cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff888037199900 submitted while active
WARNING: drivers/usb/core/urb.c:379 at usb_submit_urb+0x15fa/0x1910 drivers/usb/core/urb.c:379, CPU#1: udevadm/28125
Modules linked in:
CPU: 1 UID: 0 PID: 28125 Comm: udevadm Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:usb_submit_urb+0x15fd/0x1910 drivers/usb/core/urb.c:379
Code: 00 48 8b 04 24 48 8b 90 b0 00 00 00 e9 73 ff ff ff bb ed ff ff ff e9 be f2 ff ff e8 4d ba b3 fa 48 8d 3d e6 2b 90 09 48 89 de <67> 48 0f b9 3a bb f0 ff ff ff e9 a0 f2 ff ff c7 44 24 30 00 00 00
RSP: 0018:ffffc90000a08af0 EFLAGS: 00010087
RAX: 0000000000000509 RBX: ffff888037199900 RCX: ffffc90002311000
RDX: 0000000000040000 RSI: ffff888037199900 RDI: ffffffff90e4ff80
RBP: ffff888046d054a0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000083
R13: ffff88807d675858 R14: 000000000000000f R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88812446e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc8b7046000 CR3: 000000008b6be000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 cm109_submit_ctl drivers/input/misc/cm109.c:380 [inline]
 cm109_urb_irq_callback+0x473/0xa70 drivers/input/misc/cm109.c:431
 __usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657
 usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741
 dummy_timer+0xda1/0x36c0 drivers/usb/gadget/udc/dummy_hcd.c:2005
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x470/0xa00 kernel/time/hrtimer.c:1994
 hrtimer_run_softirq+0x17d/0x2c0 kernel/time/hrtimer.c:2011
 handle_softirqs+0x1ea/0xa00 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x162/0x210 kernel/softirq.c:735
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_is_held_type+0xf5/0x140 kernel/locking/lockdep.c:5945
Code: ff ff ff ff 65 0f c1 15 f1 d5 81 08 83 fa 01 8b 44 24 04 75 2d 9c 5a 80 e6 02 75 47 41 f7 c5 00 02 00 00 74 01 fb 48 83 c4 08 <5b> 5d 41 5c 41 5d 41 5e 41 5f e9 47 af 86 f5 e9 42 af 86 f5 31 c0
RSP: 0018:ffffc9000d1f6f68 EFLAGS: 00000282
RAX: 0000000000000001 RBX: ffff88807d8b3438 RCX: 0000000000000001
RDX: 0000000000000046 RSI: ffffffff8defb1fd RDI: ffffffff8c1c3a80
RBP: ffff88801ef03d80 R08: 0000000000000005 R09: 0000000000000300
R10: 0000000000000300 R11: 0000000000000000 R12: 00000000ffffffff
R13: 0000000000000246 R14: ffff88801ef04910 R15: 0000000000000000
 lock_is_held include/linux/lockdep.h:249 [inline]
 mt_locked lib/maple_tree.c:708 [inline]
 mt_slot lib/maple_tree.c:715 [inline]
 mas_slot lib/maple_tree.c:748 [inline]
 mas_get_slot lib/maple_tree.c:6406 [inline]
 mas_validate_gaps lib/maple_tree.c:6674 [inline]
 mt_validate+0x1f9e/0x31e0 lib/maple_tree.c:6950
 validate_mm+0xa8/0x4e0 mm/vma.c:652
 __split_vma+0xa71/0xd90 mm/vma.c:570
 vms_gather_munmap_vmas+0x3a5/0x1720 mm/vma.c:1448
 __mmap_setup mm/vma.c:2439 [inline]
 __mmap_region+0x4aa/0x2da0 mm/vma.c:2753
 mmap_region+0x35d/0x620 mm/vma.c:2857
 do_mmap+0xc63/0x12f0 mm/mmap.c:560
 vm_mmap_pgoff+0x29e/0x470 mm/util.c:581
 ksys_mmap_pgoff+0x3cb/0x610 mm/mmap.c:606
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc8b7071242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007ffdd1489128 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fc8b6fa2000 RCX: 00007fc8b7071242
RDX: 0000000000000005 RSI: 000000000000f000 RDI: 00007fc8b6fa2000
RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000004000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffdd1489178
R13: 00007fc8b7045b20 R14: 00007ffdd1489560 R15: 00000fffba291228
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 48 8b             	add    %cl,-0x75(%rax)
   3:	04 24                	add    $0x24,%al
   5:	48 8b 90 b0 00 00 00 	mov    0xb0(%rax),%rdx
   c:	e9 73 ff ff ff       	jmp    0xffffff84
  11:	bb ed ff ff ff       	mov    $0xffffffed,%ebx
  16:	e9 be f2 ff ff       	jmp    0xfffff2d9
  1b:	e8 4d ba b3 fa       	call   0xfab3ba6d
  20:	48 8d 3d e6 2b 90 09 	lea    0x9902be6(%rip),%rdi        # 0x9902c0d
  27:	48 89 de             	mov    %rbx,%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	bb f0 ff ff ff       	mov    $0xfffffff0,%ebx
  34:	e9 a0 f2 ff ff       	jmp    0xfffff2d9
  39:	c7                   	.byte 0xc7
  3a:	44 24 30             	rex.R and $0x30,%al
  3d:	00 00                	add    %al,(%rax)