usb 5-1: USB disconnect, device number 2 ------------[ cut here ]------------ workqueue: work disable count underflowed WARNING: kernel/workqueue.c:4359 at work_offqd_enable kernel/workqueue.c:4359 [inline], CPU#0: kworker/0:4/5309 WARNING: kernel/workqueue.c:4359 at enable_work+0x1c7/0x230 kernel/workqueue.c:4530, CPU#0: kworker/0:4/5309 Modules linked in: CPU: 0 UID: 0 PID: 5309 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Workqueue: usb_hub_wq hub_event RIP: 0010:work_offqd_enable kernel/workqueue.c:4359 [inline] RIP: 0010:enable_work+0x1c7/0x230 kernel/workqueue.c:4530 Code: df dd 37 00 4d 85 f6 75 48 e8 d5 dd 37 00 eb 47 e8 ce dd 37 00 90 0f 0b 90 e9 bc fe ff ff e8 c0 dd 37 00 48 8d 3d 79 81 65 0e <67> 48 0f b9 3a e9 d2 fe ff ff e8 aa dd 37 00 90 0f 0b 90 e9 1d ff RSP: 0018:ffffc9000ac4f0e0 EFLAGS: 00010093 RAX: ffffffff818ca930 RBX: 0000000000000000 RCX: ffff8880126b8000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8ff22ab0 RBP: 0000000000000000 R08: ffff88803341873f R09: 1ffff110066830e7 R10: dffffc0000000000 R11: ffffed10066830e8 R12: 1ffff110066830e7 R13: 001fffffffc00001 R14: ffff888033418738 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005614a36e2a70 CR3: 000000003b9f6000 CR4: 0000000000352ef0 Call Trace: __cancel_work_sync+0xf7/0x110 kernel/workqueue.c:4400 thermal_zone_device_unregister+0x23e/0x3f0 drivers/thermal/thermal_core.c:1719 psy_unregister_thermal drivers/power/supply/power_supply_core.c:1551 [inline] power_supply_unregister+0xf9/0x140 drivers/power/supply/power_supply_core.c:1767 thunderstrike_destroy drivers/hid/hid-nvidia-shield.c:927 [inline] shield_remove+0x72/0x120 drivers/hid/hid-nvidia-shield.c:1104 hid_device_remove+0x228/0x370 drivers/hid/hid-core.c:-1 device_remove drivers/base/dd.c:571 [inline] __device_release_driver drivers/base/dd.c:1284 [inline] device_release_driver_internal+0x46f/0x860 drivers/base/dd.c:1307 bus_remove_device+0x34d/0x440 drivers/base/bus.c:616 device_del+0x527/0x8f0 drivers/base/core.c:3878 hid_remove_device drivers/hid/hid-core.c:3008 [inline] hid_destroy_device+0x6b/0x1b0 drivers/hid/hid-core.c:3030 usbhid_disconnect+0x9f/0xc0 drivers/hid/usbhid/hid-core.c:1477 usb_unbind_interface+0x26e/0x910 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:573 [inline] __device_release_driver drivers/base/dd.c:1284 [inline] device_release_driver_internal+0x4d9/0x860 drivers/base/dd.c:1307 bus_remove_device+0x34d/0x440 drivers/base/bus.c:616 device_del+0x527/0x8f0 drivers/base/core.c:3878 usb_disable_device+0x3d4/0x8d0 drivers/usb/core/message.c:1418 usb_disconnect+0x32f/0x990 drivers/usb/core/hub.c:2345 hub_port_connect drivers/usb/core/hub.c:5407 [inline] hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] port_event drivers/usb/core/hub.c:5871 [inline] hub_event+0x1cc9/0x4f30 drivers/usb/core/hub.c:5953 process_one_work kernel/workqueue.c:3257 [inline] process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340 worker_thread+0xda6/0x1360 kernel/workqueue.c:3421 kthread+0x726/0x8b0 kernel/kthread.c:463 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: dd 37 fnsave (%rdi) 2: 00 4d 85 add %cl,-0x7b(%rbp) 5: f6 75 48 divb 0x48(%rbp) 8: e8 d5 dd 37 00 call 0x37dde2 d: eb 47 jmp 0x56 f: e8 ce dd 37 00 call 0x37dde2 14: 90 nop 15: 0f 0b ud2 17: 90 nop 18: e9 bc fe ff ff jmp 0xfffffed9 1d: e8 c0 dd 37 00 call 0x37dde2 22: 48 8d 3d 79 81 65 0e lea 0xe658179(%rip),%rdi # 0xe6581a2 * 29: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2e: e9 d2 fe ff ff jmp 0xffffff05 33: e8 aa dd 37 00 call 0x37dde2 38: 90 nop 39: 0f 0b ud2 3b: 90 nop 3c: e9 .byte 0xe9 3d: 1d .byte 0x1d 3e: ff .byte 0xff