Re: [syzbot] [usb?] KASAN: slab-use-after-free Read in hdm_disconnect
From: Edward Adam Davis
Date: Tue Jul 30 2024 - 01:46:47 EST
move the relase dev to the end
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 933069701c1b
diff --git a/drivers/most/most_usb.c b/drivers/most/most_usb.c
index 485d5ca39951..ed3fcba00cae 100644
--- a/drivers/most/most_usb.c
+++ b/drivers/most/most_usb.c
@@ -1118,15 +1118,14 @@ static void hdm_disconnect(struct usb_interface *interface)
del_timer_sync(&mdev->link_stat_timer);
cancel_work_sync(&mdev->poll_work_obj);
- if (mdev->dci)
- device_unregister(&mdev->dci->dev);
most_deregister_interface(&mdev->iface);
kfree(mdev->busy_urbs);
kfree(mdev->cap);
kfree(mdev->conf);
kfree(mdev->ep_address);
- put_device(&mdev->dci->dev);
+ if (mdev->dci)
+ device_unregister(&mdev->dci->dev);
put_device(&mdev->dev);
}