From: Jaret Cantu <jaret.cantu@xxxxxxxxxxx> Repeated polling attempts cause a NULL dereference error to occur. This is because the state of the trf7970a is currently reading but another request has been made to send a command before it has finished. The solution is to properly kill the waiting reading (workqueue) before failing on the send. --- drivers/nfc/trf7970a.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/nfc/trf7970a.c b/drivers/nfc/trf7970a.c index 8a88195..5916737 100644 --- a/drivers/nfc/trf7970a.c +++ b/drivers/nfc/trf7970a.c @@ -1496,6 +1496,10 @@ static int trf7970a_send_cmd(struct nfc_digital_dev *ddev, (trf->state != TRF7970A_ST_IDLE_RX_BLOCKED)) { dev_err(trf->dev, "%s - Bogus state: %d\n", __func__, trf->state); + if (trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA || + trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA_CONT) + trf->ignore_timeout = + !cancel_delayed_work(&trf->timeout_work); ret = -EIO; goto out_err; } -- Signed-off-by: Geoff Lansberry <geoff@xxxxxxxxx>