Bug 3823 - i2c or kobject? therm_adt746x in 2.6.10-rc2 cause kernel panic on powerbook g4
i2c or kobject? therm_adt746x in 2.6.10-rc2 cause kernel panic on powerbook g4
Status: CLOSED CODE_FIX
Product: Drivers
Classification: Unclassified
Component: I2C
i386 Linux
: P2 normal
Assigned To: Colin Leroy
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-27 06:19 UTC by GONG Jie
Modified: 2005-11-21 07:43 UTC (History)
2 users (show)

See Also:
Kernel Version: 2.6.10-rc2
Tree: Mainline
Regression: ---


Attachments
config-2.6.10-rc2-bauxite.17 (35.47 KB, text/plain)
2004-11-27 06:22 UTC, GONG Jie
Details
Properly define the i2c_client owner (473 bytes, patch)
2004-11-28 03:17 UTC, Jean Delvare
Details | Diff
Properly define the i2c_client owner (473 bytes, patch)
2004-11-28 03:33 UTC, Jean Delvare
Details | Diff
Properly define the i2c_driver owner (651 bytes, patch)
2004-11-28 04:24 UTC, Jean Delvare
Details | Diff
Cleanup macintoch/therm_* i2c driver structures (2.36 KB, patch)
2004-11-28 06:30 UTC, Jean Delvare
Details | Diff

Description GONG Jie 2004-11-27 06:19:39 UTC
Distribution:
Hardware Environment:
Apple PowerBook G4 Al 12"

Software Environment:
Debian GNU/Linux Sarge
Kernel source 2.6.10-rc2 download from www.kernel.org

# ./ver_linux
If some fields are empty or look unusual you may have an old version.
Compare to the current minimal requirements in Documentation/Changes.

Linux bauxite 2.6.10-rc2-bauxite.17 #1 Sat Nov 27 19:24:03 CST 2004 ppc 
GNU/Linux

Gnu C                  3.3.4
Gnu make               3.80
binutils               2.15
util-linux             2.12
mount                  2.12
module-init-tools      3.1-pre6
e2fsprogs              1.35
reiserfsprogs          3.6.19
reiser4progs           line
quota-tools            3.12.
PPP                    2.4.2
nfs-utils              1.0.6
Linux C Library        2.3.2
Dynamic linker (ldd)   2.3.2
Procps                 3.2.1
Net-tools              1.60
Console-tools          0.2.3
Sh-utils               5.2.1
Modules Loaded         hci_usb rfcomm l2cap bluetooth af_packet ipv6 joydev 
usbhid ohci_hcd eth1394 ehci_hcd usbcore ohci1394 dm_mod evdev sr_mod 
snd_powermac snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore 
snd_page_alloc sbp2 scsi_mod ieee1394 ide_cd cdrom generic unix

Problem Description:
modprobe therm_adt746x cause segmentation fault. If therm_adt746x is build into 
kernel, kernel panic while system boot up.

Steps to reproduce:
# modprobe therm_adt746x
adt746x: Thermostat bus: 1, address: 0x2e, limit_adjust: 0, fan_speed: -1
Oops: kernel access of bad area, sig: 11 [#1]
NIP: C0116DE8 LR: C0117C88 SP: C6C09DB0 REGS: c6c09d00 TRAP: 0300    Not tainted
MSR: 00009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11
DAR: 00008124, DSISR: 40000000
TASK = cf0c01d0[4207] 'modprobe' THREAD: c6c08000Last syscall: 128
GPR00: 0000000C C6C09DB0 CF0C01D0 00008124 FFFFFFFE C02270C8 C6C09E50 0000000A
GPR08: FFFFFFFF 00008124 C02270C9 C6C09DE8 84002424 1001E284 100013A4 00000000
GPR16: 00000000 00000000 00000000 00000000 100013A4 10019080 10019040 00000000
GPR24: 00000019 C17F6EA0 FFFFFFFF C6C09E50 00008124 00000000 C17F6EB8 C17F6EA0
NIP [c0116de8] strnlen+0x10/0x40
LR [c0117c88] vsnprintf+0x554/0x74c
Call trace:
 [c01143e4] kobject_set_name+0xc8/0xec
 [c015be44] bus_add_driver+0x44/0x10c
 [c015c52c] driver_register+0x30/0x40
 [c0193c84] i2c_add_driver+0x68/0x12c
 [d6857170] thermostat_init+0x170/0x3b0 [therm_adt746x]
 [c00334c0] sys_init_module+0x224/0x324
 [c00042e0] ret_from_syscall+0x0/0x44
Segmentation fault
Comment 1 GONG Jie 2004-11-27 06:22:32 UTC
Created attachment 4155 [details]
config-2.6.10-rc2-bauxite.17

My kernel config file.
Comment 2 Colin Leroy 2004-11-27 06:43:03 UTC
I'm not sure it's due to therm_adt746x: Nothing i2c-related changed in it. Can
you try therm_adt746x.c from 2.6.10-rc2 in 2.6.9 (just replace the file), and
see if it reproduces. If not, the problem is possibly due to i2c changes in
2.6.10-rc2.

Also try the inverse, therm_adt746x.c from 2.6.9 in 2.6.10-rc2, and see if it
reproduces. If yes, the problem is very probably due to i2c changes in 2.6.10-rc2.

Thanks
Colin
Comment 3 GONG Jie 2004-11-27 07:40:05 UTC
Copy therm_adt746x.c from kernel source 2.6.9 and recompile kernel 2.6.10-rc2.
When I modprobe therm_adt746x, it segmentation fault again.

Maybe you are right.

