Re: KASAN: use-after-free Write in keyspan_close
From: Greg KH
Date: Tue Sep 20 2022 - 12:16:30 EST
On Tue, Sep 20, 2022 at 10:47:37PM +0800, Rondreis wrote:
> Hello,
>
> When fuzzing the Linux kernel driver v6.0-rc6, the following crash was
> triggered.
>
> HEAD commit: 521a547ced6477c54b4b0cc206000406c221b4d6
> git tree: upstream
>
> kernel config: https://pastebin.com/raw/hekxU61F
> console output: https://pastebin.com/raw/gvADdA0t
>
> Sorry for failing to extract the reproducer. But on other versions of
> Linux, I also triggered this crash.
>
> I would appreciate it if you have any idea how to solve this bug.
Are you hitting this with a real keyspan device, or is this a "fake"
one?
if a fake one, what type of fake data are you sending the driver? Are
the configuration options correct, and you are giving it bad data, or
something else?
Fuzzing on invalid USB data for drivers is the next "boundry" to start
working on, so far we have only handed invalid configuration information
fairly well, so patches to work on this next layer are always
appreciated if you consider USB data to now be considered "hostile" and
not trustable.
thanks,
greg k-h