BUG: sleeping function called from invalid context at drivers/usb/core/urb.c:705 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 3014, name: kworker/1:2 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 6 locks held by kworker/1:2/3014: #0: ffff888102ac2148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251 #1: ffffc9000155fd18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252 #2: ffff88810ab491e0 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #2: ffff88810ab491e0 (&dev->mutex){....}-{4:4}, at: hub_event+0x1bd/0x4af0 drivers/usb/core/hub.c:5899 #3: ffff88813a6741e0 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #3: ffff88813a6741e0 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1068 #4: ffff88811c8e31a8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #4: ffff88811c8e31a8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1068 #5: ffff88810ca85a68 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #5: ffff88810ca85a68 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1068 irq event stamp: 310837 hardirqs last enabled at (310836): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (310836): [] _raw_spin_unlock_irqrestore+0x52/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (310837): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (310837): [] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:162 softirqs last enabled at (310824): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (310824): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (310824): [] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 softirqs last disabled at (310833): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (310833): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (310833): [] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:463 [inline] [] handle_softirqs+0xf5/0x9d0 kernel/softirq.c:598 CPU: 1 UID: 0 PID: 3014 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120 __might_resched.cold+0x1ec/0x232 kernel/sched/core.c:8888 usb_kill_urb+0x8e/0x320 drivers/usb/core/urb.c:705 usb_tx_block+0x91/0x320 drivers/net/wireless/marvell/libertas/if_usb.c:429 if_usb_send_fw_pkt.isra.0+0x2e4/0x550 drivers/net/wireless/marvell/libertas/if_usb.c:366 if_usb_receive_fwload+0x5d3/0x780 drivers/net/wireless/marvell/libertas/if_usb.c:592 __usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657 usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741 dummy_timer+0xda1/0x36c0 drivers/usb/gadget/udc/dummy_hcd.c:2005 __run_hrtimer kernel/time/hrtimer.c:1785 [inline] __hrtimer_run_queues+0x50e/0xa70 kernel/time/hrtimer.c:1849 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1866 handle_softirqs+0x1de/0x9d0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0x8f/0xb0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:hid_parser_main+0x305/0xc30 drivers/hid/hid-core.c:649 Code: cc 00 00 00 89 c5 e9 ed fe ff ff e8 85 fd d2 fb 89 ea 31 f6 48 89 df e8 f9 e8 ff ff 4c 8d a3 cc 00 00 00 89 c5 e9 ce fe ff ff 66 fd d2 fb 4c 8d a3 cc 00 00 00 40 0f b6 ed 48 b8 00 00 00 00 RSP: 0018:ffffc9000155eaa8 EFLAGS: 00000246 RAX: 0000000000000002 RBX: ffffc90013fe9000 RCX: ffffffff85defcf5 RDX: 000000000000000a RSI: 000000000000000c RDI: ffff888132723b00 RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000000000c R10: 000000000000000a R11: 0000000000000000 R12: ffffc9000155eb60 R13: 000000000000000a R14: ffffc9000155eb66 R15: dffffc0000000000 hid_open_report+0x47a/0x770 drivers/hid/hid-core.c:1341 hid_parse include/linux/hid.h:1172 [inline] sony_probe+0x18f/0x630 drivers/hid/hid-sony.c:2190 __hid_device_probe drivers/hid/hid-core.c:2776 [inline] hid_device_probe+0x50e/0x800 drivers/hid/hid-core.c:2813 call_driver_probe drivers/base/dd.c:643 [inline] really_probe+0x241/0xa60 drivers/base/dd.c:721 __driver_probe_device+0x1de/0x400 drivers/base/dd.c:863 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:893 __device_attach_driver+0x1df/0x340 drivers/base/dd.c:1021 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4d0 drivers/base/dd.c:1093 device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1148 bus_probe_device+0x64/0x160 drivers/base/bus.c:613 device_add+0x11d9/0x1950 drivers/base/core.c:3691 