Re: [PATCH] wifi: ath9k: avoid device access after async firmware request

Next message: Yousef Alhouseen: "Re: [PATCH v2] drm/amdgpu: reject mapping info when BO VA is gone"
Previous message: Uwe Kleine-K&#xF6;nig (The Capable Hub): "Re: [PATCH v3 09/16] platform/x86: x86-android-tablets: Add include defining struct dmi_system_id"
In reply to: Toke H&#xF8;iland-J&#xF8;rgensen: "Re: [PATCH] wifi: ath9k: avoid device access after async firmware request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yousef Alhouseen

Date: Mon Jun 29 2026 - 10:03:54 EST

Thanks for the pointer. I missed the pending patch; please drop mine.

Thanks,
Yousef

On Mon, 29 Jun 2026 11:49:34 +0200, "Toke Høiland-Jørgensen"
<toke@xxxxxxx> wrote:
> Yousef Alhouseen <alhouseenyousef@xxxxxxxxx> writes:
>
> > request_firmware_nowait() may invoke the callback before the requesting
> > context resumes. When a firmware lookup fails, the callback starts the
> > next fallback request. That nested request can exhaust the fallback list,
> > complete fw_done, and let disconnect free hif_dev before the parent request
> > returns.
> >
> > The parent then dereferences hif_dev only to print a successful-request
> > message. Remove that post-request access so completion cannot leave an
> > older callback using the freed device state.
> >
> > Fixes: e904cf6fe230 ("ath9k_htc: introduce support for different fw versions")
> > Reported-by: syzbot+cb7ed9d85261445a0201@xxxxxxxxxxxxxxxxxxxxxxxxx
> > Closes: https://syzkaller.appspot.com/bug?extid=cb7ed9d85261445a0201
> > Cc: stable@xxxxxxxxxxxxxxx
> > Signed-off-by: Yousef Alhouseen <alhouseenyousef@xxxxxxxxx>
>
> An identical patch was already submitted and is currently pending:
> https://patchwork.kernel.org/project/linux-wireless/patch/20260605153210.20471-1-1020691186@xxxxxx/
>
> -Toke