================================================================== BUG: KASAN: null-ptr-deref in mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:820 Write of size 4 at addr 0000000000000000 by task syz.3.614/7475 CPU: 1 UID: 0 PID: 7475 Comm: syz.3.614 Not tainted 6.16.0-rc2-syzkaller-00052-g7481a97c5f49 #0 PREEMPT(voluntary) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 mcp2221_raw_event+0xc1f/0x1030 drivers/hid/hid-mcp2221.c:820 __hid_input_report.constprop.0+0x311/0x450 drivers/hid/hid-core.c:2117 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:286 __usb_hcd_giveback_urb+0x38d/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x180e/0x3a20 drivers/usb/gadget/udc/dummy_hcd.c:1995 __run_hrtimer kernel/time/hrtimer.c:1761 [inline] __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1825 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1842 handle_softirqs+0x205/0x8d0 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0x43/0xb0 arch/x86/kernel/apic/apic.c:1050 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0033:0x7f75a3a4d9bf Code: 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 fb 44 8d 56 04 4c 8d 0d 52 46 35 00 89 f0 4c 8d 05 49 26 35 00 89 c2 81 e2 ff 1f 00 00 <49> 8b 0c d1 48 39 f1 74 28 48 85 c9 74 29 45 38 1c 10 75 23 83 c0 RSP: 002b:00007fffc5707a68 EFLAGS: 00010202 RAX: 00000000813bc35b RBX: 00007f75a48e5720 RCX: 000000000000000c RDX: 000000000000035b RSI: ffffffff813bc35b RDI: 0000000000000000 RBP: ffffffff813bc35b R08: 00007f75a3da0000 R09: 00007f75a3da2000 R10: 00000000813bc35f R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffffffff813bc41f R15: 000000000000000c ==================================================================