program:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)={0x20, 0x6, 0x17, {0x17, 0x23, "29330dc778c7a4cae9a4c9e0bb43bbd22455bab204"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0)

[   78.623068][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[   78.625608][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[   78.628922][ T5311] Bluetooth: hci0: command tx timeout
[   78.960775][ T5324] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   79.110658][ T5324] usb 5-1: Using ep0 maxpacket: 16
[   79.116346][ T5324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.122064][ T5324] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.126178][ T5324] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   79.133213][ T5324] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[   79.136776][ T5324] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.154119][ T5324] usb 5-1: config 0 descriptor??
[   79.578979][ T5324] input: HID 0955:7214 Haptics as /devices/virtual/input/input5
[   79.632527][ T5324] shield 0003:0955:7214.0002: Registered Thunderstrike controller
[   79.636310][ T5324] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[   79.763694][ T5327] random: crng reseeded on system resumption
[   79.791062][ T1347] usb 5-1: USB disconnect, device number 2
[   79.798809][    T9] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[   79.812844][    T9] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[   79.827000][ T1347] ------------[ cut here ]------------
[   79.829141][ T1347] workqueue: work disable count underflowed
[   79.831591][ T1347] WARNING: CPU: 0 PID: 1347 at kernel/workqueue.c:4326 enable_work+0x345/0x360
[   79.835117][ T1347] Modules linked in:
[   79.836991][ T1347] CPU: 0 UID: 0 PID: 1347 Comm: kworker/0:3 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[   79.841843][ T1347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.845875][ T1347] Workqueue: usb_hub_wq hub_event
[   79.848056][ T1347] RIP: 0010:enable_work+0x345/0x360
[   79.850197][ T1347] Code: d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 b7 38 00 c6 05 6f c5 bf 0e 01 90 48 c7 c7 e0 d0 49 8c e8 fc 0f f8 ff 90 <0f> 0b 90 90 e9 51 ff ff ff e8 fd 99 a5 0a 66 66 66 66 2e 0f 1f 84
[   79.858013][ T1347] RSP: 0018:ffffc9000291f000 EFLAGS: 00010046
[   79.860431][ T1347] RAX: 09524b043c80b800 RBX: 0000000000000000 RCX: ffff888000894880
[   79.863728][ T1347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   79.867030][ T1347] RBP: ffffc9000291f0e0 R08: ffffffff818218d2 R09: fffffbfff1d7a960
[   79.870289][ T1347] R10: dffffc0000000000 R11: fffffbfff1d7a960 R12: 1ffff92000523e04
[   79.873605][ T1347] R13: dffffc0000000000 R14: 001fffffffc00001 R15: ffff8880528d0730
[   79.876851][ T1347] FS:  0000000000000000(0000) GS:ffff88808c59a000(0000) knlGS:0000000000000000
[   79.880536][ T1347] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   79.883207][ T1347] CR2: 00005648a6a342c0 CR3: 0000000052d1e000 CR4: 0000000000352ef0
[   79.886528][ T1347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   79.889732][ T1347] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   79.893069][ T1347] Call Trace:
[   79.894492][ T1347]  <TASK>
[   79.895745][ T1347]  ? __pfx_enable_work+0x10/0x10
[   79.897851][ T1347]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   79.900122][ T1347]  ? __thermal_zone_cdev_unbind+0x45d/0x490
[   79.902507][ T1347]  ? lockdep_hardirqs_on+0x9d/0x150
[   79.904620][ T1347]  __cancel_work_sync+0xf5/0x110
[   79.906591][ T1347]  thermal_zone_device_unregister+0x210/0x390
[   79.908937][ T1347]  power_supply_unregister+0xe8/0x140
[   79.910976][ T1347]  ? __pfx_shield_remove+0x10/0x10
