Thank you for your reply! This is a “fake” device. We emulated some functions with the built-in gadget module as a virtual device side for fuzzing. It can pass through the matching phase and, to some extent the probing phase. As you said, the configuration options are correct. After a successful attachment, we extracted the file_operations of the device files on both sides to find the corresponding system calls. Later, by fuzzing the dual-sided device with system calls, it is equivalent to considering data threats from both peripheral and user space. We are open to any suggestions and hope to submit a patch capable of fixing this bug in the near future. Best Regards, Rondreis
