cm109 6-1:0.8: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff888029f0d300 submitted while active
WARNING: drivers/usb/core/urb.c:380 at usb_submit_urb+0xf7c/0x1920 drivers/usb/core/urb.c:380, CPU#1: kworker/1:3/5918
Modules linked in:
CPU: 1 UID: 0 PID: 5918 Comm: kworker/1:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0xf7c/0x1920 drivers/usb/core/urb.c:380
Code: 00 00 00 e8 86 aa b8 fa e9 35 f1 ff ff e8 7c aa b8 fa c6 05 e2 33 a0 08 01 90 48 c7 c7 a0 06 34 8c 48 89 de e8 35 c9 7a fa 90 <0f> 0b 90 90 e9 fc f0 ff ff e8 56 aa b8 fa c6 05 df 70 b6 08 01 41
RSP: 0018:ffffc90000a08878 EFLAGS: 00010046
RAX: 2a9d1724a0124800 RBX: ffff888029f0d300 RCX: 0000000000040000
RDX: ffffc900023b2000 RSI: 000000000002c1b7 RDI: 000000000002c1b8
RBP: 000000000000000f R08: ffff8880b87247d3 R09: 1ffff110170e48fa
R10: dffffc0000000000 R11: ffffed10170e48fb R12: 0000000000000820
R13: ffff888076b8a830 R14: ffff888029f0d308 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125b6f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd16c372a60 CR3: 000000002860a000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 cm109_submit_ctl drivers/input/misc/cm109.c:380 [inline]
 cm109_urb_irq_callback+0x709/0xcd0 drivers/input/misc/cm109.c:431
 __usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1661
 dummy_timer+0x85f/0x45b0 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x51c/0xc70 kernel/time/hrtimer.c:1841
 hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1858
 handle_softirqs+0x27d/0x880 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:console_flush_one_record arch/x86/include/asm/irqflags.h:-1 [inline]
RIP: 0010:console_flush_all+0x846/0xb60 kernel/printk/printk.c:3289
Code: ff ff e8 9d 2f 20 00 90 0f 0b 90 e9 53 fc ff ff e8 8f 2f 20 00 e8 6a 77 c3 09 48 85 db 74 c0 e8 80 2f 20 00 fb 48 8b 5c 24 10 <48> 8b 44 24 20 42 80 3c 20 00 4c 8b 74 24 18 74 08 4c 89 f7 e8 61
RSP: 0018:ffffc9000430f040 EFLAGS: 00000283
RAX: ffffffff81a1e9f0 RBX: ffffc9000430f1e0 RCX: 0000000000100000
RDX: ffffc900151a9000 RSI: 0000000000005396 RDI: 0000000000005397
RBP: ffffc9000430f190 R08: ffffffff8fbf8c77 R09: 1ffffffff1f7f18e
R10: dffffc0000000000 R11: fffffbfff1f7f18f R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff8eb89940
 __console_flush_and_unlock kernel/printk/printk.c:3319 [inline]
 console_unlock+0xbb/0x190 kernel/printk/printk.c:3359
 vprintk_emit+0x4d3/0x5d0 kernel/printk/printk.c:2426
 dev_vprintk_emit+0x337/0x3f0 drivers/base/core.c:4970
 dev_printk_emit+0xe0/0x130 drivers/base/core.c:4981
 _dev_err+0x10a/0x160 drivers/base/core.c:5036
 hub_port_init+0x1eb2/0x28e0 drivers/usb/core/hub.c:5067
 hub_port_connect drivers/usb/core/hub.c:5496 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2573/0x4ef0 drivers/usb/core/hub.c:5953
 process_one_work+0x93a/0x15e0 kernel/workqueue.c:3261
 process_scheduled_works kernel/workqueue.c:3344 [inline]
 worker_thread+0x9b0/0xee0 kernel/workqueue.c:3425
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	e8 9d 2f 20 00       	call   0x202fa2
   5:	90                   	nop
   6:	0f 0b                	ud2
   8:	90                   	nop
   9:	e9 53 fc ff ff       	jmp    0xfffffc61
   e:	e8 8f 2f 20 00       	call   0x202fa2
  13:	e8 6a 77 c3 09       	call   0x9c37782
  18:	48 85 db             	test   %rbx,%rbx
  1b:	74 c0                	je     0xffffffdd
  1d:	e8 80 2f 20 00       	call   0x202fa2
  22:	fb                   	sti
  23:	48 8b 5c 24 10       	mov    0x10(%rsp),%rbx
* 28:	48 8b 44 24 20       	mov    0x20(%rsp),%rax <-- trapping instruction
  2d:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  32:	4c 8b 74 24 18       	mov    0x18(%rsp),%r14
  37:	74 08                	je     0x41
  39:	4c 89 f7             	mov    %r14,%rdi
  3c:	e8                   	.byte 0xe8
  3d:	61                   	(bad)