Re: [syzbot] Re: [syzbot] [acpi?] KASAN: slab-use-after-free Read in software_node_notify_remove

From: syzbot
Date: Thu Apr 10 2025 - 10:24:43 EST

Next message: Ryo Takakura: "Re: [PATCH v2] serial: sifive: Switch to nbcon console"
Previous message: Dave Hansen: "Re: [PATCH v4 04/19] x86/cea: Export per CPU array 'cea_exception_stacks' for KVM to use"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [acpi?] KASAN: slab-use-after-free Read in software_node_notify_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.

***

Subject: Re: [syzbot] [acpi?] KASAN: slab-use-after-free Read in software_node_notify_remove
Author: lizhi.xu@xxxxxxxxxxxxx

any link create fail will not get kobject

#syz test

diff --git a/drivers/base/swnode.c b/drivers/base/swnode.c
index b1726a3515f6..5c78fa6ae772 100644
--- a/drivers/base/swnode.c
+++ b/drivers/base/swnode.c
@@ -1080,6 +1080,7 @@ void software_node_notify(struct device *dev)
if (!swnode)
return;

+ kobject_get(&swnode->kobj);
ret = sysfs_create_link(&dev->kobj, &swnode->kobj, "software_node");
if (ret)
return;
@@ -1089,8 +1090,6 @@ void software_node_notify(struct device *dev)
sysfs_remove_link(&dev->kobj, "software_node");
return;
}
-
- kobject_get(&swnode->kobj);
}

void software_node_notify_remove(struct device *dev)

Next message: Ryo Takakura: "Re: [PATCH v2] serial: sifive: Switch to nbcon console"
Previous message: Dave Hansen: "Re: [PATCH v4 04/19] x86/cea: Export per CPU array 'cea_exception_stacks' for KVM to use"
In reply to: syzbot: "Re: [syzbot] Re: [syzbot] [acpi?] KASAN: slab-use-after-free Read in software_node_notify_remove"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]