cm109 4-1:0.8: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff88814298c500 submitted while active
WARNING: CPU: 1 PID: 4955 at drivers/usb/core/urb.c:378 usb_submit_urb+0x1057/0x1980 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 1 PID: 4955 Comm: kworker/1:13 Not tainted 5.15.188-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x1057/0x1980 drivers/usb/core/urb.c:378
Code: 89 a8 fb eb 53 e8 69 89 a8 fb e9 54 f0 ff ff e8 5f 89 a8 fb c6 05 68 96 86 07 01 48 c7 c7 e0 6c a4 8a 48 89 de e8 19 8e cf 03 <0f> 0b e9 1f f0 ff ff e8 3d 89 a8 fb eb 20 e8 36 89 a8 fb 4c 8b 74
RSP: 0018:ffffc90000dd0780 EFLAGS: 00010046
RAX: 759b0c569b53d300 RBX: ffff88814298c500 RCX: 0000000000040000
RDX: ffffc900022c9000 RSI: 0000000000008c3f RDI: 0000000000008c40
RBP: 000000000000000f R08: dffffc0000000000 R09: ffffed1017224f24
R10: ffffed1017224f24 R11: 1ffff11017224f23 R12: 0000000000000a20
R13: dffffc0000000000 R14: ffff88814298c508 R15: ffff888023aa4848
FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffa9938d84 CR3: 0000000062d92000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x728/0xc90 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x35f/0x520 drivers/usb/core/hcd.c:1674
 dummy_timer+0x827/0x2e10 drivers/usb/gadget/udc/dummy_hcd.c:1987
 call_timer_fn+0x16c/0x530 kernel/time/timer.c:1451
 expire_timers kernel/time/timer.c:1496 [inline]
 __run_timers+0x525/0x7c0 kernel/time/timer.c:1767
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1780
 handle_softirqs+0x328/0x820 kernel/softirq.c:576
 __do_softirq kernel/softirq.c:610 [inline]
 invoke_softirq kernel/softirq.c:450 [inline]
 __irq_exit_rcu+0x12f/0x220 kernel/softirq.c:659
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:671
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
Code: f6 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 0e 6b a9 f7 48 89 df e8 d6 3f aa f7 e8 21 e5 ca f7 fb bf 01 00 00 00 <e8> 06 64 9e f7 65 8b 05 a7 63 4f 76 85 c0 74 02 5b c3 e8 54 6e 4d
RSP: 0018:ffffc9000426f4a0 EFLAGS: 00000286
RAX: 759b0c569b53d300 RBX: ffff8880b9139b00 RCX: 759b0c569b53d300
RDX: dffffc0000000000 RSI: ffffffff8a0b15c0 RDI: 0000000000000001
RBP: 0000000004208060 R08: dffffc0000000000 R09: fffffbfff1ff7627
R10: fffffbfff1ff7627 R11: 1ffffffff1ff7626 R12: dffffc0000000000
R13: 1ffffffff17c1e30 R14: ffff88802927802c R15: dffffc0000000000
 sched_submit_work kernel/sched/core.c:6421 [inline]
 schedule+0x7c/0x1e0 kernel/sched/core.c:6456
 schedule_timeout+0x15c/0x280 kernel/time/timer.c:1914
 do_wait_for_common+0x29a/0x440 kernel/sched/completion.c:85
 __wait_for_common kernel/sched/completion.c:106 [inline]
 wait_for_common kernel/sched/completion.c:117 [inline]
 wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157
 usb_start_wait_urb+0x160/0x4b0 drivers/usb/core/message.c:63
 usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
 usb_control_msg+0x22f/0x3e0 drivers/usb/core/message.c:153
 get_port_status drivers/usb/core/hub.c:590 [inline]
 hub_ext_port_status+0x103/0x6d0 drivers/usb/core/hub.c:607
 hub_port_status drivers/usb/core/hub.c:629 [inline]
 port_event drivers/usb/core/hub.c:5661 [inline]
 hub_event+0x793/0x4fa0 drivers/usb/core/hub.c:5835
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
----------------
Code disassembly (best guess):
   0:	f6 ff                	idiv   %bh
   2:	0f 1f 00             	nopl   (%rax)
   5:	53                   	push   %rbx
   6:	48 89 fb             	mov    %rdi,%rbx
   9:	48 83 c7 18          	add    $0x18,%rdi
   d:	48 8b 74 24 08       	mov    0x8(%rsp),%rsi
  12:	e8 0e 6b a9 f7       	call   0xf7a96b25
  17:	48 89 df             	mov    %rbx,%rdi
  1a:	e8 d6 3f aa f7       	call   0xf7aa3ff5
  1f:	e8 21 e5 ca f7       	call   0xf7cae545
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 06 64 9e f7       	call   0xf79e6435 <-- trapping instruction
  2f:	65 8b 05 a7 63 4f 76 	mov    %gs:0x764f63a7(%rip),%eax        # 0x764f63dd
  36:	85 c0                	test   %eax,%eax
  38:	74 02                	je     0x3c
  3a:	5b                   	pop    %rbx
  3b:	c3                   	ret
  3c:	e8                   	.byte 0xe8
  3d:	54                   	push   %rsp
  3e:	6e                   	outsb  %ds:(%rsi),(%dx)
  3f:	4d                   	rex.WRB