Re: linux version v5.18 warn in alloc_ep_req

From: Greg KH
Date: Wed Aug 10 2022 - 08:59:04 EST


On Wed, Aug 10, 2022 at 08:53:43PM +0800, Rondreis wrote:
> Hello,
>
> When fuzzing the Linux kernel driver v5.18.0, the following crash was triggered.

Your report below says 5.19-rc4, not 5.18.0.

> HEAD commit: 4b0986a3613c92f4ec1bdc7f60ec66fea135991f (HEAD, tag: v5.18)
> git tree: upstream
>
> kernel config: https://pastebin.com/KecL2gaG
> C reproducer: https://pastebin.com/sh8uUVpV
> console output: https://pastebin.com/yV0hwZSi
>
> Basically, in the c reproducer, we use the gadget module to emulate
> the process of attaching a usb device (vendor id: 0x13d3, product
> id:0x3333, with function: midi).
> To reproduce this crash, we utilize a third-party library to emulate
> the attaching process: https://github.com/linux-usb-gadgets/libusbgx.
> Just clone this repository, make install it, and compile the c
> reproducer with ``` gcc crash.c -lusbgx -o crash ``` will do the
> trick.
>
> It seems that when calling a pre-allocate write usb requests to use on
> f_midi_transmit, kernel will eventually call alloc_ep_req function,
> and a failed kmalloc allocation on the buffer filed within use_request
> struct will cause this error happen.

Great, now that you have a reproducer and a way to trigger it, can you
send a patch to fix the issue as well?

thanks,

greg k-h