On Thu, 19 Oct 2017, Paul Bolle wrote:
> On Thu, 2017-10-19 at 23:31 +0200, Thomas Gleixner wrote:
> > bas_gigaset_exit()
> > {
> > for (i = 0; i < driver->minors; i++) {
> > if (gigaset_shutdown(driver->cs + i) < 0)
> >
> > gigaset_shutdown(cs)
> > {
> > mutex_lock(&cs->mutex); <-------- Explodes here
> >
> > So driver->cs + i is invalid. No idea how that might be related to that
> > timer conversion patch, but ....
>
> Thanks for peeking into this!
>
> Please note that driver->minors is one of the more embarrassing warts of the
> gigaset code. It's basically hardcoded to 1 for all three drivers (including
> bas_gigaset). So driver->cs itself is invalid here.
>
> And since the patch uses
> struct cardstate *cs = urb->context;
>
> in a few places my guess is that it's really the patch that triggers this.
Well, that does not explain why
drivers->cs + i
would be corrupted. That would require that this cs -> urb link points at
driver magically and then wreckages that driver data structure. Might be
the case, but if so then there are dragons burried somehwere
Thanks,
tglx