hid_add_device+0x2bf/0x440 drivers/hid/hid-core.c:2952 usbhid_probe+0xd57/0x1350 drivers/hid/usbhid/hid-core.c:1450 usb_probe_interface+0x303/0x8f0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:643 [inline] really_probe+0x241/0xa60 drivers/base/dd.c:721 __driver_probe_device+0x1de/0x400 drivers/base/dd.c:863 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:893 __device_attach_driver+0x1df/0x340 drivers/base/dd.c:1021 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4d0 drivers/base/dd.c:1093 device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1148 bus_probe_device+0x64/0x160 drivers/base/bus.c:613 device_add+0x11d9/0x1950 drivers/base/core.c:3691 usb_set_configuration+0xd97/0x1c60 drivers/usb/core/message.c:2268 usb_generic_driver_probe+0xa1/0xe0 drivers/usb/core/generic.c:250 usb_probe_device+0xef/0x400 drivers/usb/core/driver.c:291 call_driver_probe drivers/base/dd.c:643 [inline] really_probe+0x241/0xa60 drivers/base/dd.c:721 __driver_probe_device+0x1de/0x400 drivers/base/dd.c:863 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:893 __device_attach_driver+0x1df/0x340 drivers/base/dd.c:1021 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4d0 drivers/base/dd.c:1093 device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1148 bus_probe_device+0x64/0x160 drivers/base/bus.c:613 device_add+0x11d9/0x1950 drivers/base/core.c:3691 usb_new_device.cold+0x685/0x115c drivers/usb/core/hub.c:2695 hub_port_connect drivers/usb/core/hub.c:5567 [inline] hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] port_event drivers/usb/core/hub.c:5871 [inline] hub_event+0x314d/0x4af0 drivers/usb/core/hub.c:5953 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276 process_scheduled_works kernel/workqueue.c:3359 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x6c3/0xcb0 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 BUG: scheduling while atomic: kworker/1:2/3014/0x00000101 6 locks held by kworker/1:2/3014: #0: ffff888102ac2148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251 #1: ffffc9000155fd18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252 #2: ffff88810ab491e0 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #2: ffff88810ab491e0 (&dev->mutex){....}-{4:4}, at: hub_event+0x1bd/0x4af0 drivers/usb/core/hub.c:5899 #3: ffff88813a6741e0 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #3: ffff88813a6741e0 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1068 #4: ffff88811c8e31a8 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #4: ffff88811c8e31a8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1068 #5: ffff88810ca85a68 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline] #5: ffff88810ca85a68 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0 drivers/base/dd.c:1068 Modules linked in: irq event stamp: 310837 hardirqs last enabled at (310836): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (310836): [] _raw_spin_unlock_irqrestore+0x52/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (310837): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (310837): [] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:162 softirqs last enabled at (310824): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (310824): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (310824): [] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 softirqs last disabled at (310833): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (310833): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (310833): [] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:463 [inline] [] handle_softirqs+0xf5/0x9d0 kernel/softirq.c:598 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 00 00 add %al,(%rax) 2: 89 c5 mov %eax,%ebp 4: e9 ed fe ff ff jmp 0xfffffef6 9: e8 85 fd d2 fb call 0xfbd2fd93 e: 89 ea mov %ebp,%edx 10: 31 f6 xor %esi,%esi 12: 48 89 df mov %rbx,%rdi 15: e8 f9 e8 ff ff call 0xffffe913 1a: 4c 8d a3 cc 00 00 00 lea 0xcc(%rbx),%r12 21: 89 c5 mov %eax,%ebp 23: e9 ce fe ff ff jmp 0xfffffef6 * 28: e8 66 fd d2 fb call 0xfbd2fd93 <-- trapping instruction 2d: 4c 8d a3 cc 00 00 00 lea 0xcc(%rbx),%r12 34: 40 0f b6 ed movzbl %bpl,%ebp 38: 48 rex.W 39: b8 00 00 00 00 mov $0x0,%eax