input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input10
list_add double add: new=ffff88805a3ded18, prev=ffff88805a3ded18, next=ffff88802249c078.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:35!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5989 Comm: kworker/0:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: usb_hub_wq hub_event
RIP: 0010:__list_add_valid_or_report.cold+0x34/0x36 lib/list_debug.c:35
Code: ec ff 90 0f 0b 48 c7 c7 20 f0 1a 8c e8 b9 16 ec ff 90 0f 0b 48 89 d9 4c 89 ea 48 89 ee 48 c7 c7 60 f2 1a 8c e8 a1 16 ec ff 90 <0f> 0b 48 89 de 48 c7 c7 20 f3 1a 8c e8 8f 16 ec ff 90 0f 0b 48 89
RSP: 0018:ffffc90003106cf8 EFLAGS: 00010082
RAX: 0000000000000058 RBX: ffff88802249c078 RCX: 0000000000000000
RDX: 0000000000000058 RSI: ffffffff81e78a69 RDI: fffff52000620d90
RBP: ffff88805a3ded18 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000002 R11: 000000000000760b R12: ffff88802249c080
R13: ffff88805a3ded18 R14: 0000000000000000 R15: ffff88805a3ded18
FS:  0000000000000000(0000) GS:ffff8880d634a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fbeef72a18 CR3: 000000005c567000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 __list_add_valid include/linux/list.h:96 [inline]
 __list_add include/linux/list.h:158 [inline]
 list_add_tail include/linux/list.h:191 [inline]
 usb_hcd_link_urb_to_ep+0x220/0x3a0 drivers/usb/core/hcd.c:1154
 dummy_urb_enqueue+0x2b5/0x880 drivers/usb/gadget/udc/dummy_hcd.c:1288
 usb_hcd_submit_urb+0x26c/0x2150 drivers/usb/core/hcd.c:1542
 usb_submit_urb+0x8aa/0x1910 drivers/usb/core/urb.c:586
 cm109_input_open+0x27a/0x450 drivers/input/misc/cm109.c:566
 input_open_device+0x24c/0x3d0 drivers/input/input.c:601
 kbd_connect+0x124/0x180 drivers/tty/vt/keyboard.c:1563
 input_attach_handler.isra.0+0x177/0x1e0 drivers/input/input.c:994
 input_register_device.cold+0x139/0x375 drivers/input/input.c:2378
 cm109_usb_probe+0x128d/0x17f0 drivers/input/misc/cm109.c:797
 usb_probe_interface+0x303/0x8f0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:583 [inline]
 really_probe+0x241/0xa60 drivers/base/dd.c:661
 __driver_probe_device+0x1de/0x400 drivers/base/dd.c:803
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:833
 __device_attach_driver+0x1ff/0x3e0 drivers/base/dd.c:961
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500
 __device_attach+0x1e4/0x4d0 drivers/base/dd.c:1033
 device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1088
 bus_probe_device+0x64/0x160 drivers/base/bus.c:574
 device_add+0x11d9/0x1950 drivers/base/core.c:3689
 usb_set_configuration+0xd97/0x1c60 drivers/usb/core/message.c:2208
 usb_generic_driver_probe+0xa1/0xe0 drivers/usb/core/generic.c:250
 usb_probe_device+0xef/0x400 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:583 [inline]
 really_probe+0x241/0xa60 drivers/base/dd.c:661
 __driver_probe_device+0x1de/0x400 drivers/base/dd.c:803
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:833
 __device_attach_driver+0x1ff/0x3e0 drivers/base/dd.c:961
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500
 __device_attach+0x1e4/0x4d0 drivers/base/dd.c:1033
 device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1088
 bus_probe_device+0x64/0x160 drivers/base/bus.c:574
 device_add+0x11d9/0x1950 drivers/base/core.c:3689
 usb_new_device.cold+0x685/0x115c drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x314d/0x4af0 drivers/usb/core/hub.c:5953
 process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
 process_scheduled_works kernel/workqueue.c:3358 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3439
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_add_valid_or_report.cold+0x34/0x36 lib/list_debug.c:35
Code: ec ff 90 0f 0b 48 c7 c7 20 f0 1a 8c e8 b9 16 ec ff 90 0f 0b 48 89 d9 4c 89 ea 48 89 ee 48 c7 c7 60 f2 1a 8c e8 a1 16 ec ff 90 <0f> 0b 48 89 de 48 c7 c7 20 f3 1a 8c e8 8f 16 ec ff 90 0f 0b 48 89
RSP: 0018:ffffc90003106cf8 EFLAGS: 00010082
RAX: 0000000000000058 RBX: ffff88802249c078 RCX: 0000000000000000
RDX: 0000000000000058 RSI: ffffffff81e78a69 RDI: fffff52000620d90
RBP: ffff88805a3ded18 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000002 R11: 000000000000760b R12: ffff88802249c080
R13: ffff88805a3ded18 R14: 0000000000000000 R15: ffff88805a3ded18
FS:  0000000000000000(0000) GS:ffff8880d634a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fbeef72a18 CR3: 000000005c567000 CR4: 0000000000352ef0