On Thu, 19 Oct 2017, Paul Bolle wrote:

On Thu, 2017-10-19 at 23:31 +0200, Thomas Gleixner wrote:

quoted

bas_gigaset_exit()
{
        for (i = 0; i < driver->minors; i++) {
                if (gigaset_shutdown(driver->cs + i) < 0)

gigaset_shutdown(cs)
{
	mutex_lock(&cs->mutex); <-------- Explodes here

So driver->cs + i is invalid. No idea how that might be related to that
timer conversion patch, but ....

Thanks for peeking into this!

Please note that driver->minors is one of the more embarrassing warts of the
gigaset code. It's basically hardcoded to 1 for all three drivers (including
bas_gigaset). So driver->cs itself is invalid here.

And since the patch uses
    struct cardstate *cs = urb->context;

in a few places my guess is that it's really the patch that triggers this.

Well, that does not explain why

      drivers->cs + i

would be corrupted. That would require that this cs -> urb link points at
driver magically and then wreckages that driver data structure. Might be
the case, but if so then there are dragons burried somehwere

Thanks,

	tglx