Tetsuo Handa wrote:
> syzbot is reporting that del_timer_sync() is called from
> mwifiex_usb_cleanup_tx_aggr() from mwifiex_unregister_dev() without
> checking timer_setup() from mwifiex_usb_tx_init() was called [1].
>
> Ganapathi Bhat proposed a possibly cleaner fix, but it seems that
> that fi
Hi Tetsuo,
> > "grep -FrB1 'del_timer' drivers/ | grep -FA1 '.function)'" says that
> > currently there are 28 locations which call del_timer[_sync]() only if
> > that timer's function field was initialized (because timer_setup()
> > sets that timer's function field). Therefore, let's use same app
On Fri, Aug 21, 2020 at 1:28 AM Tetsuo Handa
wrote:
>
> syzbot is reporting that del_timer_sync() is called from
> mwifiex_usb_cleanup_tx_aggr() from mwifiex_unregister_dev() without
> checking timer_setup() from mwifiex_usb_tx_init() was called [1].
>
> Ganapathi Bhat proposed a possibly cleaner
syzbot is reporting that del_timer_sync() is called from
mwifiex_usb_cleanup_tx_aggr() from mwifiex_unregister_dev() without
checking timer_setup() from mwifiex_usb_tx_init() was called [1].
Ganapathi Bhat proposed a possibly cleaner fix, but it seems that
that fix was forgotten [2].
"grep -FrB1
