Re: KASAN: use-after-free Write in keyspan_close

From: Rondreis
Date: Wed Sep 21 2022 - 11:45:34 EST


Thank you for your reply!

This is a “fake” device. We emulated some functions with the built-in
gadget module as a virtual device side for fuzzing. It can pass through
the matching phase and, to some extent the probing phase.
As you said, the configuration options are correct.

After a successful attachment, we extracted the file_operations
of the device files on both sides to find the corresponding system calls.
Later, by fuzzing the dual-sided device with system calls, it is
equivalent to considering data threats from both peripheral and user space.

We are open to any suggestions and hope to submit a patch capable
of fixing this bug in the near future.

Best Regards,
Rondreis