cm109 6-1:0.8: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff88804fcb7c00 submitted while active
WARNING: CPU: 0 PID: 5996 at drivers/usb/core/urb.c:380 usb_submit_urb+0x16f5/0x1990 drivers/usb/core/urb.c:380
Modules linked in:
CPU: 0 UID: 0 PID: 5996 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events switchdev_deferred_process_work
RIP: 0010:usb_submit_urb+0x16f5/0x1990 drivers/usb/core/urb.c:380
Code: ff ff ff bb fe ff ff ff e9 c9 f1 ff ff e8 73 20 b5 fa c6 05 57 db 62 09 01 90 48 c7 c7 a0 14 50 8c 48 89 de e8 cc 53 73 fa 90 <0f> 0b 90 90 e9 a6 fe ff ff bb f8 ff ff ff e9 99 f1 ff ff c7 44 24
RSP: 0018:ffffc90000007a90 EFLAGS: 00010082
RAX: 0000000000000000 RBX: ffff88804fcb7c00 RCX: ffffffff817b1cd8
RDX: ffff88802e3dc900 RSI: ffffffff817b1ce5 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffff888027f4d057 R14: ffff8880473b8a60 R15: 000000000000000f
FS:  0000000000000000(0000) GS:ffff8880d6a05000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fdd07971e9c CR3: 00000000365dd000 CR4: 0000000000352ef0
Call Trace:
 <IRQ>
 cm109_submit_ctl drivers/input/misc/cm109.c:380 [inline]
 cm109_urb_irq_callback+0x2ed/0xb80 drivers/input/misc/cm109.c:431
 __usb_hcd_giveback_urb+0x38b/0x610 drivers/usb/core/hcd.c:1661
 usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1745
 dummy_timer+0x1809/0x3a00 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1841
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1858
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:98 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:115 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:140 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:172 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:191 [inline]
RIP: 0010:kasan_check_range+0x159/0x1b0 mm/kasan/generic.c:200
Code: 2c 48 89 c2 48 85 c0 75 ad 48 89 da 4c 89 d8 4c 29 da e9 46 ff ff ff 48 85 d2 74 18 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 0a <80> 38 00 74 f2 e9 75 ff ff ff 5b b8 01 00 00 00 5d 41 5c c3 cc cc
RSP: 0018:ffffc90004477a78 EFLAGS: 00000282
RAX: fffffbfff201cf6c RBX: fffffbfff201cf6d RCX: ffffffff8197cc74
RDX: fffffbfff201cf6d RSI: 0000000000000008 RDI: ffffffff900e7b60
RBP: fffffbfff201cf6c R08: 0000000000000000 R09: fffffbfff201cf6c
R10: ffffffff900e7b67 R11: 0000000000000001 R12: ffffed1005c7b920
R13: ffff88802e3dc900 R14: 0000000000000000 R15: dffffc0000000000
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_long_read include/linux/atomic/atomic-instrumented.h:3188 [inline]
 __mutex_owner kernel/locking/mutex.h:47 [inline]
 mutex_spin_on_owner+0x94/0x310 kernel/locking/mutex.c:347
 mutex_optimistic_spin kernel/locking/mutex.c:464 [inline]
 __mutex_lock_common kernel/locking/mutex.c:602 [inline]
 __mutex_lock+0x316/0x1060 kernel/locking/mutex.c:760
 switchdev_deferred_process_work+0xe/0x20 net/switchdev/switchdev.c:104
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
----------------
Code disassembly (best guess):
   0:	2c 48                	sub    $0x48,%al
   2:	89 c2                	mov    %eax,%edx
   4:	48 85 c0             	test   %rax,%rax
   7:	75 ad                	jne    0xffffffb6
   9:	48 89 da             	mov    %rbx,%rdx
   c:	4c 89 d8             	mov    %r11,%rax
   f:	4c 29 da             	sub    %r11,%rdx
  12:	e9 46 ff ff ff       	jmp    0xffffff5d
  17:	48 85 d2             	test   %rdx,%rdx
  1a:	74 18                	je     0x34
  1c:	48 01 ea             	add    %rbp,%rdx
  1f:	eb 09                	jmp    0x2a
  21:	48 83 c0 01          	add    $0x1,%rax
  25:	48 39 d0             	cmp    %rdx,%rax
  28:	74 0a                	je     0x34
* 2a:	80 38 00             	cmpb   $0x0,(%rax) <-- trapping instruction
  2d:	74 f2                	je     0x21
  2f:	e9 75 ff ff ff       	jmp    0xffffffa9
  34:	5b                   	pop    %rbx
  35:	b8 01 00 00 00       	mov    $0x1,%eax
  3a:	5d                   	pop    %rbp
  3b:	41 5c                	pop    %r12
  3d:	c3                   	ret
  3e:	cc                   	int3
  3f:	cc                   	int3