After device_register(), the lifetime of the embedded struct device is
expected to be managed through the device core reference counting.

In node_init_node_access(), if device_register() fails, the error path
frees access_node directly instead of releasing the device reference
with put_device(). This bypasses the normal device lifetime rules and
may leave the reference count of the embedded struct device unbalanced,
resulting in a refcount leak and potentially leading to a use-after-free.

Fix this by using put_device(dev) in the device_register() failure path
and let node_access_release() handle the final cleanup.

Fixes: 08d9dbe72b1f ("node: Link memory nodes to their compute nodes")
Cc: stable@vger.kernel.org
Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com>
---
 drivers/base/node.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/base/node.c b/drivers/base/node.c
index 00cf4532f121..2b19959a374c 100644
--- a/drivers/base/node.c
+++ b/drivers/base/node.c
@@ -171,13 +171,13 @@ static struct node_access_nodes *node_init_node_access(struct node *node,
 		goto free;
 
 	if (device_register(dev))
-		goto free_name;
+		goto put_device;
 
 	pm_runtime_no_callbacks(dev);
 	list_add_tail(&access_node->list_node, &node->access_list);
 	return access_node;
-free_name:
-	kfree_const(dev->kobj.name);
+put_device:
+	put_device(dev);
 free:
 	kfree(access_node);
 	return NULL;
-- 
2.43.0