program: syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0xd1, 0xa0, 0x5e, 0x20, 0xccd, 0x102, 0x890e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x54, 0x40, 0x1, "", [{{0x9, 0x4, 0xbc, 0x80, 0x0, 0xc, 0xf1, 0xc7, 0x7f}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$I2C(&(0x7f00000000c0), 0xc, 0x88000) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000000)={&(0x7f0000000340)=[{0x1900, 0x8000, 0x0, 0x0}, {0xfffa, 0x1, 0x0, 0x0}], 0x2}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f0000000240)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='i2c_result\x00', r1}, 0x18) [ 103.277125][ T4651] Bluetooth: hci0: command tx timeout [ 103.670766][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 103.824217][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 103.845753][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 103.858522][ T10] usb 5-1: config 8 has an invalid interface number: 188 but max is 0 [ 103.865610][ T10] usb 5-1: config 8 has no interface number 0 [ 103.871419][ T10] usb 5-1: config 8 interface 188 has no altsetting 0 [ 103.884926][ T10] usb 5-1: string descriptor 0 read error: -22 [ 103.887947][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e [ 103.892771][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.966508][ T10] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state. [ 103.987540][ T10] dw2102: su3000_power_ctrl: 1, initialized 0 [ 104.006618][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 104.106382][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 104.129357][ T10] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3) [ 104.149130][ T10] usb 5-1: media controller created [ 104.163258][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 104.166956][ T10] dw2102: i2c transfer failed. [ 104.169222][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 104.192889][ T10] dw2102: i2c transfer failed. [ 104.206850][ T5323] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI [ 104.212147][ T5323] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 104.215887][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 104.219863][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 104.224298][ T5323] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0 [ 104.227188][ T5323] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 cd 3f 34 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42 [ 104.235701][ T5323] RSP: 0000:ffffc900014b7bb0 EFLAGS: 00010202 [ 104.238521][ T5323] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 104.242031][ T5323] RDX: ffffffff87fe5425 RSI: ffffffff8f979c50 RDI: 0000000000001900 [ 104.246031][ T5323] RBP: 0000000000000000 R08: ffff888000810000 R09: 0000000000000002 [ 104.249450][ T5323] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 104.252732][ T5323] R13: 1ffff110085baf30 R14: 0000000000000002 R15: ffff888042dd7988 [ 104.256310][ T5323] FS: 00007fcf9fddf6c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000 [ 104.260261][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.262934][ T5323] CR2: 00007f25c7be9407 CR3: 000000000e488000 CR4: 0000000000352ef0 [ 104.266458][ T5323] Call Trace: [ 104.267943][ T5323] [ 104.269246][ T5323] __i2c_transfer+0x79a/0x1f70 [ 104.271589][ T5323] ? i2c_transfer+0xc8/0x2d0 [ 104.273885][ T5323] i2c_transfer+0x1cc/0x2d0 [ 104.276006][ T5323] i2cdev_ioctl_rdwr+0x460/0x740 [ 104.278165][ T5323] i2cdev_ioctl+0x6a5/0x880 [ 104.280198][ T5323] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 104.282489][ T5323] ? __fget_files+0x3a0/0x420 [ 104.284495][ T5323] ? __fget_files+0x2a/0x420 [ 104.286635][ T5323] ? bpf_lsm_file_ioctl+0x9/0x20 [ 104.289045][ T5323] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 104.291611][ T5323] __se_sys_ioctl+0xfc/0x170 [ 104.293906][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.296732][ T5323] do_syscall_64+0x15f/0xf80 [ 104.299002][ T5323] ? trace_irq_disable+0x3b/0x140 [ 104.301358][ T5323] ? clear_bhb_loop+0x40/0x90 [ 104.303629][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.306403][ T5323] RIP: 0033:0x7fcf9ef9cdd9 [ 104.308452][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.316823][ T5323] RSP: 002b:00007fcf9fddefe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.320487][ T5323] RAX: ffffffffffffffda RBX: 00007fcf9f215fa0 RCX: 00007fcf9ef9cdd9 [ 104.323801][ T5323] RDX: 0000200000000000 RSI: 0000000000000707 RDI: 0000000000000004 [ 104.327215][ T5323] RBP: 00007fcf9f032d69 R08: 0000000000000000 R09: 0000000000000000 [ 104.331047][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.334963][ T5323] R13: 00007fcf9f216038 R14: 00007fcf9f215fa0 R15: 00007ffc093320f8 [ 104.339069][ T5323] [ 104.340693][ T5323] Modules linked in: [ 104.343560][ T5323] ---[ end trace 0000000000000000 ]--- [ 104.378708][ T5323] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0 [ 104.390329][ T5323] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 cd 3f 34 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42 [ 104.401246][ T5323] RSP: 0000:ffffc900014b7bb0 EFLAGS: 00010202 [ 104.404496][ T5323] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003 [ 104.408129][ T5323] RDX: ffffffff87fe5425 RSI: ffffffff8f979c50 RDI: 0000000000001900 [ 104.412747][ T5323] RBP: 0000000000000000 R08: ffff888000810000 R09: 0000000000000002 [ 104.416563][ T5323] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000 [ 104.419925][ T5323] R13: 1ffff110085baf30 R14: 0000000000000002 R15: ffff888042dd7988 [ 104.423573][ T5323] FS: 00007fcf9fddf6c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000 [ 104.427475][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.430407][ T5323] CR2: 0000556696f67168 CR3: 000000000e488000 CR4: 0000000000352ef0 [ 104.433994][ T5323] Kernel panic - not syncing: Fatal exception [ 104.436744][ T5323] Kernel Offset: disabled [ 104.438745][ T5323] Rebooting in 86400 seconds..