In the Linux kernel, the following vulnerability has been resolved:

wifi: plfxlc: Remove erroneous assert in plfxlcmacrelease

plfxlcmacrelease() asserts that mac->lock is held. This assertion is incorrect, because even if it was possible, it would not be the valid behaviour. The function is used when probe fails or after the device is disconnected. In both cases mac->lock can not be held as the driver is not working with the device at the moment. All functions that use mac->lock unlock it just after it was held. There is also no need to hold mac->lock for plfxlcmacrelease() itself, as mac data is not affected, except for mac->flags, which is modified atomically.

This bug leads to the following warning:

WARNING: CPU: 0 PID: 127 at drivers/net/wireless/purelifi/plfxlc/mac.c:106 plfxlcmacrelease+0x7d/0xa0 Modules linked in: CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.124-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usbhubwq hubevent RIP: 0010:plfxlcmacrelease+0x7d/0xa0 drivers/net/wireless/purelifi/plfxlc/mac.c:106 Call Trace: <TASK> probe+0x941/0xbd0 drivers/net/wireless/purelifi/plfxlc/usb.c:694 usbprobeinterface+0x5c0/0xaf0 drivers/usb/core/driver.c:396 reallyprobe+0x2ab/0xcb0 drivers/base/dd.c:639 _driverprobedevice+0x1a2/0x3d0 drivers/base/dd.c:785 driverprobedevice+0x50/0x420 drivers/base/dd.c:815 _deviceattachdriver+0x2cf/0x510 drivers/base/dd.c:943 busforeachdrv+0x183/0x200 drivers/base/bus.c:429 _deviceattach+0x359/0x570 drivers/base/dd.c:1015 busprobedevice+0xba/0x1e0 drivers/base/bus.c:489 deviceadd+0xb48/0xfd0 drivers/base/core.c:3696 usbsetconfiguration+0x19dd/0x2020 drivers/usb/core/message.c:2165 usbgenericdriverprobe+0x84/0x140 drivers/usb/core/generic.c:238 usbprobedevice+0x130/0x260 drivers/usb/core/driver.c:293 reallyprobe+0x2ab/0xcb0 drivers/base/dd.c:639 _driverprobedevice+0x1a2/0x3d0 drivers/base/dd.c:785 driverprobedevice+0x50/0x420 drivers/base/dd.c:815 _deviceattachdriver+0x2cf/0x510 drivers/base/dd.c:943 busforeachdrv+0x183/0x200 drivers/base/bus.c:429 _deviceattach+0x359/0x570 drivers/base/dd.c:1015 busprobedevice+0xba/0x1e0 drivers/base/bus.c:489 deviceadd+0xb48/0xfd0 drivers/base/core.c:3696 usbnewdevice+0xbdd/0x18f0 drivers/usb/core/hub.c:2620 hubportconnect drivers/usb/core/hub.c:5477 [inline] hubportconnectchange drivers/usb/core/hub.c:5617 [inline] portevent drivers/usb/core/hub.c:5773 [inline] hubevent+0x2efe/0x5730 drivers/usb/core/hub.c:5855 processonework+0x8a9/0x11d0 kernel/workqueue.c:2292 workerthread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 retfromfork+0x1f/0x30 arch/x86/entry/entry_64.S:295

</TASK>

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.