Re: [PATCH] netpoll: normalize skb->dev to the netpoll device

[Jakub Kicinski]

On Fri, 15 May 2026 13:05:11 +0800 Zhang Cen wrote:
> Sanitizer validation reported:
> KASAN slab-use-after-free in queue_process()
> Read of size 8
> Call trace:
>   dump_stack_lvl() (?:?)
>   print_report() (?:?)
>   srso_alias_return_thunk() (arch/x86/include/asm/nospec-branch.h:375)
>   __virt_addr_valid() (?:?)
>   kasan_complete_mode_report_info() (?:?)
>   kasan_report() (?:?)
>   queue_process() (net/core/netpoll.c:88)
>   kasan_check_range() (?:?)
>   __kasan_check_read() (?:?)
>   process_one_work() (kernel/workqueue.c:3200)
>   assign_work() (kernel/workqueue.c:1201)
>   worker_thread() (?:?)
>   kthread() (?:?)
>   ret_from_fork() (?:?)
>   __switch_to() (?:?)
>   __switch_to_asm() (arch/x86/include/asm/switch_to.h:9)
>   ret_from_fork_asm() (?:?)
>   kasan_save_stack() (mm/kasan/common.c:52)
>   kasan_save_track() (mm/kasan/common.c:74)
>   kasan_save_free_info() (?:?)
>   __kasan_slab_free() (?:?)
>   kfree() (?:?)
>   kvfree() (mm/slub.c:6876)
>   netdev_release() (net/core/net-sysfs.c:2227)
>   device_release() (?:?)
>   kobject_put() (lib/kobject.c:730)
>   put_device() (drivers/base/core.c:3810)
>   free_netdev() (net/core/dev.c:12164)
>   full_proxy_write() (?:?)
>   vfs_write() (fs/read_write.c:668)
>   ksys_write() (fs/read_write.c:729)
>   __x64_sys_write() (?:?)
>   x64_sys_call() (arch/x86/entry/syscall_64.c:35)
>   do_syscall_64() (arch/x86/entry/syscall_64.c:87)
>   entry_SYSCALL_64_after_hwframe() (?:?)

You trimmed the stack trace too much, the information about 
the object on which the UAF was detected is missing, and 
so is the UAF location.

Please add a Fixes tag (even if it's the first commit in git history).

With that fixed please repost.
-- 
pw-bot: cr