cm109 1-1:0.0: cm109_urb_irq_callback: urb status -71
------------[ cut here ]------------
URB ffff8880171d1b00 submitted while active
WARNING: CPU: 0 PID: 3269 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e8/0x1880 drivers/usb/core/urb.c:378
Modules linked in:
CPU: 0 PID: 3269 Comm: kworker/0:3 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Workqueue: usb_hub_wq hub_event
RIP: 0010:usb_submit_urb+0x14e8/0x1880 drivers/usb/core/urb.c:378
Code: 89 de e8 8b 06 e9 fb 84 db 0f 85 a3 f3 ff ff e8 fe 09 e9 fb 4c 89 fe 48 c7 c7 00 6a 91 8a c6 05 25 0d 39 08 01 e8 d7 8b ac 03 <0f> 0b e9 81 f3 ff ff 48 89 7c 24 40 e8 d7 09 e9 fb 48 8b 7c 24 40
RSP: 0018:ffffc900000079d8 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88807bd201c0 RSI: ffffffff81605668 RDI: fffff52000000f2d
RBP: ffff88801fd9fb80 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000101 R11: 6666666620425255 R12: 0000000000000046
R13: ffff88802008d058 R14: 00000000fffffff0 R15: ffff8880171d1b00
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc4c20f9b68 CR3: 000000000bc8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 cm109_urb_irq_callback+0x2e6/0xaa0 drivers/input/misc/cm109.c:422
 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1671
 usb_hcd_giveback_urb+0x380/0x430 drivers/usb/core/hcd.c:1754
 dummy_timer+0x11ff/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
 call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
 __run_timers kernel/time/timer.c:1768 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
 __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:kasan_check_range+0x16/0x180 mm/kasan/generic.c:188
Code: ff ff 89 43 08 5b 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 85 f6 0f 84 3c 01 00 00 49 89 f9 41 54 44 0f b6 c2 49 01 f1 55 <53> 0f 82 18 01 00 00 48 b8 ff ff ff ff ff 7f ff ff 48 39 c7 0f 86
RSP: 0018:ffffc900030cf750 EFLAGS: 00000286
RAX: 0000000000000000 RBX: ffff8880174191d0 RCX: ffffffff81fc4941
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8880174191d0
RBP: ffff8880174191d0 R08: 0000000000000001 R09: ffff8880174191d4
R10: 0000000000000002 R11: 000000000008c07d R12: dffffc0000000000
R13: ffff8880174191d0 R14: 0000000000000000 R15: ffff888017419210
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:575 [inline]
 kernfs_put+0x21/0x50 fs/kernfs/dir.c:531
 __kernfs_remove+0x456/0x600 fs/kernfs/dir.c:1440
 kernfs_remove_by_name_ns+0xb0/0x120 fs/kernfs/dir.c:1626
 kernfs_remove_by_name include/linux/kernfs.h:618 [inline]
 remove_files+0x96/0x1c0 fs/sysfs/group.c:28
 sysfs_remove_group+0x87/0x170 fs/sysfs/group.c:288
 sysfs_remove_groups fs/sysfs/group.c:312 [inline]
 sysfs_remove_groups+0x5c/0xa0 fs/sysfs/group.c:304
 device_remove_groups drivers/base/core.c:2579 [inline]
 device_remove_attrs+0x192/0x290 drivers/base/core.c:2793
 device_del+0x4eb/0xc80 drivers/base/core.c:3703
 usb_disable_device+0x356/0x7a0 drivers/usb/core/message.c:1419
 usb_disconnect.cold+0x259/0x6ed drivers/usb/core/hub.c:2235
 hub_port_connect drivers/usb/core/hub.c:5197 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
 port_event drivers/usb/core/hub.c:5653 [inline]
 hub_event+0x1f86/0x45e0 drivers/usb/core/hub.c:5735
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	ff 89 43 08 5b 5d    	decl   0x5d5b0843(%rcx)
   6:	c3                   	retq
   7:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
   e:	00 00 00 00
  12:	90                   	nop
  13:	48 85 f6             	test   %rsi,%rsi
  16:	0f 84 3c 01 00 00    	je     0x158
  1c:	49 89 f9             	mov    %rdi,%r9
  1f:	41 54                	push   %r12
  21:	44 0f b6 c2          	movzbl %dl,%r8d
  25:	49 01 f1             	add    %rsi,%r9
  28:	55                   	push   %rbp
* 29:	53                   	push   %rbx <-- trapping instruction
  2a:	0f 82 18 01 00 00    	jb     0x148
  30:	48 b8 ff ff ff ff ff 	movabs $0xffff7fffffffffff,%rax
  37:	7f ff ff
  3a:	48 39 c7             	cmp    %rax,%rdi
  3d:	0f                   	.byte 0xf
  3e:	86                   	.byte 0x86