program: syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0xd1, 0xa0, 0x5e, 0x20, 0xccd, 0x102, 0x890e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x54, 0x40, 0x1, "", [{{0x9, 0x4, 0xbc, 0x80, 0x0, 0xc, 0xf1, 0xc7, 0x7f}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000300)={&(0x7f0000000000)=[{0x1900, 0x3000, 0x0, 0x0}, {0xecaa, 0x201, 0x0, 0x0}], 0x2}) [ 93.276558][ T5300] Bluetooth: hci0: command tx timeout [ 93.635755][ T5320] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 93.785564][ T5320] usb 5-1: Using ep0 maxpacket: 32 [ 93.790716][ T5320] usb 5-1: unable to get BOS descriptor or descriptor too short [ 93.796218][ T5320] usb 5-1: config 8 has an invalid interface number: 188 but max is 0 [ 93.800078][ T5320] usb 5-1: config 8 has no interface number 0 [ 93.802961][ T5320] usb 5-1: config 8 interface 188 has no altsetting 0 [ 93.809349][ T5320] usb 5-1: string descriptor 0 read error: -22 [ 93.812674][ T5320] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e [ 93.816747][ T5320] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.852748][ T5320] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state. [ 93.861102][ T5320] dw2102: su3000_power_ctrl: 1, initialized 0 [ 93.869257][ T5320] dvb-usb: bulk message failed: -22 (2/0) [ 93.893385][ T5320] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 93.899893][ T5320] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3) [ 93.903460][ T5320] usb 5-1: media controller created [ 93.907480][ T5320] dvb-usb: bulk message failed: -22 (6/0) [ 93.912047][ T5320] dw2102: i2c transfer failed. [ 93.914814][ T5320] dvb-usb: bulk message failed: -22 (6/0) [ 93.918560][ T5320] dw2102: i2c transfer failed. [ 93.921388][ T5320] dvb-usb: bulk message failed: -22 (6/0) [ 93.923960][ T5320] dw2102: i2c transfer failed. [ 93.926446][ T5320] dvb-usb: bulk message failed: -22 (6/0) [ 93.928974][ T5320] dw2102: i2c transfer failed. [ 93.931103][ T5320] dvb-usb: bulk message failed: -22 (6/0) [ 93.933755][ T5320] dw2102: i2c transfer failed. [ 93.936416][ T5320] dvb-usb: bulk message failed: -22 (6/0) [ 93.938956][ T5320] dw2102: i2c transfer failed. [ 93.941011][ T5320] dvb-usb: MAC address: 02:02:02:02:02:02 [ 93.956952][ T5320] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 93.981564][ T5320] dvb-usb: bulk message failed: -22 (3/0) [ 93.988175][ T5320] dw2102: command 0x0e transfer failed. [ 93.991127][ T5320] dvb-usb: bulk message failed: -22 (3/0) [ 93.993799][ T5320] dw2102: command 0x0e transfer failed. [ 94.307197][ T5320] dvb-usb: bulk message failed: -22 (3/0) [ 94.309952][ T5320] dw2102: command 0x0e transfer failed. [ 94.312631][ T5320] dvb-usb: bulk message failed: -22 (3/0) [ 94.316210][ T5320] dw2102: command 0x0e transfer failed. [ 94.318981][ T5320] dvb-usb: bulk message failed: -22 (1/0) [ 94.321629][ T5320] dw2102: command 0x51 transfer failed. [ 94.326415][ T5322] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI [ 94.331677][ T5322] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 94.335387][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 94.339294][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 94.343180][ T5322] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0 [ 94.345869][ T5322] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 3d 94 37 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42 [ 94.353828][ T5322] RSP: 0018:ffffc9000df97bb0 EFLAGS: 00010202 [ 94.356442][ T5322] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 94.359703][ T5322] RDX: ffffffff87f9a755 RSI: ffffffff8f973bb0 RDI: 0000000000001900 [ 94.363077][ T5322] RBP: 0000000000000000 R08: ffff888000264a00 R09: 0000000000000002 [ 94.366310][ T5322] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 94.369374][ T5322] R13: 1ffff11006d46fc8 R14: 0000000000000002 R15: