From: Jakub Kicinski <kuba@kernel.org>
To: Zhang Cen <rollkingzzc@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
zerocling0077@gmail.com, 2045gemini@gmail.com
Subject: Re: [PATCH] netpoll: normalize skb->dev to the netpoll device
Date: Mon, 18 May 2026 18:54:09 -0700 [thread overview]
Message-ID: <20260518185409.3e7f638e@kernel.org> (raw)
In-Reply-To: <20260515050511.106309-1-rollkingzzc@gmail.com>
On Fri, 15 May 2026 13:05:11 +0800 Zhang Cen wrote:
> Sanitizer validation reported:
> KASAN slab-use-after-free in queue_process()
> Read of size 8
> Call trace:
> dump_stack_lvl() (?:?)
> print_report() (?:?)
> srso_alias_return_thunk() (arch/x86/include/asm/nospec-branch.h:375)
> __virt_addr_valid() (?:?)
> kasan_complete_mode_report_info() (?:?)
> kasan_report() (?:?)
> queue_process() (net/core/netpoll.c:88)
> kasan_check_range() (?:?)
> __kasan_check_read() (?:?)
> process_one_work() (kernel/workqueue.c:3200)
> assign_work() (kernel/workqueue.c:1201)
> worker_thread() (?:?)
> kthread() (?:?)
> ret_from_fork() (?:?)
> __switch_to() (?:?)
> __switch_to_asm() (arch/x86/include/asm/switch_to.h:9)
> ret_from_fork_asm() (?:?)
> kasan_save_stack() (mm/kasan/common.c:52)
> kasan_save_track() (mm/kasan/common.c:74)
> kasan_save_free_info() (?:?)
> __kasan_slab_free() (?:?)
> kfree() (?:?)
> kvfree() (mm/slub.c:6876)
> netdev_release() (net/core/net-sysfs.c:2227)
> device_release() (?:?)
> kobject_put() (lib/kobject.c:730)
> put_device() (drivers/base/core.c:3810)
> free_netdev() (net/core/dev.c:12164)
> full_proxy_write() (?:?)
> vfs_write() (fs/read_write.c:668)
> ksys_write() (fs/read_write.c:729)
> __x64_sys_write() (?:?)
> x64_sys_call() (arch/x86/entry/syscall_64.c:35)
> do_syscall_64() (arch/x86/entry/syscall_64.c:87)
> entry_SYSCALL_64_after_hwframe() (?:?)
You trimmed the stack trace too much, the information about
the object on which the UAF was detected is missing, and
so is the UAF location.
Please add a Fixes tag (even if it's the first commit in git history).
With that fixed please repost.
--
pw-bot: cr
next prev parent reply other threads:[~2026-05-19 1:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-15 5:05 [PATCH] netpoll: normalize skb->dev to the netpoll device Zhang Cen
2026-05-19 1:54 ` Jakub Kicinski [this message]
2026-05-19 8:17 ` Cen Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260518185409.3e7f638e@kernel.org \
--to=kuba@kernel.org \
--cc=2045gemini@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rollkingzzc@gmail.com \
--cc=zerocling0077@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox