program: syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0xd1, 0xa0, 0x5e, 0x20, 0xccd, 0x102, 0x890e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x54, 0x40, 0x1, "", [{{0x9, 0x4, 0xbc, 0x80, 0x0, 0xc, 0xf1, 0xc7, 0x7f}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0xa840, 0x582) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000100)={&(0x7f00000000c0)=[{0x9, 0x800, 0x41, &(0x7f0000000840)="478e18414987981b124447a228152caf3156b814a483611700758493f5276c83ee57c44c403ba56004b96a27839b79f4c179d573f1f8f36f41fccb178965343776"}, {0x1900, 0x1a01, 0x0, 0x0}], 0x2}) [ 88.519011][ T5297] Bluetooth: hci0: command tx timeout [ 88.860390][ T804] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 89.008874][ T804] usb 5-1: Using ep0 maxpacket: 32 [ 89.014229][ T804] usb 5-1: unable to get BOS descriptor or descriptor too short [ 89.019529][ T804] usb 5-1: config 8 has an invalid interface number: 188 but max is 0 [ 89.023233][ T804] usb 5-1: config 8 has no interface number 0 [ 89.025857][ T804] usb 5-1: config 8 interface 188 has no altsetting 0 [ 89.036473][ T804] usb 5-1: string descriptor 0 read error: -22 [ 89.039519][ T804] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e [ 89.043487][ T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.076873][ T804] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state. [ 89.082291][ T804] dw2102: su3000_power_ctrl: 1, initialized 0 [ 89.085786][ T804] dvb-usb: bulk message failed: -22 (2/0) [ 89.104877][ T804] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 89.115799][ T804] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3) [ 89.120363][ T804] usb 5-1: media controller created [ 89.123142][ T804] dvb-usb: bulk message failed: -22 (6/0) [ 89.126125][ T804] dw2102: i2c transfer failed. [ 89.130378][ T804] dvb-usb: bulk message failed: -22 (6/0) [ 89.133291][ T804] dw2102: i2c transfer failed. [ 89.136266][ T804] dvb-usb: bulk message failed: -22 (6/0) [ 89.142155][ T804] dw2102: i2c transfer failed. [ 89.144360][ T804] dvb-usb: bulk message failed: -22 (6/0) [ 89.148342][ T804] dw2102: i2c transfer failed. [ 89.151954][ T804] dvb-usb: bulk message failed: -22 (6/0) [ 89.154507][ T804] dw2102: i2c transfer failed. [ 89.156535][ T804] dvb-usb: bulk message failed: -22 (6/0) [ 89.159948][ T804] dw2102: i2c transfer failed. [ 89.162582][ T804] dvb-usb: MAC address: 02:02:02:02:02:02 [ 89.176573][ T804] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 89.202381][ T804] dvb-usb: bulk message failed: -22 (3/0) [ 89.211423][ T804] dw2102: command 0x0e transfer failed. [ 89.214426][ T804] dvb-usb: bulk message failed: -22 (3/0) [ 89.216940][ T804] dw2102: command 0x0e transfer failed. [ 89.529804][ T804] dvb-usb: bulk message failed: -22 (3/0) [ 89.532133][ T804] dw2102: command 0x0e transfer failed. [ 89.534441][ T804] dvb-usb: bulk message failed: -22 (3/0) [ 89.536795][ T804] dw2102: command 0x0e transfer failed. [ 89.539630][ T804] dvb-usb: bulk message failed: -22 (1/0) [ 89.542931][ T804] dw2102: command 0x51 transfer failed. [ 89.547008][ T5340] dvb-usb: bulk message failed: -22 (68/0) [ 89.552704][ T5340] dw2102: i2c transfer failed. [ 89.558108][ T5340] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI [ 89.563101][ T5340] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 89.566352][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 89.570141][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 89.574522][ T5340] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0 [ 89.577119][ T5340] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 4d de 35 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42 [ 89.585090][ T5340] RSP: 0018:ffffc900037dfbb0 EFLAGS: 00010202 [ 89.587710][ T5340] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 89.590897][ T5340] RDX: ffffffff87fcce15 RSI: ffffffff8f972090 RDI: 0000000000001900 [ 89.594181][ T5340] RBP: 0000000000000001 R08: ffff8880372e8000 R09: 0000000000000002 [ 89.597397][ T5340] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 89.600470][ T5340] R13: 1ffff1100851003a R14: 0000000000000002 R15: ffff8880428801d8 [ 89.603585][ T5340] FS: 00007f7454e446c0(0000) GS:ffff88808c891000(0000) knlGS:0000000000000000 [ 89.607222][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.609965][ T5340] CR2: 0000564ec6968008 CR3: 000000000e450000 CR4: 0000000000352ef0 [ 89.613239][ T5340] Call Trace: [ 89.614735][ T5340] [ 89.615991][ T5340] __i2c_transfer+0x79a/0x1f70 [ 89.618019][ T5340] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 89.620532][ T5340] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 89.622969][ T5340] ? i2c_transfer+0xc8/0x2d0 [ 89.624914][ T5340] i2c_transfer+0x1cc/0x2d0 [ 89.626837][ T5340] i2cdev_ioctl_rdwr+0x460/0x740 [ 89.628877][ T5340] i2cdev_ioctl+0x6a5/0x880 [ 89.630761][ T5340] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 89.632792][ T5340] ? __fget_files+0x3a0/0x420 [ 89.634586][ T5340] ? __fget_files+0x2a/0x420 [ 89.636389][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20 [ 89.638160][ T5340] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 89.640192][ T5340] __se_sys_ioctl+0xfc/0x170 [ 89.641921][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.644207][ T5340] do_syscall_64+0x174/0x580 [ 89.645933][ T5340] ? trace_irq_disable+0x3b/0x140 [ 89.648016][ T5340] ? clear_bhb_loop+0x40/0x90 [ 89.649869][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.652122][ T5340] RIP: 0033:0x7f7453f9ce59 [ 89.653810][ T5340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 89.661569][ T5340] RSP: 002b:00007f7454e43fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 89.664920][ T5340] RAX: ffffffffffffffda RBX: 00007f7454215fa0 RCX: 00007f7453f9ce59 [ 89.667976][ T5340] RDX: 0000200000000100 RSI: 0000000000000707 RDI: 0000000000000005 [ 89.671117][ T5340] RBP: 00007f7454032d6f R08: 0000000000000000 R09: 0000000000000000 [ 89.674011][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 89.676960][ T5340] R13: 00007f7454216038 R14: 00007f7454215fa0 R15: 00007ffdb72d3008 [ 89.680003][ T5340] [ 89.681187][ T5340] Modules linked in: [ 89.683227][ T5340] ---[ end trace 0000000000000000 ]--- [ 89.714164][ T804] DVB: Unable to find symbol ds3000_attach() [ 89.716804][ T804] dvb-usb: no frontend was attached by 'Terratec Cinergy S2 USB HD Rev.3' [ 89.721120][ T5340] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0 [ 89.723828][ T5340] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 4d de 35 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42 [ 89.749462][ T5340] RSP: 0018:ffffc900037dfbb0 EFLAGS: 00010202 [ 89.752271][ T5340] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 89.756246][ T5340] RDX: ffffffff87fcce15 RSI: ffffffff8f972090 RDI: 0000000000001900 [ 89.761461][ T5340] RBP: 0000000000000001 R08: ffff8880372e8000 R09: 0000000000000002 [ 89.764905][ T5340] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 89.768292][ T5340] R13: 1ffff1100851003a R14: 0000000000000002 R15: ffff8880428801d8 [ 89.772384][ T5340] FS: 00007f7454e446c0(0000) GS:ffff88808c891000(0000) knlGS:0000000000000000 [ 89.776114][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.778986][ T804] rc_core: IR keymap rc-su3000 not found [ 89.781453][ T804] Registered IR keymap rc-empty [ 89.784055][ T804] rc rc0: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0 [ 89.796912][ T804] input: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input5 [ 89.803314][ T5340] CR2: 00007faf6dcc2e9c CR3: 000000000e450000 CR4: 0000000000352ef0 [ 89.806945][ T5340] Kernel panic - not syncing: Fatal exception [ 89.809739][ T5340] Kernel Offset: disabled [ 89.811522][ T5340] Rebooting in 86400 seconds..