ffff888036a37e48 [ 94.373051][ T5322] FS: 00007f9fdaeed6c0(0000) GS:ffff88808c832000(0000) knlGS:0000000000000000 [ 94.377128][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.380001][ T5322] CR2: 00007f9fda211ea8 CR3: 0000000048fe9000 CR4: 0000000000352ef0 [ 94.383336][ T5322] Call Trace: [ 94.384781][ T5322] [ 94.386120][ T5322] __i2c_transfer+0x79a/0x1f70 [ 94.388155][ T5322] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 94.390700][ T5322] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 94.393359][ T5322] ? i2c_transfer+0xc8/0x2d0 [ 94.395574][ T5322] i2c_transfer+0x1cc/0x2d0 [ 94.397874][ T5322] i2cdev_ioctl_rdwr+0x460/0x740 [ 94.400343][ T5322] i2cdev_ioctl+0x6a5/0x880 [ 94.402484][ T5322] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 94.404657][ T5322] ? __fget_files+0x3a0/0x420 [ 94.406782][ T5322] ? __fget_files+0x2a/0x420 [ 94.408795][ T5322] ? bpf_lsm_file_ioctl+0x9/0x20 [ 94.410942][ T5322] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 94.413232][ T5322] __se_sys_ioctl+0xfc/0x170 [ 94.415464][ T5322] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.418289][ T5322] do_syscall_64+0x15f/0xf80 [ 94.420442][ T5322] ? trace_irq_disable+0x3b/0x140 [ 94.422655][ T5322] ? clear_bhb_loop+0x40/0x90 [ 94.424601][ T5322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.426734][ T5322] RIP: 0033:0x7f9fd9f9c819 [ 94.428632][ T5322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.436570][ T5322] RSP: 002b:00007f9fdaeecfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 94.440688][ T5322] RAX: ffffffffffffffda RBX: 00007f9fda215fa0 RCX: 00007f9fd9f9c819 [ 94.444471][ T5322] RDX: 0000200000000300 RSI: 0000000000000707 RDI: 0000000000000004 [ 94.447816][ T5322] RBP: 00007f9fda032c91 R08: 0000000000000000 R09: 0000000000000000 [ 94.451194][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.454774][ T5322] R13: 00007f9fda216038 R14: 00007f9fda215fa0 R15: 00007fff7a6f70f8 [ 94.458669][ T5322] [ 94.460265][ T5322] Modules linked in: [ 94.462865][ T5322] ---[ end trace 0000000000000000 ]--- [ 94.485056][ T5322] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0 [ 94.497851][ T5320] DVB: Unable to find symbol ds3000_attach() [ 94.503343][ T5320] dvb-usb: no frontend was attached by 'Terratec Cinergy S2 USB HD Rev.3' [ 94.507861][ T5322] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 3d 94 37 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42 [ 94.532688][ T5322] RSP: 0018:ffffc9000df97bb0 EFLAGS: 00010202 [ 94.536104][ T5322] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 94.539643][ T5322] RDX: ffffffff87f9a755 RSI: ffffffff8f973bb0 RDI: 0000000000001900 [ 94.543518][ T5322] RBP: 0000000000000000 R08: ffff888000264a00 R09: 0000000000000002 [ 94.548690][ T5322] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 94.552009][ T5322] R13: 1ffff11006d46fc8 R14: 0000000000000002 R15: ffff888036a37e48 [ 94.555738][ T5320] rc_core: IR keymap rc-su3000 not found [ 94.558477][ T5320] Registered IR keymap rc-empty [ 94.561317][ T5320] rc rc0: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0 [ 94.569383][ T5320] input: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input5 [ 94.581267][ T5322] FS: 00007f9fdaeed6c0(0000) GS:ffff88808c832000(0000) knlGS:0000000000000000 [ 94.589721][ T5320] dvb-usb: schedule remote query interval to 150 msecs. [ 94.596011][ T5322] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.603597][ T5320] dw2102: su3000_power_ctrl: 0, initialized 1 [ 94.606916][ T5322] CR2: 00007ffce4fbdfe4 CR3: 0000000048fe9000 CR4: 0000000000352ef0 [ 94.613876][ T5320] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully initialized and connected. [ 94.621474][ T5322] Kernel panic - not syncing: Fatal exception [ 94.624934][ T5322] Kernel Offset: disabled [ 94.626957][ T5322] Rebooting in 86400 seconds..