On Wed, Aug 10, 2022 at 08:53:43PM +0800, Rondreis wrote: > Hello, > > When fuzzing the Linux kernel driver v5.18.0, the following crash was triggered. Your report below says 5.19-rc4, not 5.18.0. > HEAD commit: 4b0986a3613c92f4ec1bdc7f60ec66fea135991f (HEAD, tag: v5.18) > git tree: upstream > > kernel config: https://pastebin.com/KecL2gaG > C reproducer: https://pastebin.com/sh8uUVpV > console output: https://pastebin.com/yV0hwZSi > > Basically, in the c reproducer, we use the gadget module to emulate > the process of attaching a usb device (vendor id: 0x13d3, product > id:0x3333, with function: midi). > To reproduce this crash, we utilize a third-party library to emulate > the attaching process: https://github.com/linux-usb-gadgets/libusbgx. > Just clone this repository, make install it, and compile the c > reproducer with ``` gcc crash.c -lusbgx -o crash ``` will do the > trick. > > It seems that when calling a pre-allocate write usb requests to use on > f_midi_transmit, kernel will eventually call alloc_ep_req function, > and a failed kmalloc allocation on the buffer filed within use_request > struct will cause this error happen. Great, now that you have a reproducer and a way to trigger it, can you send a patch to fix the issue as well? thanks, greg k-h
