On Fri Feb 20, 2026 at 1:38 PM IST, Dan Carpenter wrote:
On Fri, Feb 20, 2026 at 06:30:10AM +0000, Hardik Phalet wrote:
gb_audio_manager_get_module() calls gb_audio_manager_get_locked(), which can return NULL when the requested id does not exist. The returned pointer is dereferenced unconditionally via kobject_get(), leading to a NULL pointer dereference.
Only take a kobject reference when the module is found.
Signed-off-by: Hardik Phalet hardik.phalet@pm.me
drivers/staging/greybus/audio_manager.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/greybus/audio_manager.c b/drivers/staging/greybus/audio_manager.c index 27ca5f796c5f..1da8804e61ca 100644 --- a/drivers/staging/greybus/audio_manager.c +++ b/drivers/staging/greybus/audio_manager.c @@ -111,7 +111,8 @@ struct gb_audio_manager_module *gb_audio_manager_get_module(int id)
I don't think this gb_audio_manager_get_module() function is ever called. If it is then we need a Fixes tag.
regards, dan carpenter
Thanks for pointing that out.
I double-checked and could not find any in-tree callers for gb_audio_manager_get_module(), so this appears to be dead code and the NULL dereference is not reachable today.
Would you prefer that I drop this fix, or should I follow up with a cleanup patch?
Regards, Hardik Phalet