usb 5-1: new high-speed USB device number 2 using dummy_hcd
usb 5-1: Using ep0 maxpacket: 16
usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 5-1: config 0 descriptor??
shield 0003:0955:7214.0002: unknown main item tag 0x0
shield 0003:0955:7214.0002: unknown main item tag 0x0
shield 0003:0955:7214.0002: unknown main item tag 0x0
shield 0003:0955:7214.0002: unknown main item tag 0x0
shield 0003:0955:7214.0002: unknown main item tag 0x0
input: HID 0955:7214 Haptics as /devices/virtual/input/input5
shield 0003:0955:7214.0002: Registered Thunderstrike controller
shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
usb 5-1: USB disconnect, device number 2
------------[ cut here ]------------
workqueue: work disable count underflowed
WARNING: kernel/workqueue.c:4359 at work_offqd_enable kernel/workqueue.c:4359 [inline], CPU#0: kworker/0:4/5307
WARNING: kernel/workqueue.c:4359 at enable_work+0x1c7/0x230 kernel/workqueue.c:4530, CPU#0: kworker/0:4/5307
Modules linked in:
CPU: 0 UID: 0 PID: 5307 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: usb_hub_wq hub_event
RIP: 0010:work_offqd_enable kernel/workqueue.c:4359 [inline]
RIP: 0010:enable_work+0x1c7/0x230 kernel/workqueue.c:4530
Code: af e0 37 00 4d 85 f6 75 48 e8 a5 e0 37 00 eb 47 e8 9e e0 37 00 90 0f 0b 90 e9 bc fe ff ff e8 90 e0 37 00 48 8d 3d 99 88 65 0e <67> 48 0f b9 3a e9 d2 fe ff ff e8 7a e0 37 00 90 0f 0b 90 e9 1d ff
RSP: 0018:ffffc9000c85f0e0 EFLAGS: 00010093
RAX: ffffffff818ca930 RBX: 0000000000000000 RCX: ffff888000b10000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8ff231d0
RBP: 0000000000000000 R08: ffff8880338b973f R09: 1ffff110067172e7
R10: dffffc0000000000 R11: ffffed10067172e8 R12: 1ffff110067172e7
R13: 001fffffffc00001 R14: ffff8880338b9738 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88808cce8000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558c84d20340 CR3: 00000000411f8000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 __cancel_work_sync+0xf7/0x110 kernel/workqueue.c:4400
 thermal_zone_device_unregister+0x23e/0x3f0 drivers/thermal/thermal_core.c:1719
 psy_unregister_thermal drivers/power/supply/power_supply_core.c:1551 [inline]
 power_supply_unregister+0xf9/0x140 drivers/power/supply/power_supply_core.c:1767
 thunderstrike_destroy drivers/hid/hid-nvidia-shield.c:927 [inline]
 shield_remove+0x72/0x120 drivers/hid/hid-nvidia-shield.c:1104
 hid_device_remove+0x228/0x370 drivers/hid/hid-core.c:-1
 device_remove drivers/base/dd.c:571 [inline]
 __device_release_driver drivers/base/dd.c:1284 [inline]
 device_release_driver_internal+0x46f/0x860 drivers/base/dd.c:1307
 bus_remove_device+0x34d/0x440 drivers/base/bus.c:616
 device_del+0x527/0x8f0 drivers/base/core.c:3878
 hid_remove_device drivers/hid/hid-core.c:3008 [inline]
 hid_destroy_device+0x6b/0x1b0 drivers/hid/hid-core.c:3030
 usbhid_disconnect+0x9f/0xc0 drivers/hid/usbhid/hid-core.c:1477
 usb_unbind_interface+0x26e/0x910 drivers/usb/core/driver.c:458
 device_remove drivers/base/dd.c:573 [inline]
 __device_release_driver drivers/base/dd.c:1284 [inline]
 device_release_driver_internal+0x4d9/0x860 drivers/base/dd.c:1307
 bus_remove_device+0x34d/0x440 drivers/base/bus.c:616
 device_del+0x527/0x8f0 drivers/base/core.c:3878
 usb_disable_device+0x3d4/0x8d0 drivers/usb/core/message.c:1418
 usb_disconnect+0x32f/0x990 drivers/usb/core/hub.c:2345
 hub_port_connect drivers/usb/core/hub.c:5407 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x1cc9/0x4f30 drivers/usb/core/hub.c:5953
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
 worker_thread+0xda6/0x1360 kernel/workqueue.c:3421
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess):
   0:	af                   	scas   %es:(%rdi),%eax
   1:	e0 37                	loopne 0x3a
   3:	00 4d 85             	add    %cl,-0x7b(%rbp)
   6:	f6 75 48             	divb   0x48(%rbp)
   9:	e8 a5 e0 37 00       	call   0x37e0b3
   e:	eb 47                	jmp    0x57
  10:	e8 9e e0 37 00       	call   0x37e0b3
  15:	90                   	nop
  16:	0f 0b                	ud2
  18:	90                   	nop
  19:	e9 bc fe ff ff       	jmp    0xfffffeda
  1e:	e8 90 e0 37 00       	call   0x37e0b3
  23:	48 8d 3d 99 88 65 0e 	lea    0xe658899(%rip),%rdi        # 0xe6588c3
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	e9 d2 fe ff ff       	jmp    0xffffff06
  34:	e8 7a e0 37 00       	call   0x37e0b3
  39:	90                   	nop
  3a:	0f 0b                	ud2
  3c:	90                   	nop
  3d:	e9                   	.byte 0xe9
  3e:	1d                   	.byte 0x1d
  3f:	ff                   	.byte 0xff