Re: [PATCH] au0828: fix use-after-free at USB probing

From: Gustavo A. R. Silva
Date: Tue Dec 12 2017 - 15:55:11 EST

Next message: Gustavo A. R. Silva: "Re: [PATCH] drm/i915/gvt/fb_decoder: Fix out-of-bounds read"
Previous message: Rob Herring: "Re: [PATCH v2] eeprom: at25: Add DT support for EEPROMs with odd address bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey Andrey,

Quoting Andrey Konovalov <andreyknvl@xxxxxxxxxx>:

On Thu, Nov 23, 2017 at 2:31 AM, Gustavo A. R. Silva
<garsilva@xxxxxxxxxxxxxx> wrote:

Hi Andrey,

I have successfully installed and tested syzkaller with QEMU. Can you please
tell me how to reproduce this bug or share with me the full crash report?

Also, can you point me out to the PoC file?

Hi Gustavo,

Sorry for the delay.

No worries.

I've now published the USB fuzzing prototype, so here's how you can
reproduce this:

1. Get Linux 4.15-rc3 upstream kernel
(50c4c4e268a2d7a3e58ebb698ac74da0de40ae36).

2. Apply this patch (it adds a new interface to emulate USB devices):
https://github.com/google/syzkaller/blob/usb-fuzzer/tools/usb/0002-usb-fuzzer-main-usb-gadget-fuzzer-driver.patch

3. Build the kernel with the attached .config (you need relatively new
GCC to make KASAN work).

4. Run the attached reproducer.

Also attaching the full kernel log.

Awesome. :D I'll try this.

Thank you!
--
Gustavo A. R. Silva

Next message: Gustavo A. R. Silva: "Re: [PATCH] drm/i915/gvt/fb_decoder: Fix out-of-bounds read"
Previous message: Rob Herring: "Re: [PATCH v2] eeprom: at25: Add DT support for EEPROMs with odd address bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]