[i2c] 2.6.19-rc3 Segmentation fault on i2c_register_driver.

Tom Rathbone tom.rathbone at gmail.com
Fri Oct 27 16:00:09 CEST 2006 

Thanks, that did the trick.  A one character mistake, *sigh*.

T.

On 10/27/06, Mark M. Hoffman <mhoffman at lightlink.com> wrote:
> Hi Tom:
>
> * Tom Rathbone <tom.rathbone at gmail.com> [2006-10-27 10:20:08 +0100]:
> > Hi All,
> >
> > Recently upgraded from 2.6.17-rc4 to 2.6.19-rc2 and found an audio
> > driver we are developing was causing segfaults whenever it was
> > inserted, previously it worked just fine.
> >
> > Quickly traced the problem to i2c_register_driver and created a
> > minimal test case (listed below).  The crash is strange as the trace
> > varies with each crash but always relates to device registration or
> > kobject code called from beneath i2c_register_driver or
> > i2c_detach_client.
> >
> > I'm using Andrew Victor's AT91 bus driver
> > (http://lists.lm-sensors.org/pipermail/i2c/2006-October/000396.html)
> > on Linus' git head with only minor modifications to support my board.
> > I can't see a direct connection between this driver and the crash.
> >
> > Has anyone seen anything similar?  Is the test case just doing
> > something wrong?  Any ideas at all would be greatly appreciated.
>
> Yes, pretty sure there's a bug.  See below.
>
> > Thanks,
> >
> > Tom.
> >
> > ~ # insmod mintest.ko
> > mintest: module license 'unspecified' taintskernel.
> > Unable to handle kernel paging request at virtual address 00100100
> > pgd = c0cdc000
> > [00100100] *pgd=20cf6031, *pte=00000000, *ppte=00000000
> > Internal error: Oops: 17 [#1]
> > Modules linked in: mintest(P) g_ether
> > CPU: 0
> > PC is at device_add+0x280/0x45c
> > LR is at kobject_put+0x20/0x28
> > pc : [<c0101d2c>]    lr : [<c00de7b0>]    Tainted: P
> > sp : c02d1e04  ip : c0061ab4  fp : c02d1e34
> > r10: 00000000  r9 : c0418c04  r8 : 00000000
> > r7 : 00000000  r6 : c0c52754  r5 : c0c526ec  r4 : c0c526ec
> > r3 : 00100100  r2 : 20000013  r1 : 00000000  r0 : 00000000
> > Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  Segment user
> > Control: C000717F
> > Table: 20CDC000  DAC: 00000015
> > Process insmod (pid: 37, stack limit = 0xc02d0250)
> > Stack: (0xc02d1e04 to 0xc02d2000)
> > 1e00:          c0c527a8 00000000 c0c526ec c0c526d8 c0c526ec c0418bc8 c0c5281c
> > 1e20: c0418ca8 c0418c04 c02d1e48 c02d1e38 c0101f24 c0101abc c0c52790 c02d1e8c
> > 1e40: c02d1e4c c0123890 c0101f18 c0c52790 000000d0 c0c52824 00000000 c0418bf0
> > 1e60: 00000000 c0c526d8 00000000 c0418bc8 0000000e c1855498 c1855000 c02b2330
> > 1e80: c02d1ea8 c02d1e90 bf007058 c01237ac c0418dd0 bf0074fc c01f0bf4 c02d1ec4
> > 1ea0: c02d1eac c0123560 bf007010 c02b2314 bf0075c0 00000000 c02d1ed4 c02d1ec8
> > 1ec0: bf0070dc c01234ec c02d1fa4 c02d1ed8 c0049efc bf0070d4 00000000 00000208
> > 1ee0: c01ab6bc c01ab6bc 00000124 00000020 0000000e 00000000 00000000 c012379c
> > 1f00: bf0073c0 00000000 0000002a 00000034 00000030 0000001c c02d0000 00000000
> > 1f20: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> > 1f40: 00000004 00000000 00000007 00000000 00000000 00000000 0000000d 0000000c
> > 1f60: c1855a10 c029c980 c1855424 c001fdf0 c0064e70 00000000 00000000 00000003
> > 1f80: 00000000 00000100 00000080 c001cd44 c02d0000 00000002 00000000 c02d1fa8
> > 1fa0: c001cba0 c0048a2c 00000000 00000100 00900080 40017000 00000b40 00067050
