From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from c60.cesmail.net ([216.154.195.49]:57950 "EHLO c60.cesmail.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751847Ab1GUQdo (ORCPT ); Thu, 21 Jul 2011 12:33:44 -0400 Message-ID: <4E2854E5.3020905@gnu.org> (sfid-20110721_183401_784278_B719A8CA) Date: Thu, 21 Jul 2011 12:33:41 -0400 From: Pavel Roskin MIME-Version: 1.0 To: =?UTF-8?B?UmFmYcWCIE1pxYJlY2tp?= CC: linux-wireless@vger.kernel.org, Linux Kernel Mailing List Subject: Re: Bug in BCMA: device_unregister causing "NULL pointer dereference at" References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Sender: linux-wireless-owner@vger.kernel.org List-ID: On 07/21/2011 03:18 AM, Rafał Miłecki wrote: >> So when I unload bcma after I got driver (b43) for 0x812 core, I get >> NULL pointer dereference. >> >> Any tip, why does it happen? > > I've tracked where does crash really happen (kobject_del does not > really say much). The real forwardtrace is: > device_unregister → device_del → kobject_del → kobj_kset_leave → > kobj_kset_leave → list_del_init > > If you take a look at list_del_init, it touches "prev" and "next". So > I've added some debugging: > pr_info("core->dev.kobj.entry.prev: 0x%p\n", core->dev.kobj.entry.prev); > pr_info("core->dev.kobj.entry.next: 0x%p\n", core->dev.kobj.entry.next); There are options for debugging that you may want to enable: CONFIG_DEBUG_LIST CONFIG_DEBUG_OBJECTS CONFIG_DEBUG_KOBJECT Actually, consider enabling most debug options as possible, except perhaps the most time consuming (such as CONFIG_DEBUG_KMEMLEAK). Maybe you are passing a freed pointer or something. Print the pointers you are passing to device_register() and device_unregister(). > [ 612.819320] bcma: core->dev.kobj.entry.prev: 0x (null) You may want to make it a macro and print it in most bcma functions. -- Regards, Pavel Roskin