------------[ cut here ]------------
URB ffff888133772300 submitted while active
WARNING: drivers/usb/core/urb.c:380 at usb_submit_urb+0x15fa/0x1910 drivers/usb/core/urb.c:380, CPU#0: kworker/0:4/5261
Modules linked in:
CPU: 0 UID: 0 PID: 5261 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events request_firmware_work_func
RIP: 0010:usb_submit_urb+0x15fd/0x1910 drivers/usb/core/urb.c:380
Code: 00 48 8b 04 24 48 8b 90 b0 00 00 00 e9 73 ff ff ff bb ed ff ff ff e9 be f2 ff ff e8 8d 5c da fc 48 8d 3d 76 14 fc 05 48 89 de <67> 48 0f b9 3a bb f0 ff ff ff e9 a0 f2 ff ff c7 44 24 30 00 00 00
RSP: 0018:ffffc900022bf8d0 EFLAGS: 00010293

RAX: 0000000000000000 RBX: ffff888133772300 RCX: ffffffff844a6fb6
RDX: ffff8881146d8000 RSI: ffff888133772300 RDI: ffffffff8ad2f3f0
RBP: ffff888133772300 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000c0036700
R13: 0000000000000010 R14: ffff888120934000 R15: ffff8881349ec000
FS:  0000000000000000(0000) GS:ffff88826896a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1227756b8 CR3: 0000000117bce000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 usb_tx_block+0x241/0x2e0 drivers/net/wireless/marvell/libertas/if_usb.c:436
 if_usb_issue_boot_command drivers/net/wireless/marvell/libertas/if_usb.c:766 [inline]
 if_usb_prog_firmware+0x571/0xfa0 drivers/net/wireless/marvell/libertas/if_usb.c:859
 lbs_fw_loaded drivers/net/wireless/marvell/libertas/firmware.c:23 [inline]
 helper_firmware_cb drivers/net/wireless/marvell/libertas/firmware.c:80 [inline]
 helper_firmware_cb+0x202/0x2e0 drivers/net/wireless/marvell/libertas/firmware.c:64
 request_firmware_work_func+0x13c/0x250 drivers/base/firmware_loader/main.c:1152
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x6c3/0xa20 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 48 8b             	add    %cl,-0x75(%rax)
   3:	04 24                	add    $0x24,%al
   5:	48 8b 90 b0 00 00 00 	mov    0xb0(%rax),%rdx
   c:	e9 73 ff ff ff       	jmp    0xffffff84
  11:	bb ed ff ff ff       	mov    $0xffffffed,%ebx
  16:	e9 be f2 ff ff       	jmp    0xfffff2d9
  1b:	e8 8d 5c da fc       	call   0xfcda5cad
  20:	48 8d 3d 76 14 fc 05 	lea    0x5fc1476(%rip),%rdi        # 0x5fc149d
  27:	48 89 de             	mov    %rbx,%rsi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	bb f0 ff ff ff       	mov    $0xfffffff0,%ebx
  34:	e9 a0 f2 ff ff       	jmp    0xfffff2d9
  39:	c7                   	.byte 0xc7
  3a:	44 24 30             	rex.R and $0x30,%al
  3d:	00 00                	add    %al,(%rax)