Re: [PATCH] wifi: ath9k: avoid device access after async firmware request
From: Toke Høiland-Jørgensen
Date: Mon Jun 29 2026 - 05:57:22 EST
Yousef Alhouseen <alhouseenyousef@xxxxxxxxx> writes:
> request_firmware_nowait() may invoke the callback before the requesting
> context resumes. When a firmware lookup fails, the callback starts the
> next fallback request. That nested request can exhaust the fallback list,
> complete fw_done, and let disconnect free hif_dev before the parent request
> returns.
>
> The parent then dereferences hif_dev only to print a successful-request
> message. Remove that post-request access so completion cannot leave an
> older callback using the freed device state.
>
> Fixes: e904cf6fe230 ("ath9k_htc: introduce support for different fw versions")
> Reported-by: syzbot+cb7ed9d85261445a0201@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=cb7ed9d85261445a0201
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>
An identical patch was already submitted and is currently pending:
https://patchwork.kernel.org/project/linux-wireless/patch/20260605153210.20471-1-1020691186@xxxxxx/
-Toke