WARNING in cm109_urb_irq_callback/usb_submit

WARNING in cm109_urb_irq_callback/usb_submit_urb
Status: upstream: reported on 2020/12/30 03:58
Reported-by: syzbot+2d6d691af5ab4b7e66df@syzkaller.appspotmail.com
First crash: 30d, last: 25d

Sample crash report:

cm109 3-1:0.0: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB 00000000aa6f3ba4 submitted while active
WARNING: CPU: 1 PID: 9795 at drivers/usb/core/urb.c:378 usb_submit_urb+0x1228/0x14e0 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 1 PID: 9795 Comm: kworker/1:4 Not tainted 5.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x1228/0x14e0 drivers/usb/core/urb.c:378
Code: 89 de e8 ab 93 3e fc 84 db 0f 85 da f4 ff ff e8 be 8b 3e fc 4c 89 fe 48 c7 c7 80 85 e0 89 c6 05 4b 6c a7 07 01 e8 5f cf 7f 03 <0f> 0b e9 b8 f4 ff ff c7 44 24 14 01 00 00 00 e9 6f f5 ff ff 41 bd
RSP: 0018:ffffc90000da89f0 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff815b2ae5 RDI: fffff520001b5130
RBP: ffff8880116c9680 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff815abc8e R11: 0000000000000000 R12: 0000000000000016
R13: 00000000fffffff0 R14: 000000000000000f R15: ffff88802ef04600
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ea36037168 CR3: 000000002e864000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x44f/0xaa0 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1657
 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1728
 dummy_timer+0x11f4/0x3280 drivers/usb/gadget/udc/dummy_hcd.c:1971
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1417
 expire_timers kernel/time/timer.c:1462 [inline]
 __run_timers.part.0+0x67c/0xa50 kernel/time/timer.c:1731
 __run_timers kernel/time/timer.c:1712 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1744
 __do_softirq+0x2a5/0x9f7 kernel/softirq.c:343
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:226 [inline]
 __irq_exit_rcu kernel/softirq.c:420 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:432
 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:85 [inline]
RIP: 0010:lock_acquire kernel/locking/lockdep.c:5440 [inline]
RIP: 0010:lock_acquire+0x2c7/0x740 kernel/locking/lockdep.c:5402
Code: 48 c7 c7 80 a1 4b 89 48 83 c4 20 e8 13 f6 93 07 b8 ff ff ff ff 65 0f c1 05 06 72 a9 7e 83 f8 01 0f 85 36 03 00 00 ff 34 24 9d <e9> 3a fe ff ff 65 ff 05 6d 60 a9 7e 48 8b 05 86 19 83 0b e8 31 eb
RSP: 0018:ffffc90001dc7640 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff920003b8eca RCX: 0000000000000001
RDX: 1ffff1100edae168 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 00000000000f8288 R09: 0000000000000001
R10: fffffbfff1dae2ab R11: 1ffffffff1d1f512 R12: 0000000000000000
R13: ffff88802424b870 R14: 0000000000000000 R15: 0000000000000000
 kernfs_drain fs/kernfs/dir.c:468 [inline]
 __kernfs_remove+0x861/0xa90 fs/kernfs/dir.c:1322
 kernfs_remove_by_name_ns+0x51/0xb0 fs/kernfs/dir.c:1515
 kernfs_remove_by_name include/linux/kernfs.h:593 [inline]
 remove_files+0x96/0x1c0 fs/sysfs/group.c:28
 sysfs_remove_group+0x87/0x170 fs/sysfs/group.c:289
 sysfs_remove_groups fs/sysfs/group.c:313 [inline]
 sysfs_remove_groups+0x5c/0xa0 fs/sysfs/group.c:305
 device_remove_groups drivers/base/core.c:2193 [inline]
 device_remove_attrs+0xba/0x160 drivers/base/core.c:2384
 device_del+0x4fa/0xd40 drivers/base/core.c:3269
 usb_disable_device+0x35b/0x7b0 drivers/usb/core/message.c:1413
 usb_disconnect.cold+0x27d/0x780 drivers/usb/core/hub.c:2218
 hub_port_connect drivers/usb/core/hub.c:5074 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]
 port_event drivers/usb/core/hub.c:5509 [inline]
 hub_event+0x1c8a/0x42d0 drivers/usb/core/hub.c:5591
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Crashes (3):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Maintainers
ci-upstream-kasan-gce-selinux-root	2020/12/30 05:44	upstream	139711f0	0fa352f2	.config	log	report	info	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, vulab@iscas.ac.cn
ci-upstream-kasan-gce-selinux-root	2020/12/26 03:50	upstream	5814bc2d	821e0b09	.config	log	report	info	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, vulab@iscas.ac.cn
ci-upstream-linux-next-kasan-gce-root	2020/12/30 23:55	linux-next	d7a03a44	ecb8c012	.config	log	report	info	dmitry.torokhov@gmail.com, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, vulab@iscas.ac.cn