usb 1-1: Manufacturer: syz usb 1-1: SerialNumber: syz usb 1-1: config 0 descriptor?? smsusb:smsusb_probe: board id=8, interface number 0 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1522 at kernel/workqueue.c:3167 __flush_work+0x1b4/0x1c0 Modules linked in: CPU: 0 PID: 1522 Comm: kworker/0:2 Not tainted 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: usb_hub_wq hub_event pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __flush_work+0x1b4/0x1c0 lr : __flush_work+0x1b0/0x1c0 kernel/workqueue.c:3167 sp : ffff800022526580 x29: ffff8000225266b0 x28: 0000000000000000 x27: ffff8000225267e8 x26: 0000000000000001 x25: 1fffe00018c1a41d x24: dfff800000000000 x23: ffff7000044a4cb0 x22: ffff0000c60d2100 x21: ffff8000225265a0 x20: 0000000000000001 x19: ffff0000c60d20e8 x18: ffff8000225264a0 x17: 0000000000000000 x16: ffff8000123b0580 x15: ffff80000c3e8d34 x14: ffff80000c3f3b50 x13: 0000000000000000 x12: 0000000000000001 x11: ff80800008226e4c x10: 0000000000000000 x9 : ffff800008226e4c x8 : ffff0000cc16b680 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000000 x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: __flush_work+0x1b4/0x1c0 __cancel_work_timer+0x3e4/0x540 kernel/workqueue.c:3261 cancel_work_sync+0x24/0x38 kernel/workqueue.c:3297 smsusb_stop_streaming drivers/media/usb/siano/smsusb.c:182 [inline] smsusb_term_device+0x98/0x1cc drivers/media/usb/siano/smsusb.c:344 smsusb_init_device drivers/media/usb/siano/smsusb.c:419 [inline] smsusb_probe+0xcb8/0x1a0c drivers/media/usb/siano/smsusb.c:567 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xa7c drivers/base/dd.c:631 __driver_probe_device+0x1bc/0x3f8 drivers/base/dd.c:768 driver_probe_device+0x78/0x330 drivers/base/dd.c:798 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:926 bus_for_each_drv+0x228/0x2bc drivers/base/bus.c:457 __device_attach+0x2b4/0x434 drivers/base/dd.c:998 device_initial_probe+0x24/0x34 drivers/base/dd.c:1047 bus_probe_device+0x178/0x240 drivers/base/bus.c:532 device_add+0xabc/0xf58 drivers/base/core.c:3589 usb_set_configuration+0x15a4/0x1b1c drivers/usb/core/message.c:2171 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xa7c drivers/base/dd.c:631 __driver_probe_device+0x1bc/0x3f8 drivers/base/dd.c:768 driver_probe_device+0x78/0x330 drivers/base/dd.c:798 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:926 bus_for_each_drv+0x228/0x2bc drivers/base/bus.c:457 __device_attach+0x2b4/0x434 drivers/base/dd.c:998 device_initial_probe+0x24/0x34 drivers/base/dd.c:1047 bus_probe_device+0x178/0x240 drivers/base/bus.c:532 device_add+0xabc/0xf58 drivers/base/core.c:3589 usb_new_device+0x904/0x142c drivers/usb/core/hub.c:2575 hub_port_connect drivers/usb/core/hub.c:5407 [inline] hub_port_connect_change drivers/usb/core/hub.c:5551 [inline] port_event drivers/usb/core/hub.c:5711 [inline] hub_event+0x25e4/0x474c drivers/usb/core/hub.c:5793 process_one_work+0x868/0x16f4 kernel/workqueue.c:2390 worker_thread+0x8e0/0xfe8 kernel/workqueue.c:2537 kthread+0x24c/0x2d4 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 irq event stamp: 112674 hardirqs last enabled at (112673): [] __cancel_work_timer+0x3a4/0x540 kernel/workqueue.c:3254 hardirqs last disabled at (112674): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (109338): [] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (109338): [] __do_softirq+0xd64/0xfbc kernel/softirq.c:600 softirqs last disabled at (109327): [] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1522 at kernel/workqueue.c:3167 __flush_work+0x1b4/0x1c0 Modules linked in: CPU: 0 PID: 1522 Comm: kworker/0:2 Tainted: G W 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: usb_hub_wq hub_event pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __flush_work+0x1b4/0x1c0 lr : __flush_work+0x1b0/0x1c0 kernel/workqueue.c:3167 sp : ffff800022526580 x29: ffff8000225266b0 x28: 0000000000000000 x27: ffff8000225267e8 x26: 0000000000000001 