usb 5-1: async_complete: urb error -104
usb 5-1: async_complete: urb error -104
usb 5-1: async_complete: urb error -104
------------[ cut here ]------------
ODEBUG: activate active (active state 0) object: ffff88804e433198 object type: rcu_head hint: 0x0
WARNING: CPU: 1 PID: 11984 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Modules linked in:
CPU: 1 UID: 0 PID: 11984 Comm: syz.5.1538 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:debug_print_object+0x1a2/0x2b0 lib/debugobjects.c:612
Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 20 fb f1 8b 4c 89 e6 48 c7 c7 a0 ef f1 8b e8 4f 81 c7 fc 90 <0f> 0b 90 90 58 83 05 56 7d cf 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
RSP: 0018:ffffc90000a08ad8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817b6ee8
RDX: ffff88804fb08000 RSI: ffffffff817b6ef5 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: fffffffffffe0770 R12: ffffffff8bf1f5c0
R13: ffffffff8b8ee6a0 R14: 0000000000000000 R15: ffffc90000a08b98
FS:  0000000000000000(0000) GS:ffff888124ad6000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c373ced CR3: 000000005d34a000 CR4: 00000000003526f0
DR0: 0000000000000004 DR1: 00000000000001f8 DR2: 0000000000000083
DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 debug_object_activate+0x2bc/0x4c0 lib/debugobjects.c:842
 debug_rcu_head_queue kernel/rcu/rcu.h:236 [inline]
 __call_rcu_common.constprop.0+0x35/0xa10 kernel/rcu/tree.c:3108
 radix_tree_node_free lib/radix-tree.c:310 [inline]
 delete_node+0x1fc/0x8d0 lib/radix-tree.c:573
 __radix_tree_delete+0x193/0x3d0 lib/radix-tree.c:1379
 radix_tree_delete_item+0xea/0x230 lib/radix-tree.c:1430
 afs_cell_destroy+0x1db/0x310 fs/afs/cell.c:523
 rcu_do_batch kernel/rcu/tree.c:2605 [inline]
 rcu_core+0x79c/0x1530 kernel/rcu/tree.c:2861
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:page_table_check_clear+0x520/0x740 mm/page_table_check.c:85
Code: 48 b9 00 00 00 00 00 fc ff df 48 c1 e8 03 0f b6 14 08 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a9 01 00 00 44 8b 3b <31> ff 44 89 fe e8 86 d0 8b ff 45 85 ff 0f 85 dd 00 00 00 e8 38 d5
RSP: 0018:ffffc90003b0f530 EFLAGS: 00000246
RAX: 0000000000000003 RBX: ffff88801ee39058 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801ee39058
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1003dc720b
R10: ffff88801ee3905b R11: 0000000000000001 R12: ffff88801ee39010
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
 __page_table_check_pte_clear+0xf1/0x100 mm/page_table_check.c:154
 page_table_check_pte_clear include/linux/page_table_check.h:51 [inline]
 ptep_get_and_clear_full arch/x86/include/asm/pgtable.h:1270 [inline]
 get_and_clear_full_ptes include/linux/pgtable.h:725 [inline]
 zap_present_folio_ptes mm/memory.c:1627 [inline]
 zap_present_ptes mm/memory.c:1709 [inline]
 do_zap_pte_range mm/memory.c:1810 [inline]
 zap_pte_range mm/memory.c:1854 [inline]
 zap_pmd_range mm/memory.c:1946 [inline]
 zap_pud_range mm/memory.c:1975 [inline]
 zap_p4d_range mm/memory.c:1996 [inline]
 unmap_page_range+0x24d9/0x41b0 mm/memory.c:2017
 unmap_single_vma.constprop.0+0x153/0x240 mm/memory.c:2060
 unmap_vmas+0x218/0x470 mm/memory.c:2104
 exit_mmap+0x1b2/0xb90 mm/mmap.c:1280
 __mmput+0x12a/0x410 kernel/fork.c:1133
 mmput+0x62/0x70 kernel/fork.c:1156
 exit_mm kernel/exit.c:582 [inline]
 do_exit+0x7c7/0x2bf0 kernel/exit.c:954
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1107
 get_signal+0x2671/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7c0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x85/0x130 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x426/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1ae998eec9
Code: Unable to access opcode bytes at 0x7f1ae998ee9f.
RSP: 002b:00007f1aea874038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffbe RBX: 00007f1ae9be6270 RCX: 00007f1ae998eec9
RDX: 0000000000000000 RSI: 00002000000001c0 RDI: ffffffffffffff9c
RBP: 00007f1ae9a11f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1ae9be6308 R14: 00007f1ae9be6270 R15: 00007ffc9f11e7e8
 </TASK>
----------------
Code disassembly (best guess):
   0:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
   7:	fc ff df
   a:	48 c1 e8 03          	shr    $0x3,%rax
   e:	0f b6 14 08          	movzbl (%rax,%rcx,1),%edx
  12:	48 89 d8             	mov    %rbx,%rax
  15:	83 e0 07             	and    $0x7,%eax
  18:	83 c0 03             	add    $0x3,%eax
  1b:	38 d0                	cmp    %dl,%al
  1d:	7c 08                	jl     0x27
  1f:	84 d2                	test   %dl,%dl
  21:	0f 85 a9 01 00 00    	jne    0x1d0
  27:	44 8b 3b             	mov    (%rbx),%r15d
* 2a:	31 ff                	xor    %edi,%edi <-- trapping instruction
  2c:	44 89 fe             	mov    %r15d,%esi
  2f:	e8 86 d0 8b ff       	call   0xff8bd0ba
  34:	45 85 ff             	test   %r15d,%r15d
  37:	0f 85 dd 00 00 00    	jne    0x11a
  3d:	e8                   	.byte 0xe8
  3e:	38 d5                	cmp    %dl,%ch