cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff888028fd0500 submitted while active
WARNING: CPU: 1 PID: 4298 at drivers/usb/core/urb.c:379 usb_submit_urb+0x10b1/0x1990 drivers/usb/core/urb.c:379
Modules linked in:
CPU: 1 PID: 4298 Comm: kworker/1:3 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x10b1/0x1990 drivers/usb/core/urb.c:379
Code: 77 11 fb eb 4d e8 bf 77 11 fb e9 fc ef ff ff e8 b5 77 11 fb c6 05 a9 8e 0d 08 01 48 c7 c7 20 e3 ac 8b 4c 89 ee e8 5f 91 d9 fa <0f> 0b e9 c7 ef ff ff e8 93 77 11 fb eb 1a e8 8c 77 11 fb eb 13 e8
RSP: 0018:ffffc900001e07f8 EFLAGS: 00010046
RAX: 96e1e7bbcd7d8900 RBX: ffff888059aa1048 RCX: 0000000000040000
RDX: ffffc900022f2000 RSI: 0000000000015597 RDI: 0000000000015598
RBP: ffff888028fd0508 R08: ffffffff8152b84e R09: ffffed10171e4f1c
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff888028fd0500 R14: 0000000000000a20 R15: ffff888056662fa1
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f39c35b3000 CR3: 000000007719f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x6c4/0xc20 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x371/0x530 drivers/usb/core/hcd.c:1675
 dummy_timer+0x8dc/0x32b0 drivers/usb/gadget/udc/dummy_hcd.c:1994
 __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
 __hrtimer_run_queues+0x5e5/0xe50 kernel/time/hrtimer.c:1753
 hrtimer_run_softirq+0x196/0x2c0 kernel/time/hrtimer.c:1770
 handle_softirqs+0x2ee/0xa40 kernel/softirq.c:571
 __do_softirq kernel/softirq.c:605 [inline]
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x157/0x240 kernel/softirq.c:654
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:666
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x7b/0x290 mm/kasan/generic.c:189
Code: 00 00 00 00 fc ff df 4f 8d 34 1a 4c 89 f5 4c 29 cd 48 83 fd 10 7f 26 48 85 ed 0f 84 3a 01 00 00 49 f7 d2 49 01 da 41 80 39 00 <0f> 85 c4 01 00 00 49 ff c1 49 ff c2 75 ee e9 1d 01 00 00 45 89 cf
RSP: 0018:ffffc900046278d8 EFLAGS: 00000246
RAX: ffffffff86775c01 RBX: 1ffff1100505e060 RCX: ffffffff86775d84
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8880282f0300
RBP: 0000000000000001 R08: dffffc0000000000 R09: ffffed100505e060
R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: ffffed100505e061 R15: ffff8880282f0000
 instrument_atomic_read_write include/linux/instrumented.h:102 [inline]
 atomic_inc include/linux/atomic/atomic-instrumented.h:190 [inline]
 pm_runtime_get_noresume include/linux/pm_runtime.h:131 [inline]
 hub_event+0x7a4/0x5730 drivers/usb/core/hub.c:5852
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
----------------
Code disassembly (best guess), 6 bytes skipped:
   0:	df 4f 8d             	fisttps -0x73(%rdi)
   3:	34 1a                	xor    $0x1a,%al
   5:	4c 89 f5             	mov    %r14,%rbp
   8:	4c 29 cd             	sub    %r9,%rbp
   b:	48 83 fd 10          	cmp    $0x10,%rbp
   f:	7f 26                	jg     0x37
  11:	48 85 ed             	test   %rbp,%rbp
  14:	0f 84 3a 01 00 00    	je     0x154
  1a:	49 f7 d2             	not    %r10
  1d:	49 01 da             	add    %rbx,%r10
  20:	41 80 39 00          	cmpb   $0x0,(%r9)
* 24:	0f 85 c4 01 00 00    	jne    0x1ee <-- trapping instruction
  2a:	49 ff c1             	inc    %r9
  2d:	49 ff c2             	inc    %r10
  30:	75 ee                	jne    0x20
  32:	e9 1d 01 00 00       	jmp    0x154
  37:	45 89 cf             	mov    %r9d,%r15d