> > 1fc0: 00000003 00000000 00000100 bec1fe94 bec1ff5c 00000000 00000002 00000000
> > 1fe0: bec1fdd4 bec1fdc8 0001e578 401261c0 60000010 00900080 40181250 40181258
> > Backtrace:
> > [<c0101aac>] (device_add+0x0/0x45c) from [<c0101f24>]
> > (device_register+0x1c/0x20)
> > [<c0101f08>] (device_register+0x0/0x20) from [<c0123890>]
> > (i2c_attach_client+0xf4/0x214)
> >  r4 = C0C52790
> > [<c012379c>] (i2c_attach_client+0x0/0x214) from [<bf007058>]
> > (mintest_attach_client+0x58/0x80 [mintest])
> > [<bf007000>] (mintest_attach_client+0x0/0x80 [mintest]) from
> > [<c0123560>] (i2c_register_driver+0x84/0xb0)
> >  r6 = C01F0BF4  r5 = BF0074FC  r4 = C0418DD0
> > [<c01234dc>] (i2c_register_driver+0x0/0xb0) from [<bf0070dc>]
> > (mintest_i2c_init+0x18/0x44 [mintest])
> >  r6 = 00000000  r5 = BF0075C0  r4 = C02B2314
> > [<bf0070c4>] (mintest_i2c_init+0x0/0x44 [mintest]) from [<c0049efc>]
> > (sys_init_module+0x14e0/0x15b8)
> > [<c0048a1c>] (sys_init_module+0x0/0x15b8) from [<c001cba0>]
> > (ret_fast_syscall+0x0/0x2c)
> > Code: e5953128 e1a08007 e3530000 0a000015 (e5933000)
> >  Segmentation fault
> > ~ #
> >
> > mintest.c
> > ------------
> > /* GPL */
> > #include <linux/init.h>
> > #include <linux/i2c.h>
> >
> > #define I2C_CLIENT_ADDR               0x4d
> > #define MAX_REGISTER  0xa
> >
> > static int registered = 0;
> > static struct i2c_driver mintest_driver;
> >
> > static int mintest_attach_client(struct i2c_adapter *adapter)
> > {
> >       int rc = 0;
> >       struct i2c_client *new_client;
> >       const char *client_name = "Mintest Client";
> >
> >       new_client = kmalloc(sizeof(struct i2c_client), GFP_KERNEL);
>
> That should be kzalloc instead of kmalloc, because struct i2c_client contains
> a struct device that has to be zeroed prior to use.
>
> If that doesn't fix it, let me know and I'll look closer.
>
> >       if (!new_client) {
> >               rc = -ENOMEM;
> >               goto bail;
> >       }
> >
> >       new_client->addr = I2C_CLIENT_ADDR;
> >       new_client->adapter = adapter;
> >       new_client->driver = &mintest_driver;
> >       new_client->flags = 0;
> >       strcpy(new_client->name, client_name);
> >
> > /* crash here */
> >       if (i2c_attach_client(new_client)) {
> >               rc = -ENODEV;
> >               goto bail;
> >       }
> >
> >       return 0;
> > bail:
> >       kfree(new_client);
> >       return rc;
> > }
> >
> > static int mintest_detach_client(struct i2c_client *client)
> > {
> > /* or crash here */
> >       return i2c_detach_client(client);
> > }
> >
> > static struct i2c_driver mintest_driver = {
> >       .driver= {
> >               .name = "Minimal I2C Test",
> >       },
> >       .attach_adapter = &mintest_attach_client,
> >       .detach_client  = &mintest_detach_client,
> > };
> >
> >
> > static void mintest_i2c_cleanup(void)
> > {
> >       if(registered)
> >               i2c_del_driver(&mintest_driver);
> > }
> >
> > static int mintest_i2c_init(void)
> > {
> >       if (i2c_add_driver(&mintest_driver)) {
> >               mintest_i2c_cleanup();
> >               return -ENODEV;
> >       }
> >       registered = 1;
> >
> >       return 0;
> > }
> >
> > module_init(mintest_i2c_init)
> > module_exit(mintest_i2c_cleanup)
> >
>
> Regards,
>
> --
> Mark M. Hoffman
> mhoffman at lightlink.com
>
>

More information about the i2c mailing list