==================================================================
BUG: KASAN: null-ptr-deref in mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:910
Write of size 207 at addr 0000000000000000 by task kworker/1:10/14669

CPU: 1 UID: 0 PID: 14669 Comm: kworker/1:10 Not tainted syzkaller #0 PREEMPT(voluntary) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events legacy_dvb_usb_read_remote_control
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 kasan_report+0xe0/0x110 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:183 [inline]
 kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189
 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106
 mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:910
 __hid_input_report.constprop.0+0x314/0x450 drivers/hid/hid-core.c:2130
 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:286
 __usb_hcd_giveback_urb+0x38a/0x6e0 drivers/usb/core/hcd.c:1663
 usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1747
 dummy_timer+0x1814/0x3a30 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1842
 handle_softirqs+0x208/0x8d0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:strnlen+0x32/0x80 lib/string.c:432
Code: 55 48 8d 2c 37 53 48 83 ec 08 48 85 f6 74 3c 48 bb 00 00 00 00 00 fc ff df 49 89 fc 48 89 f8 eb 09 48 83 c0 01 48 39 e8 74 1e <48> 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 0f b6 14 1a 38 ca 7f 04 84
RSP: 0018:ffffc90012b8f320 EFLAGS: 00000297
RAX: ffff88810f300884 RBX: dffffc0000000000 RCX: 0000000000000003
RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffff88810f300878
RBP: ffff88810f300888 R08: 0000000000000006 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88810f300878
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
 strnlen include/linux/fortify-string.h:233 [inline]
 sized_strscpy include/linux/fortify-string.h:309 [inline]
 __update_page_owner_handle+0x270/0x550 mm/page_owner.c:253
 __set_page_owner+0x126/0x550 mm/page_owner.c:330
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1c0/0x230 mm/page_alloc.c:1851
 prep_new_page mm/page_alloc.c:1859 [inline]
 get_page_from_freelist+0xf98/0x2ce0 mm/page_alloc.c:3858
 __alloc_frozen_pages_noprof+0x259/0x21e0 mm/page_alloc.c:5148
 alloc_pages_mpol+0xe4/0x410 mm/mempolicy.c:2416
 alloc_slab_page mm/slub.c:2487 [inline]
 allocate_slab mm/slub.c:2655 [inline]
 new_slab+0x247/0x330 mm/slub.c:2709
 ___slab_alloc+0xc78/0x1680 mm/slub.c:3891
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3981
 __slab_alloc_node mm/slub.c:4056 [inline]
 slab_alloc_node mm/slub.c:4217 [inline]
 __do_kmalloc_node mm/slub.c:4364 [inline]
 __kmalloc_noprof+0x15b/0x4d0 mm/slub.c:4377
 kmalloc_noprof include/linux/slab.h:909 [inline]
 usb_alloc_urb+0x66/0xa0 drivers/usb/core/urb.c:75
 usb_internal_control_msg drivers/usb/core/message.c:96 [inline]
 usb_control_msg+0x1d3/0x4a0 drivers/usb/core/message.c:154
 m920x_read drivers/media/usb/dvb-usb/m920x.c:36 [inline]
 m920x_rc_query+0xdf/0x770 drivers/media/usb/dvb-usb/m920x.c:188
 legacy_dvb_usb_read_remote_control+0x109/0x4f0 drivers/media/usb/dvb-usb/dvb-usb-remote.c:123
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400
 kthread+0x3c2/0x780 kernel/kthread.c:463
 ret_from_fork+0x5b6/0x6c0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
==================================================================
----------------
Code disassembly (best guess):
   0:	55                   	push   %rbp
   1:	48 8d 2c 37          	lea    (%rdi,%rsi,1),%rbp
   5:	53                   	push   %rbx
   6:	48 83 ec 08          	sub    $0x8,%rsp
   a:	48 85 f6             	test   %rsi,%rsi
   d:	74 3c                	je     0x4b
   f:	48 bb 00 00 00 00 00 	movabs $0xdffffc0000000000,%rbx
  16:	fc ff df
  19:	49 89 fc             	mov    %rdi,%r12
  1c:	48 89 f8             	mov    %rdi,%rax
  1f:	eb 09                	jmp    0x2a
  21:	48 83 c0 01          	add    $0x1,%rax
  25:	48 39 e8             	cmp    %rbp,%rax
  28:	74 1e                	je     0x48
* 2a:	48 89 c2             	mov    %rax,%rdx <-- trapping instruction
  2d:	48 89 c1             	mov    %rax,%rcx
  30:	48 c1 ea 03          	shr    $0x3,%rdx
  34:	83 e1 07             	and    $0x7,%ecx
  37:	0f b6 14 1a          	movzbl (%rdx,%rbx,1),%edx
  3b:	38 ca                	cmp    %cl,%dl
  3d:	7f 04                	jg     0x43
  3f:	84                   	.byte 0x84