Hi Daniel, > I haven't tested it yet, but it doesn't look like a fix to me. > > Surely the crash here is that the timer_fn is running and using data > that has been freed, like the netdev and the workqueue. Please try attached patches instead. > mwifiex_free_adapter() is called at the end of mwifiex_remove_card(), > after it has freed a whole load of that stuff. If you are trying to > stop the timer at this point, you are way too late. There are two different static mwifiex_free_adapter() functions which cause confusion. The 1/2 patch renames the one in init.c to mwifiex_adapter_cleanup(). Thanks, Bing > > Daniel
Attachment:
0001-mwifiex-rename-mwifiex_free_adapter-routine.patch
Description: 0001-mwifiex-rename-mwifiex_free_adapter-routine.patch
Attachment:
0002-mwifiex-scan-delay-timer-cleanup-in-unload-path.patch
Description: 0002-mwifiex-scan-delay-timer-cleanup-in-unload-path.patch
