From: Greg KH <gregkh@linuxfoundation.org>
To: Shuangpeng <shuangpeng.kernel@gmail.com>
Cc: vaibhavgupta40@gmail.com, jens.taprogge@taprogge.org,
kees@kernel.org, industrypack-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org
Subject: Re: [BUG] KASAN: slab-use-after-free in ipoctal_write_tty
Date: Mon, 15 Jun 2026 22:49:29 +0200 [thread overview]
Message-ID: <2026061543-require-phrasing-e2c2@gregkh> (raw)
In-Reply-To: <53780D3D-9EE8-4032-BC37-F17694C4D685@gmail.com>
On Mon, Jun 15, 2026 at 04:33:09PM -0400, Shuangpeng wrote:
>
>
> > On Jun 15, 2026, at 00:03, Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Sun, Jun 14, 2026 at 03:48:50PM -0400, Shuangpeng Bai wrote:
> >> Hi Kernel Maintainers,
> >>
> >> I hit the following report while testing current upstream kernel:
> >>
> >> KASAN: slab-use-after-free in ipoctal_write_tty
> >
> > Cool, do you have this hardware, or is this only virtual testing?
>
> No, I do not have the physical hardware. This was reproduced with
> unmodified QEMU using its existing TPCI200/IP-Octal emulation.
>
> >
> > If virtual, are you sure that the hardware is being emulated properly?
>
>
> I understand this is not the same as testing on real hardware. However,
> my current understanding is that the crash is triggered after a
> successful probe through the normal sysfs unbind/remove path while the
> ipoctal tty fd is still open. The failing path does not seem to rely on
> device-specific emulation details after probe, but rather on the
> lifetime of the tty/device state during removal.
What specific sysfs unbind path? That's only for root and for testing
kernel development, it's not a normal thing that a user does at all,
right?
> Please let me know if I am missing anything here. I would also
> appreciate any suggestions on what I could check to better evaluate
> whether the emulation is appropriate for this report.
What exactly are you trying to test?
thanks,
greg k-h
next prev parent reply other threads:[~2026-06-15 20:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-14 19:48 [BUG] KASAN: slab-use-after-free in ipoctal_write_tty Shuangpeng Bai
2026-06-15 4:03 ` Greg KH
2026-06-15 20:33 ` Shuangpeng
2026-06-15 20:49 ` Greg KH [this message]
2026-06-16 0:11 ` Shuangpeng
2026-06-16 2:46 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026061543-require-phrasing-e2c2@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=industrypack-devel@lists.sourceforge.net \
--cc=jens.taprogge@taprogge.org \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=shuangpeng.kernel@gmail.com \
--cc=vaibhavgupta40@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.