cm109_urb_irq_callback+0x718/0xc80
[   86.833584][    C0]  __usb_hcd_giveback_urb+0x417/0x690
[   86.835395][    C0]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[   86.837650][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[   86.839993][    C0]  ? usb_hcd_giveback_urb+0x10e/0x420
[   86.842359][    C0]  dummy_timer+0x862/0x4550
[   86.844433][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   86.846884][    C0]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   86.849226][    C0]  ? __pfx_dummy_timer+0x10/0x10
[   86.851294][    C0]  ? __pfx_dummy_timer+0x10/0x10
[   86.853501][    C0]  ? __pfx_dummy_timer+0x10/0x10
[   86.855679][    C0]  __hrtimer_run_queues+0x529/0xc60
[   86.857743][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   86.860161][    C0]  ? __pfx_tasklet_action_common+0x10/0x10
[   86.862831][    C0]  hrtimer_run_softirq+0x187/0x2b0
[   86.865033][    C0]  handle_softirqs+0x286/0x870
[   86.867239][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[   86.869234][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   86.871558][    C0]  ? irqtime_account_irq+0x18/0x1c0
[   86.873893][    C0]  __irq_exit_rcu+0xca/0x1f0
[   86.875908][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[   86.878235][    C0]  irq_exit_rcu+0x9/0x30
[   86.880025][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   86.882614][    C0]  </IRQ>
[   86.884044][    C0]  <TASK>
[   86.885278][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   86.887641][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[   86.890633][    C0] Code: 74 05 e8 4b e9 55 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 13 0d 1f f6 65 8b 05 bc 79 2e 07 85 c0 74 40 48 c7 04 24 0e 36
[   86.899132][    C0] RSP: 0018:ffffc9000d547a00 EFLAGS: 00000206
[   86.901821][    C0] RAX: eebe4fa4793afe00 RBX: 0000000000000a02 RCX: eebe4fa4793afe00
[   86.905102][    C0] RDX: 0000000000000006 RSI: ffffffff8d998d6f RDI: 0000000000000001
[   86.908600][    C0] RBP: ffffc9000d547a90 R08: ffffffff8fa1f5f7 R09: 1ffffffff1f43ebe
[   86.912131][    C0] R10: dffffc0000000000 R11: fffffbfff1f43ebf R12: dffffc0000000000
[   86.915651][    C0] R13: ffff88801e809000 R14: ffffffff8ede1540 R15: 1ffff92001aa8f40
[   86.919304][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.922216][    C0]  ? usb_hcd_giveback_urb+0x2f8/0x420
[   86.924596][    C0]  usb_hcd_poll_rh_status+0x406/0x620
[   86.927001][    C0]  ? __pfx_usb_hcd_poll_rh_status+0x10/0x10
[   86.929505][    C0]  dummy_pullup+0x19b/0x200
[   86.931292][    C0]  ? __pfx_dummy_pullup+0x10/0x10
[   86.933427][    C0]  usb_gadget_disconnect_locked+0x140/0x4b0
[   86.936188][    C0]  gadget_unbind_driver+0xc4/0x430
[   86.938407][    C0]  ? __pfx_gadget_unbind_driver+0x10/0x10
[   86.941007][    C0]  device_release_driver_internal+0x46f/0x7c0
[   86.943924][    C0]  driver_detach+0x1f3/0x2d0
[   86.946283][    C0]  bus_remove_driver+0x226/0x2f0
[   86.948730][    C0]  usb_gadget_unregister_driver+0x4e/0x70
[   86.951230][    C0]  raw_release+0xd7/0x260
[   86.952980][    C0]  ? __pfx_raw_release+0x10/0x10
[   86.954832][    C0]  __fput+0x449/0xa70
[   86.956444][    C0]  task_work_run+0x1d1/0x260
[   86.958420][    C0]  ? __pfx_task_work_run+0x10/0x10
[   86.960597][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[   86.962650][    C0]  exit_to_user_mode_loop+0xec/0x110
[   86.964701][    C0]  do_syscall_64+0x2bd/0x3b0
[   86.967096][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.969997][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   86.972738][    C0]  ? clear_bhb_loop+0x60/0xb0
[   86.974797][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.977714][    C0] RIP: 0033:0x7f4cbed8e929
[   86.980038][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.988393][    C0] RSP: 002b:00007fff69411a88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   86.991773][    C0] RAX: 0000000000000000 RBX: 0000000000014de7 RCX: 00007f4cbed8e929
[   86.995261][    C0] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   86.998562][    C0] RBP: 00007f4cbefb7ba0 R08: 0000000000000001 R09: 0000000469411d7f
[   87.001716][    C0] R10: 00007f4cbebff030 R11: 0000000000000246 R12: 00007f4cbefb5fac
[   87.005113][    C0] R13: 00007f4cbefb5fa0 R14: ffffffffffffffff R15: 00007fff69411ba0
[   87.008328][    C0]  </TASK>
[   87.009961][    C0] Kernel Offset: disabled
[   87.011831][    C0] Rebooting in 86400 seconds..