From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CE122F12A5 for ; Mon, 15 Jun 2026 20:52:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781556771; cv=none; b=JZxRwHw3b/j7T3HB70+Lhw3LJdiCH0yvGA47HhWA/fLFyN5umqDtR/f3dRwn946G/fTYeE+Wygzrp47QdqlBr93XvBQTF6nXcKnOpeslIW3uG6eUJIFFYf4rY+7lY3yvWpJIgqrkrJvluJnnsxiVApQlqSmvdYvMkQVHpdt7qxw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781556771; c=relaxed/simple; bh=+U23yBzpdXvyGRkCjEegY7j42SZpEXgnGlDS1ahrboI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=CUqHcBLdD+LgpnwW96cY5CxPpy24+E6gRBUqTooUNgOei6tJPDOk4KJz2hMu91tsS+sr5B74mOqAv1qOR4LcjGgsORBPwpfDKFN42NW0km6uFPEDOLXrVsBF5o2Z6U+ZBIEuaL10nNsCgYM4/0OKAmPYxtRVQ1vRr4h7MXAHpQ8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=w6Ffn460; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="w6Ffn460" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CEF881F000E9; Mon, 15 Jun 2026 20:52:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=korg; t=1781556769; bh=juWMY6GbUv8R88j0KoJseC9geAWBAspWCkHNVJJOw+U=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=w6Ffn460aOBwdb1xYi3Td9uYVVlxRUaNeYIU3+XKPUjGbpTyEg0UAFGXrijCf72bg WEQQ4+eZYOV06MLqLlHIAcSLxFUVbGZOPoSx0Np4NoFc2TM5EiLUTrP3L7NLIIYQlK 8M9dsbu5tpEOk+9nOJObfy1HNHzbZkNRt3H5FuDM= Date: Mon, 15 Jun 2026 22:49:29 +0200 From: Greg KH To: Shuangpeng Cc: vaibhavgupta40@gmail.com, jens.taprogge@taprogge.org, kees@kernel.org, industrypack-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Subject: Re: [BUG] KASAN: slab-use-after-free in ipoctal_write_tty Message-ID: <2026061543-require-phrasing-e2c2@gregkh> References: <178144969601.60470.1257088106279546587@gmail.com> <2026061553-childcare-rush-8f26@gregkh> <53780D3D-9EE8-4032-BC37-F17694C4D685@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53780D3D-9EE8-4032-BC37-F17694C4D685@gmail.com> On Mon, Jun 15, 2026 at 04:33:09PM -0400, Shuangpeng wrote: > > > > On Jun 15, 2026, at 00:03, Greg KH wrote: > > > > On Sun, Jun 14, 2026 at 03:48:50PM -0400, Shuangpeng Bai wrote: > >> Hi Kernel Maintainers, > >> > >> I hit the following report while testing current upstream kernel: > >> > >> KASAN: slab-use-after-free in ipoctal_write_tty > > > > Cool, do you have this hardware, or is this only virtual testing? > > No, I do not have the physical hardware. This was reproduced with > unmodified QEMU using its existing TPCI200/IP-Octal emulation. > > > > > If virtual, are you sure that the hardware is being emulated properly? > > > I understand this is not the same as testing on real hardware. However, > my current understanding is that the crash is triggered after a > successful probe through the normal sysfs unbind/remove path while the > ipoctal tty fd is still open. The failing path does not seem to rely on > device-specific emulation details after probe, but rather on the > lifetime of the tty/device state during removal. What specific sysfs unbind path? That's only for root and for testing kernel development, it's not a normal thing that a user does at all, right? > Please let me know if I am missing anything here. I would also > appreciate any suggestions on what I could check to better evaluate > whether the emulation is appropriate for this report. What exactly are you trying to test? thanks, greg k-h