x25: 1fffe00018c1a441 x24: dfff800000000000 x23: ffff7000044a4cb0 x22: ffff0000c60d2220 x21: ffff8000225265a0 x20: 0000000000000001 x19: ffff0000c60d2208 x18: ffff8000225264a0 x17: 0000000000000000 x16: ffff8000123b0580 x15: ffff80000c3e8d34 x14: ffff80000c3f3b50 x13: 0000000000000000 x12: 0000000000000001 x11: ff80800008226e4c x10: 0000000000000000 x9 : ffff800008226e4c x8 : ffff0000cc16b680 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000000 x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: __flush_work+0x1b4/0x1c0 __cancel_work_timer+0x3e4/0x540 kernel/workqueue.c:3261 cancel_work_sync+0x24/0x38 kernel/workqueue.c:3297 smsusb_stop_streaming drivers/media/usb/siano/smsusb.c:182 [inline] smsusb_term_device+0x98/0x1cc drivers/media/usb/siano/smsusb.c:344 smsusb_init_device drivers/media/usb/siano/smsusb.c:419 [inline] smsusb_probe+0xcb8/0x1a0c drivers/media/usb/siano/smsusb.c:567 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396 really_probe+0x394/0xa7c drivers/base/dd.c:631 __driver_probe_device+0x1bc/0x3f8 drivers/base/dd.c:768 driver_probe_device+0x78/0x330 drivers/base/dd.c:798 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:926 bus_for_each_drv+0x228/0x2bc drivers/base/bus.c:457 __device_attach+0x2b4/0x434 drivers/base/dd.c:998 device_initial_probe+0x24/0x34 drivers/base/dd.c:1047 bus_probe_device+0x178/0x240 drivers/base/bus.c:532 device_add+0xabc/0xf58 drivers/base/core.c:3589 usb_set_configuration+0x15a4/0x1b1c drivers/usb/core/message.c:2171 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293 really_probe+0x394/0xa7c drivers/base/dd.c:631 __driver_probe_device+0x1bc/0x3f8 drivers/base/dd.c:768 driver_probe_device+0x78/0x330 drivers/base/dd.c:798 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:926 bus_for_each_drv+0x228/0x2bc drivers/base/bus.c:457 __device_attach+0x2b4/0x434 drivers/base/dd.c:998 device_initial_probe+0x24/0x34 drivers/base/dd.c:1047 bus_probe_device+0x178/0x240 drivers/base/bus.c:532 device_add+0xabc/0xf58 drivers/base/core.c:3589 usb_new_device+0x904/0x142c drivers/usb/core/hub.c:2575 hub_port_connect drivers/usb/core/hub.c:5407 [inline] hub_port_connect_change drivers/usb/core/hub.c:5551 [inline] port_event drivers/usb/core/hub.c:5711 [inline] hub_event+0x25e4/0x474c drivers/usb/core/hub.c:5793 process_one_work+0x868/0x16f4 kernel/workqueue.c:2390 worker_thread+0x8e0/0xfe8 kernel/workqueue.c:2537 kthread+0x24c/0x2d4 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 irq event stamp: 112700 hardirqs last enabled at (112699): [] __cancel_work_timer+0x3a4/0x540 kernel/workqueue.c:3254 hardirqs last disabled at (112700): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (112692): [] softirq_handle_end kernel/softirq.c:414 [inline] softirqs last enabled at (112692): [] __do_softirq+0xd64/0xfbc kernel/softirq.c:600 softirqs last disabled at (112677): [] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1522 at kernel/workqueue.c:3167 __flush_work+0x1b4/0x1c0 Modules linked in: CPU: 0 PID: 1522 Comm: kworker/0:2 Tainted: G W 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: usb_hub_wq hub_event pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __flush_work+0x1b4/0x1c0 lr : __flush_work+0x1b0/0x1c0 kernel/workqueue.c:3167 sp : ffff800022526580 x29: ffff8000225266b0 x28: 0000000000000000 x27: ffff8000225267e8 x26: 0000000000000001 x25: 1fffe00018c1a465 x24: dfff800000000000 x23: ffff7000044a4cb0 x22: ffff0000c60d2340 x21: ffff8000225265a0 x20: 0000000000000001 x19: ffff0000c60d2328 x18: ffff8000225264a0 x17: 0000000000000000 x16: ffff8000123b0580 x15: ffff80000c3e8d34 x14: ffff80000c3f3b50 x13: 0000000000000000 x12: 0000000000000001 x11: ff80800008226e4c x10: 0000000000000000 x9 : ffff800008226e4c x8 : ffff0000cc16b680 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000000 x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: __flush_work+0x1b4/0x1c0 __cancel_work_timer+