dvb-usb: bulk message failed: -22 (1/0) dw2102: i2c transfer failed. Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 UID: 0 PID: 5016 Comm: syz.1.8227 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 RIP: 0010:su3000_i2c_transfer+0x2e3/0xfd0 drivers/media/usb/dvb-usb/dw2102.c:752 Code: 0f b6 18 49 83 c7 08 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 ca 95 39 fa 4d 8b 37 49 ff c6 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 7c 08 00 00 41 88 1e 48 8b 44 24 48 42 RSP: 0000:ffffc90004cc79d0 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000010 RCX: a719b5e82347bf00 RDX: ffffc90012097000 RSI: 0000000000003a52 RDI: 0000000000003a53 RBP: 0000000000000000 R08: ffff8880b87247d3 R09: 1ffff110170e48fa R10: dffffc0000000000 R11: ffffed10170e48fb R12: 0000000000000003 R13: dffffc0000000000 R14: 0000000000000011 R15: ffff88805a641d88 FS: 0000000000000000(0000) GS:ffff888125567000(0063) knlGS:00000000f541db40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000004a416000 CR4: 00000000003526f0 Call Trace: __i2c_transfer+0x79a/0x2020 drivers/i2c/i2c-core-base.c:-1 i2c_transfer+0x1cc/0x2d0 drivers/i2c/i2c-core-base.c:2317 i2cdev_ioctl_rdwr+0x460/0x740 drivers/i2c/i2c-dev.c:306 compat_i2cdev_ioctl+0x59f/0x5c0 drivers/i2c/i2c-dev.c:574 __do_compat_sys_ioctl fs/ioctl.c:695 [inline] __se_compat_sys_ioctl fs/ioctl.c:638 [inline] __ia32_compat_sys_ioctl+0x5ea/0x950 fs/ioctl.c:638 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x20d/0x640 arch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x33/0x70 arch/x86/entry/syscall_32.c:332 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf702ef6c Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad RSP: 002b:00000000f541d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707 RDX: 0000000080000a40 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:su3000_i2c_transfer+0x2e3/0xfd0 drivers/media/usb/dvb-usb/dw2102.c:752 Code: 0f b6 18 49 83 c7 08 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 ca 95 39 fa 4d 8b 37 49 ff c6 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 7c 08 00 00 41 88 1e 48 8b 44 24 48 42 RSP: 0000:ffffc90004cc79d0 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000010 RCX: a719b5e82347bf00 RDX: ffffc90012097000 RSI: 0000000000003a52 RDI: 0000000000003a53 RBP: 0000000000000000 R08: ffff8880b87247d3 R09: 1ffff110170e48fa R10: dffffc0000000000 R11: ffffed10170e48fb R12: 0000000000000003 R13: dffffc0000000000 R14: 0000000000000011 R15: ffff88805a641d88 FS: 0000000000000000(0000) GS:ffff888125567000(0063) knlGS:00000000f541db40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000f7f8a190 CR3: 000000004a416000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 0f b6 18 movzbl (%rax),%ebx 3: 49 83 c7 08 add $0x8,%r15 7: 4c 89 f8 mov %r15,%rax a: 48 c1 e8 03 shr $0x3,%rax e: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) 13: 74 08 je 0x1d 15: 4c 89 ff mov %r15,%rdi 18: e8 ca 95 39 fa call 0xfa3995e7 1d: 4d 8b 37 mov (%r15),%r14 20: 49 ff c6 inc %r14 23: 4c 89 f0 mov %r14,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 0f b6 04 28 movzbl (%rax,%r13,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 0f 85 7c 08 00 00 jne 0x8b3 37: 41 88 1e mov %bl,(%r14) 3a: 48 8b 44 24 48 mov 0x48(%rsp),%rax 3f: 42 rex.X