When allocating a new mcb_bus the bus_type is added to the mcb_bus itself, causing an issue when calling mcb_bus_add_devices(). This function is not only called for each mcb_device under the mcb_bus but for the bus itself. The crash happens when the mcb_core module is removed, getting the following error: [ 286.691693] ------------[ cut here ]------------ [ 286.691695] ida_free called for id=1 which is not allocated. [ 286.691714] WARNING: CPU: 0 PID: 1719 at lib/idr.c:523 ida_free+0xe0/0x140 [ 286.691715] Modules linked in: snd_hda_codec_hdmi amd64_edac_mod snd_hda_intel edac_mce_amd snd_intel_dspcfg kvm_amd snd_hda_codec amdgpu nls_iso8859_1 ccp snd_hda_core snd_hwdep amd_iommu_v2 kvm snd_pcm gpu_sched crct10dif_pclmul crc32_pclmul snd_seq_midi snd_seq_midi_event ghash_clmulni_intel ttm snd_rawmidi aesni_intel snd_seq binfmt_misc crypto_simd cryptd glue_helper drm_kms_helper snd_seq_device snd_timer drm snd k10temp fb_sys_fops syscopyarea sysfillrect sysimgblt snd_rn_pci_acp3x mcb_pci(-) snd_pci_acp3x soundcore altera_cvp fpga_mgr mcb spi_nor mtd 8250_dw mac_hid sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 mmc_block nvme ahci i2c_piix4 libahci i2c_amd_mp2_pci igb nvme_core i2c_algo_bit dca video sdhci_acpi sdhci [last unloaded: 8250_men_mcb] [ 286.691752] CPU: 0 PID: 1719 Comm: modprobe Not tainted 5.4.702+ #11 [ 286.691753] Hardware name: MEN F027/n/a, BIOS 1.03 04/20/2021 [ 286.691756] RIP: 0010:ida_free+0xe0/0x140 [ 286.691759] Code: a8 31 f6 e8 12 f7 00 00 eb 4b 4c 0f a3 28 72 21 48 8b 7d a8 4c 89 f6 e8 8e ad 02 00 89 de 48 c7 c7 e8 02 83 b5 e8 b0 7a 5d ff <0f> 0b e9 67 ff ff ff 4c 0f b3 28 48 8d 7d a8 31 f6 e8 da e0 00 00 [ 286.691761] RSP: 0018:ffff9a56c38f7bd8 EFLAGS: 00010282 [ 286.691763] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000006 [ 286.691764] RDX: 0000000000000007 RSI: 0000000000000096 RDI: ffff8d881fa1c8c0 [ 286.691765] RBP: ffff9a56c38f7c30 R08: 0000000000000487 R09: 0000000000000004 [ 286.691766] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 [ 286.691767] R13: 0000000000000001 R14: 0000000000000202 R15: 0000000000000001 [ 286.691769] FS: 00007fb78e303540(0000) GS:ffff8d881fa00000(0000) knlGS:0000000000000000 [ 286.691770] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.691771] CR2: 00007ffe92b2ce98 CR3: 000000079fd9c000 CR4: 00000000003406f0 [ 286.691772] Call Trace: [ 286.691781] mcb_free_bus+0x2b/0x40 [mcb] [ 286.691785] device_release+0x2c/0x80 [ 286.691787] kobject_put+0xb9/0x1d0 [ 286.691790] put_device+0x13/0x20 As mcb_bus_add_devices() is called for the mcb_bus itself, the function tries to cast the incorrectly passed struct mcb_bus to mcb_device. Both structs have the same layout: struct mcb_bus { struct device dev; struct device *carrier; int bus_nr; ... }; struct mcb_device { struct device dev; struct mcb_bus *bus; bool is_added; ... }; This incorrect casting is causing a wrong behaviour in mcb_bus_add_devices() where the member bus_nr is casted to is_added, meaning that when bus_nr is "0", the function continues and sets bus_nr to "1" (is_added = true) If we have 2 buses (one for each F215 board), the function ida_alloc() will give the value "0" and "1" to each bus respectively, but as both buses are included themselves in the devices' lists, after the call to mcb_bus_add_devices(), the buses will have the value "1" and "1". For this reason, when the mcb-core module is removed, the error raises as the ida resource with value "1" is being released twice, leaking the ida resource with value "0". changes for V2: * create a dedicated bus_type for mcb_bus and mcb_device structs instead of removing bus_type for mcb_bus. This patch is based on linux-next (next-20230817) Jose Javier Rodriguez Barbarin (1): mcb: create dedicated bus_type for mcb_bus and mcb_device drivers/mcb/mcb-core.c | 43 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-) -- 2.34.1