Re: [BUG] KASAN: slab-use-after-free in ipoctal_write_tty

Next message: Vincent Legoll: "[PATCH v2] riscv: dts: spacemit: k1-orangepi-rv2: Add cpu scaling"
Previous message: kernel test robot: "[tip:x86/urgent] BUILD SUCCESS 2d36d3b451a94899db9c965adde15492ffe6027a"
In reply to: Greg KH: "Re: [BUG] KASAN: slab-use-after-free in ipoctal_write_tty"
Next in thread: Greg KH: "Re: [BUG] KASAN: slab-use-after-free in ipoctal_write_tty"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Shuangpeng

Date: Mon Jun 15 2026 - 16:34:23 EST

> On Jun 15, 2026, at 00:03, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Sun, Jun 14, 2026 at 03:48:50PM -0400, Shuangpeng Bai wrote:
>> Hi Kernel Maintainers,
>>
>> I hit the following report while testing current upstream kernel:
>>
>> KASAN: slab-use-after-free in ipoctal_write_tty
>
> Cool, do you have this hardware, or is this only virtual testing?

No, I do not have the physical hardware. This was reproduced with
unmodified QEMU using its existing TPCI200/IP-Octal emulation.

>
> If virtual, are you sure that the hardware is being emulated properly?

I understand this is not the same as testing on real hardware. However,
my current understanding is that the crash is triggered after a
successful probe through the normal sysfs unbind/remove path while the
ipoctal tty fd is still open. The failing path does not seem to rely on
device-specific emulation details after probe, but rather on the
lifetime of the tty/device state during removal.

Please let me know if I am missing anything here. I would also
appreciate any suggestions on what I could check to better evaluate
whether the emulation is appropriate for this report.

Best,
Shuangpeng

> thanks,
>
> greg k-h