Zheyu Ma <zheyuma97@xxxxxxxxx> wrote: > When the driver fails at ieee80211_alloc_hw() at the probe time, the > driver will free the 'hw' which is not allocated, causing a bug. > > The following log can reveal it: > > [ 15.981294] BUG: KASAN: user-memory-access in mutex_is_locked+0xe/0x40 > [ 15.981558] Read of size 8 at addr 0000000000001ab0 by task modprobe/373 > [ 15.982583] Call Trace: > [ 15.984282] ieee80211_free_hw+0x22/0x390 > [ 15.984446] rtl8xxxu_probe+0x3a1/0xab30 [rtl8xxxu] > > Fix the bug by changing the order of the error handling. > > Signed-off-by: Zheyu Ma <zheyuma97@xxxxxxxxx> Patch applied to wireless-next.git, thanks. 13876f2a087a wifi: rtl8xxxu: Fix the error handling of the probe function -- https://patchwork.kernel.org/project/linux-wireless/patch/20220716130444.2950690-1-zheyuma97@xxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
