On 2/14/2019 11:30 PM, Rafał Miłecki wrote:
Hi,
I've just found a well reproducible brcmfmac crash (NULL pointer
dereference).
Steps:
1. Wait for or trigger a FullMAC firmware crash
2. Wait for some skb to get queued on a flowring
3. Call rmmod brcmfmac
Problem:
There is a NULL pointer dereference in one of the brcmf_detach() calls.
Explanation:
brcmf_detach() first frees all "ifp"s and then deletes flowrings. If any
flowring has a skb it results in calling brcmf_txfinalize() which tries
to access "ifp" (struct brcmf_if) which is a NULL.
Hi Rafał,
Thanks for diving in. That was my suspicion. Does it mean you are
working on a patch or shall I take care of it.
Regards,
Arend