[   79.913078][ T1347]  shield_remove+0x72/0x120
[   79.915232][ T1347]  hid_device_remove+0x225/0x370
[   79.917332][ T1347]  ? __pfx_hid_device_remove+0x10/0x10
[   79.919410][ T1347]  device_release_driver_internal+0x4a9/0x7c0
[   79.921757][ T1347]  bus_remove_device+0x34f/0x420
[   79.923860][ T1347]  device_del+0x57c/0x9b0
[   79.925674][ T1347]  ? __pfx_device_del+0x10/0x10
[   79.927636][ T1347]  hid_destroy_device+0x6a/0x1b0
[   79.929664][ T1347]  usbhid_disconnect+0x9e/0xc0
[   79.931580][ T1347]  usb_unbind_interface+0x25b/0x940
[   79.933731][ T1347]  ? kernfs_find_ns+0x202/0x310
[   79.935776][ T1347]  ? __pfx_usb_unbind_interface+0x10/0x10
[   79.938067][ T1347]  device_release_driver_internal+0x503/0x7c0
[   79.940496][ T1347]  bus_remove_device+0x34f/0x420
[   79.942675][ T1347]  device_del+0x57c/0x9b0
[   79.944620][ T1347]  ? kobject_put+0x272/0x480
[   79.946577][ T1347]  ? __pfx_device_del+0x10/0x10
[   79.948644][ T1347]  ? kobject_put+0x44d/0x480
[   79.950581][ T1347]  usb_disable_device+0x3c5/0x860
[   79.952679][ T1347]  usb_disconnect+0x340/0x960
[   79.954683][ T1347]  hub_event+0x1d2a/0x50f0
[   79.956660][ T1347]  ? do_raw_spin_unlock+0x58/0x8b0
[   79.958705][ T1347]  ? __pfx_hub_event+0x10/0x10
[   79.960721][ T1347]  ? __lock_acquire+0xad5/0xd80
[   79.962752][ T1347]  ? __pfx_insn_get_displacement+0x10/0x10
[   79.965235][ T1347]  ? process_scheduled_works+0x9cb/0x18e0
[   79.967345][ T1347]  process_scheduled_works+0xac3/0x18e0
[   79.969352][ T1347]  ? __pfx_process_scheduled_works+0x10/0x10
[   79.971555][ T1347]  ? assign_work+0x367/0x3d0
[   79.973530][ T1347]  worker_thread+0x870/0xd50
[   79.975265][ T1347]  ? __kthread_parkme+0x1a8/0x200
[   79.977256][ T1347]  ? __pfx_worker_thread+0x10/0x10
[   79.979094][ T1347]  kthread+0x7b7/0x940
[   79.980941][ T1347]  ? __pfx_worker_thread+0x10/0x10
[   79.983374][ T1347]  ? __pfx_kthread+0x10/0x10
[   79.985782][ T1347]  ? __pfx_kthread+0x10/0x10
[   79.987730][ T1347]  ? __pfx_kthread+0x10/0x10
[   79.989475][ T1347]  ? __pfx_kthread+0x10/0x10
[   79.991200][ T1347]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.993153][ T1347]  ? lockdep_hardirqs_on+0x9d/0x150
[   79.995163][ T1347]  ? __pfx_kthread+0x10/0x10
[   79.997125][ T1347]  ret_from_fork+0x4b/0x80
[   79.998962][ T1347]  ? __pfx_kthread+0x10/0x10
[   80.000831][ T1347]  ret_from_fork_asm+0x1a/0x30
[   80.002714][ T1347]  </TASK>
[   80.003987][ T1347] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   80.006715][ T1347] CPU: 0 UID: 0 PID: 1347 Comm: kworker/0:3 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) 
[   80.011804][ T1347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.015732][ T1347] Workqueue: usb_hub_wq hub_event
[   80.017702][ T1347] Call Trace:
[   80.019021][ T1347]  <TASK>
[   80.020268][ T1347]  dump_stack_lvl+0x241/0x360
[   80.022146][ T1347]  ? __pfx_dump_stack_lvl+0x10/0x10
[   80.024201][ T1347]  ? __pfx__printk+0x10/0x10
[   80.026098][ T1347]  ? vscnprintf+0x5d/0x90
[   80.027751][ T1347]  panic+0x349/0x880
[   80.029274][ T1347]  ? __warn+0x174/0x4d0
[   80.030931][ T1347]  ? __pfx_panic+0x10/0x10
[   80.032593][ T1347]  ? ret_from_fork_asm+0x1a/0x30
[   80.034636][ T1347]  __warn+0x344/0x4d0
[   80.036292][ T1347]  ? enable_work+0x345/0x360
[   80.038242][ T1347]  report_bug+0x2b3/0x500
[   80.039811][ T1347]  ? enable_work+0x345/0x360
[   80.045792][ T1347]  ? enable_work+0x345/0x360
[   80.047741][ T1347]  ? enable_work+0x347/0x360
[   80.049483][ T1347]  handle_bug+0x89/0x170
[   80.051154][ T1347]  exc_invalid_op+0x1a/0x50
[   80.053145][ T1347]  asm_exc_invalid_op+0x1a/0x20
[   80.055454][ T1347] RIP: 0010:enable_work+0x345/0x360
