Re: [syzbot] [media?] KASAN: slab-use-after-free Read in dvb_frontend_release (3)

[Hillf Danton]

> Date: Mon, 16 Feb 2026 01:34:34 -0800	[thread overview]
> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    c22e26bd0906 Merge tag 'landlock-7.0-rc1' of git://git.ker..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16bcf6e6580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=6428d17febdfb14e
> dashboard link: https://syzkaller.appspot.com/bug?extid=ae466a728017ec940b41
> compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15ce3652580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1121515a580000

#syz test

--- x/drivers/media/dvb-core/dvb_frontend.c
+++ y/drivers/media/dvb-core/dvb_frontend.c
@@ -2911,6 +2911,7 @@ static int dvb_frontend_release(struct i
 		mb();
 	}
 
+	dvb_device_get(dvbdev);
 	ret = dvb_generic_release(inode, file);
 
 	if (dvbdev->users == -1) {
@@ -2930,6 +2931,7 @@ static int dvb_frontend_release(struct i
 		if (fe->ops.ts_bus_ctrl)
 			fe->ops.ts_bus_ctrl(fe, 0);
 	}
+	dvb_device_put(dvbdev);
 
 	dvb_frontend_put(fe);
 
--