Re: [PATCH] cfg80211: reg: Fix use-after-free in call_crda

Hi, > In function reg_query_database, query_regdb_file call > request_firmware_nowait to do request_firmware asynchronously, > which need the caller hold the reference of dev, otherwise it will > do put_device freeing '®_pdev->dev'. After that, call_crda access > the dev will trigger use-after-fre

[PATCH] cfg80211: reg: Fix use-after-free in call_crda

From: YueHaibing KASAN report this: BUG: KASAN: use-after-free in kobject_uevent_env+0xedb/0xf20 lib/kobject_uevent.c:474 Read of size 8 at addr 8881e52d5dc0 by task kworker/0:2/1066 CPU: 0 PID: 1066 Comm: kworker/0:2 Not tainted 5.0.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PII