[   80.057969][ T1347] Code: d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 00 b7 38 00 c6 05 6f c5 bf 0e 01 90 48 c7 c7 e0 d0 49 8c e8 fc 0f f8 ff 90 <0f> 0b 90 90 e9 51 ff ff ff e8 fd 99 a5 0a 66 66 66 66 2e 0f 1f 84
[   80.066258][ T1347] RSP: 0018:ffffc9000291f000 EFLAGS: 00010046
[   80.068779][ T1347] RAX: 09524b043c80b800 RBX: 0000000000000000 RCX: ffff888000894880
[   80.071850][ T1347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   80.074918][ T1347] RBP: ffffc9000291f0e0 R08: ffffffff818218d2 R09: fffffbfff1d7a960
[   80.078119][ T1347] R10: dffffc0000000000 R11: fffffbfff1d7a960 R12: 1ffff92000523e04
[   80.081310][ T1347] R13: dffffc0000000000 R14: 001fffffffc00001 R15: ffff8880528d0730
[   80.084420][ T1347]  ? __warn_printk+0x2a2/0x360
[   80.086367][ T1347]  ? __pfx_enable_work+0x10/0x10
[   80.088295][ T1347]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   80.090683][ T1347]  ? __thermal_zone_cdev_unbind+0x45d/0x490
[   80.092905][ T1347]  ? lockdep_hardirqs_on+0x9d/0x150
[   80.094948][ T1347]  __cancel_work_sync+0xf5/0x110
[   80.096964][ T1347]  thermal_zone_device_unregister+0x210/0x390
[   80.099454][ T1347]  power_supply_unregister+0xe8/0x140
[   80.101652][ T1347]  ? __pfx_shield_remove+0x10/0x10
[   80.103681][ T1347]  shield_remove+0x72/0x120
[   80.105720][ T1347]  hid_device_remove+0x225/0x370
[   80.107682][ T1347]  ? __pfx_hid_device_remove+0x10/0x10
[   80.109875][ T1347]  device_release_driver_internal+0x4a9/0x7c0
[   80.112874][ T1347]  bus_remove_device+0x34f/0x420
[   80.115126][ T1347]  device_del+0x57c/0x9b0
[   80.116918][ T1347]  ? __pfx_device_del+0x10/0x10
[   80.118955][ T1347]  hid_destroy_device+0x6a/0x1b0
[   80.120999][ T1347]  usbhid_disconnect+0x9e/0xc0
[   80.122925][ T1347]  usb_unbind_interface+0x25b/0x940
[   80.125093][ T1347]  ? kernfs_find_ns+0x202/0x310
[   80.127118][ T1347]  ? __pfx_usb_unbind_interface+0x10/0x10
[   80.129217][ T1347]  device_release_driver_internal+0x503/0x7c0
[   80.131501][ T1347]  bus_remove_device+0x34f/0x420
[   80.133380][ T1347]  device_del+0x57c/0x9b0
[   80.134979][ T1347]  ? kobject_put+0x272/0x480
[   80.136755][ T1347]  ? __pfx_device_del+0x10/0x10
[   80.138545][ T1347]  ? kobject_put+0x44d/0x480
[   80.140274][ T1347]  usb_disable_device+0x3c5/0x860
[   80.142183][ T1347]  usb_disconnect+0x340/0x960
[   80.144128][ T1347]  hub_event+0x1d2a/0x50f0
[   80.145945][ T1347]  ? do_raw_spin_unlock+0x58/0x8b0
[   80.148022][ T1347]  ? __pfx_hub_event+0x10/0x10
[   80.149962][ T1347]  ? __lock_acquire+0xad5/0xd80
[   80.151886][ T1347]  ? __pfx_insn_get_displacement+0x10/0x10
[   80.154264][ T1347]  ? process_scheduled_works+0x9cb/0x18e0
[   80.156636][ T1347]  process_scheduled_works+0xac3/0x18e0
[   80.158918][ T1347]  ? __pfx_process_scheduled_works+0x10/0x10
[   80.161422][ T1347]  ? assign_work+0x367/0x3d0
[   80.163340][ T1347]  worker_thread+0x870/0xd50
[   80.165283][ T1347]  ? __kthread_parkme+0x1a8/0x200
[   80.167330][ T1347]  ? __pfx_worker_thread+0x10/0x10
[   80.169440][ T1347]  kthread+0x7b7/0x940
[   80.171255][ T1347]  ? __pfx_worker_thread+0x10/0x10
[   80.173320][ T1347]  ? __pfx_kthread+0x10/0x10
[   80.175222][ T1347]  ? __pfx_kthread+0x10/0x10
[   80.177234][ T1347]  ? __pfx_kthread+0x10/0x10
[   80.179158][ T1347]  ? __pfx_kthread+0x10/0x10
[   80.181125][ T1347]  ? _raw_spin_unlock_irq+0x23/0x50
[   80.183274][ T1347]  ? lockdep_hardirqs_on+0x9d/0x150
[   80.185510][ T1347]  ? __pfx_kthread+0x10/0x10
[   80.187386][ T1347]  ret_from_fork+0x4b/0x80
[   80.189248][ T1347]  ? __pfx_kthread+0x10/0x10
[   80.191094][ T1347]  ret_from_fork_asm+0x1a/0x30
[   80.193155][ T1347]  </TASK>
[   80.194723][ T1347] Kernel Offset: disabled
[   80.196529][ T1347] Rebooting in 86400 seconds..