Description
kernel-oops if /system/etc/firmware/WMT_SOC.cfg not existing
it happens while calling “wmt_plat_deinit();” in drivers/misc/mediatek/connectivity/common/conn_soc/mt7623/wmt_plat_alps.c
[ +0.000006] DEBUG: Passed wmt_plat_deinit 362 now calling wake lock destroy -1057754704
[ +0.000004] DEBUG: Passed wmt_plat_deinit 364 now wmtWakeLock:-1057754704
[ +0.000004] DEBUG: Passed wmt_plat_deinit 365 now wmtWakeLock->ws: -1057754704
[ +0.000013] Unable to handle kernel NULL pointer dereference at virtual address 00000000
as you see both adresses are the same:
created the messages like this way:
INT32 wmt_plat_deinit(VOID)
{
INT32 iret = 0;
/* 2. unreg to cmb_stub */
iret = mtk_wcn_cmb_stub_unreg();
printk(KERN_ALERT "DEBUG: Passed %s %d now calling wmt wakelock deinit\n",__FUNCTION__,__LINE__);
/*3. wmt wakelock deinit */
#ifdef CFG_WMT_WAKELOCK_SUPPORT
#ifdef CONFIG_PM_WAKELOCKS
printk(KERN_ALERT "DEBUG: Passed %s %d now calling wakeup_source_trash\n",__FUNCTION__,__LINE__);
wakeup_source_trash(&wmtWakeLock);
#else
printk(KERN_ALERT "DEBUG: Passed %s %d now calling wake lock destroy %d\n",__FUNCTION__,__LINE__,(int)&wmtWakeLock);
//destroy in wakelock.h calls wakeup_source_trash (include/linux/pm_wakeup.h) with &lock->ws
printk(KERN_ALERT "DEBUG: Passed %s %d now wmtWakeLock:%d\n",__FUNCTION__,__LINE__,(int)&wmtWakeLock);
printk(KERN_ALERT "DEBUG: Passed %s %d now wmtWakeLock->ws: %d\n",__FUNCTION__,__LINE__,(int)&(wmtWakeLock.ws));
wake_lock_destroy(&wmtWakeLock);
...
wmtWakeLock and its member ws is a struct and not dynamic allocated as i’ve found out, so i assume that there have no memory freed manually.
(drivers/misc/mediatek/connectivity/common/combo seems not be used, deleted from git after try to build without it)
same bug in 4.4.70, currently no idea how to fix that