In device_remove_property_set(), if the primary fwnode is of type "pset", it has to be set pointing to NULL before calling set_secondary_fwnode(). Otherwise set_secondary_fwnode() will attempt to set the fwnode->secondary member after the fwnode has been freed.
Reported-by: John Youn <[email protected]> Signed-off-by: Heikki Krogerus <[email protected]> --- drivers/base/property.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/base/property.c b/drivers/base/property.c index a163f2c..ddf2987 100644 --- a/drivers/base/property.c +++ b/drivers/base/property.c @@ -820,7 +820,9 @@ void device_remove_property_set(struct device *dev) * the pset. If there is no real firmware node (ACPI/DT) primary * will hold the pset. */ - if (!is_pset_node(fwnode)) + if (is_pset_node(fwnode)) + dev->fwnode = NULL; + else fwnode = fwnode->secondary; if (!IS_ERR(fwnode) && is_pset_node(fwnode)) pset_free_set(to_pset_node(fwnode)); -- 2.7.0
