program:
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010102d1a05e20cd0c02010e89010203010902120001085440010904"], &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x2, 0x40402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000001640)={&(0x7f0000001600)=[{0x1900, 0x1010, 0x0, 0x0}], 0x1})

[  103.254178][   T44] Bluetooth: hci0: command tx timeout
[  103.590100][   T53] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  103.740037][   T53] usb 5-1: Using ep0 maxpacket: 32
[  103.746402][   T53] usb 5-1: unable to get BOS descriptor or descriptor too short
[  103.756245][   T53] usb 5-1: string descriptor 0 read error: -22
[  103.759160][   T53] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e
[  103.763707][   T53] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.796746][   T53] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state.
[  103.811184][   T53] dw2102: su3000_power_ctrl: 1, initialized 0
[  103.823594][   T53] dvb-usb: bulk message failed: -22 (2/0)
[  103.854563][   T53] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  103.871996][   T53] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3)
[  103.882302][   T53] usb 5-1: media controller created
[  103.889424][   T53] dvb-usb: bulk message failed: -22 (6/0)
[  103.899547][   T53] dw2102: i2c transfer failed.
[  103.903223][   T53] dvb-usb: bulk message failed: -22 (6/0)
[  103.906244][   T53] dw2102: i2c transfer failed.
[  103.908344][   T53] dvb-usb: bulk message failed: -22 (6/0)
[  103.912959][   T53] dw2102: i2c transfer failed.
[  103.915917][   T53] dvb-usb: bulk message failed: -22 (6/0)
[  103.918293][   T53] dw2102: i2c transfer failed.
[  103.921085][   T53] dvb-usb: bulk message failed: -22 (6/0)
[  103.924334][   T53] dw2102: i2c transfer failed.
[  103.926562][   T53] dvb-usb: bulk message failed: -22 (6/0)
[  103.929173][   T53] dw2102: i2c transfer failed.
[  103.932279][   T53] dvb-usb: MAC address: 02:02:02:02:02:02
[  103.957547][   T53] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  104.002145][ T5327] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI
[  104.007340][ T5327] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[  104.010878][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  104.014918][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.019384][ T5327] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[  104.022204][ T5327] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 0d 64 34 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[  104.030632][ T5327] RSP: 0018:ffffc90006ab7bb0 EFLAGS: 00010202
[  104.033340][ T5327] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[  104.036942][ T5327] RDX: ffffffff87fe1865 RSI: ffffffff8f9795b0 RDI: 0000000000001900
[  104.040562][ T5327] RBP: 0000000000000000 R08: ffff88803b02a500 R09: 0000000000000002
[  104.044071][ T5327] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[  104.047637][ T5327] R13: 1ffff1100873eb64 R14: 0000000000000001 R15: ffff8880439f5b28
[  104.051182][ T5327] FS:  00007f48979336c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000
[  104.055172][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.058122][ T5327] CR2: 0000200000001640 CR3: 000000001fb41000 CR4: 0000000000352ef0
[  104.061778][ T5327] Call Trace:
[  104.063295][ T5327]  <TASK>
[  104.064695][ T5327]  __i2c_transfer+0x79a/0x1f70
[  104.066914][ T5327]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  104.069642][ T5327]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  104.072339][ T5327]  ? i2c_transfer+0xc8/0x2d0
[  104.074358][ T5327]  i2c_transfer+0x1cc/0x2d0
[  104.076334][ T5327]  i2cdev_ioctl_rdwr+0x460/0x740
[  104.078460][ T5327]  i2cdev_ioctl+0x6a5/0x880
[  104.080515][ T5327]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  104.082761][ T5327]  ? __fget_files+0x3a0/0x420
[  104.084865][ T5327]  ? __fget_files+0x2a/0x420
[  104.087011][ T5327]  ? bpf_lsm_file_ioctl+0x9/0x20
[  104.089234][ T5327]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  104.091495][ T5327]  __se_sys_ioctl+0xfc/0x170
[  104.093452][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.096067][ T5327]  do_syscall_64+0x15f/0xf80
[  104.098095][ T5327]  ? trace_irq_disable+0x3b/0x140
[  104.100273][ T5327]  ? clear_bhb_loop+0x40/0x90
[  104.102462][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.105171][ T5327] RIP: 0033:0x7f489699cdd9
[  104.107283][ T5327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.115716][ T5327] RSP: 002b:00007f4897932fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  104.119528][ T5327] RAX: ffffffffffffffda RBX: 00007f4896c15fa0 RCX: 00007f489699cdd9
[  104.123063][ T5327] RDX: 0000200000001640 RSI: 0000000000000707 RDI: 0000000000000004
[  104.126529][ T5327] RBP: 00007f4896a32d69 R08: 0000000000000000 R09: 0000000000000000
[  104.130139][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.133555][ T5327] R13: 00007f4896c16038 R14: 00007f4896c15fa0 R15: 00007ffdb69dc528
[  104.137175][ T5327]  </TASK>
[  104.138638][ T5327] Modules linked in:
[  104.141022][ T5327] ---[ end trace 0000000000000000 ]---
[  104.179191][ T5327] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[  104.183783][ T5327] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 0d 64 34 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[  104.194353][ T5327] RSP: 0018:ffffc90006ab7bb0 EFLAGS: 00010202
[  104.197441][ T5327] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[  104.201511][ T5327] RDX: ffffffff87fe1865 RSI: ffffffff8f9795b0 RDI: 0000000000001900
[  104.205106][ T5327] RBP: 0000000000000000 R08: ffff88803b02a500 R09: 0000000000000002
[  104.209014][ T5327] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[  104.213193][ T5327] R13: 1ffff1100873eb64 R14: 0000000000000001 R15: ffff8880439f5b28
[  104.216735][ T5327] FS:  00007f48979336c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000
[  104.220889][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.224051][ T5327] CR2: 00007f599eed1140 CR3: 000000001fb41000 CR4: 0000000000352ef0
[  104.227953][ T5327] Kernel panic - not syncing: Fatal exception
[  104.231043][ T5327] Kernel Offset: disabled
[  104.233067][ T5327] Rebooting in 86400 seconds..