Thanks for your help.
Comment 4 Colin Leroy 2004-11-27 07:55:37 UTC
Thanks for your quick answer. You may ask on linux-kernel mailing list. It may
be an i2c bug, or a kobject-related one, or maybe something in your config. 
Comment 5 Jean Delvare 2004-11-28 03:17:40 UTC
Created attachment 4160 [details]
Properly define the i2c_client owner

Not sure it'll prevent the oops, but still worth a try, and should probably be
applied to the main tree anyway.
Comment 6 Colin Leroy 2004-11-28 03:33:02 UTC
doesn't seem correct:

drivers/macintosh/therm_adt746x.c: In function `attach_one_thermostat':
drivers/macintosh/therm_adt746x.c:381: error: structure has no member named `owner'

? :)
Comment 7 Jean Delvare 2004-11-28 03:33:36 UTC
Created attachment 4161 [details]
Properly define the i2c_client owner

Not sure it'll prevent the oops, but still worth a try, and should probably be
applied to the main tree anyway.
Comment 8 Jean Delvare 2004-11-28 04:14:00 UTC
Comment on attachment 4161 [details]
Properly define the i2c_client owner

Duplicate due to bugzilla.kernel.org being half responsive.
Comment 9 Jean Delvare 2004-11-28 04:24:19 UTC
Created attachment 4162 [details]
Properly define the i2c_driver owner

What about this one then?
Comment 10 Colin Leroy 2004-11-28 04:28:32 UTC
This one compiles ok, can you push it to Andrew or do you want me to do so? 

BTW, would you happen to know why my driver and therm_windtunnel define
.attach_adapter and .detach_adapter by address (&attach_thermostat), while
therm_pm72 does not ?

Thanks,
Colin
Comment 11 Jean Delvare 2004-11-28 04:39:54 UTC
I will send a broader patch to Greg and Andrew, as it seems that the other
therm_* drivers need it too.

As for .attach_adapter and .detach_adapter, they are function pointers so these
are addresses, whether you use & or not. Both constructs are similar for gcc as
far as I know.

I wonder if my patch will be sufficient to solve Jie's problem though.
Comment 12 Colin Leroy 2004-11-28 05:04:47 UTC
Me too, espacially since I have no problems with my driver in 2.6.10-rc2... 

Differences related to I2C, between my .config and Jie's are the following:
He has 
CONFIG_I2C=y
CONFIG_I2C_CHARDEV=m
CONFIG_I2C_ALGOBIT=y
CONFIG_I2C_ALGOPCF=m
CONFIG_I2C_ALGOPCA=m
CONFIG_I2C_KEYWEST=y

and I have
CONFIG_I2C=y
CONFIG_I2C_CHARDEV=m
CONFIG_I2C_ALGOBIT=y
CONFIG_I2C_KEYWEST=m

Maybe related?
Comment 13 Jean Delvare 2004-11-28 06:30:52 UTC
Created attachment 4163 [details]
Cleanup macintoch/therm_* i2c driver structures

Looks like kobjects prefer if their name fit in 20 bytes so they should be 19
chararcters max. therm_adt746x and therm_windtunnel are longer than that with
24 and 23 characters, respectively.

This patch fixes that among other cleanups. Jie, please give it a try and let
me know if it helps.
Comment 14 GONG Jie 2004-11-28 06:35:05 UTC
Apply Delvare's patch ( attachment 4162 [details] ) and recompile kernel 2.6.10-rc2 with 
the same kernel configuration file.  It seems that the phenomenon is same as 
befor.

# modprobe therm_adt746x
adt746x: Thermostat bus: 1, address: 0x2e, limit_adjust: 0, fan_speed: -1
Oops: kernel access of bad area, sig: 11 [#1]
NIP: C0116DE8 LR: C0117C88 SP: C7053DB0 REGS: c7053d00 TRAP: 0300    Not tainted
MSR: 00009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11
DAR: 00008124, DSISR: 40000000
TASK = cf2c07e0[4038] 'modprobe' THREAD: c7052000Last syscall: 128
GPR00: 0000000C C7053DB0 CF2C07E0 00008124 FFFFFFFE C02270C8 C7053E50 0000000A
GPR08: FFFFFFFF 00008124 C02270C9 C7053DE8 84002424 1001E284 100013A4 00000000
GPR16: 00000000 00000000 00000000 00000000 100013A4 10019080 10019040 00000000
GPR24: 00000019 CC728DE0 FFFFFFFF C7053E50 00008124 00000000 CC728DF8 CC728DE0
NIP [c0116de8] strnlen+0x10/0x40
LR [c0117c88] vsnprintf+0x554/0x74c
Call trace:
 [c01143e4] kobject_set_name+0xc8/0xec
 [c015be44] bus_add_driver+0x44/0x10c
 [c015c52c] driver_register+0x30/0x40
 [c0193c84] i2c_add_driver+0x68/0x12c
 [d6857170] thermostat_init+0x170/0x3b0 [therm_adt746x]
 [c00334c0] sys_init_module+0x224/0x324
 [c00042e0] ret_from_syscall+0x0/0x44
Segmentation fault
Comment 15 GONG Jie 2004-11-28 07:45:57 UTC
Apply the new patch ( attachment 4163 [details] ). It worked.

# modprobe therm_adt746x
adt746x: Thermostat bus: 1, address: 0x2e, limit_adjust: 0, fan_speed: -1
adt746x: ADT7460 initializing
adt746x: Lowering max temperatures from 73, 80, 109 to 70, 50, 70
# lsmod
Module                  Size  Used by
therm_adt746x          12508  0
hci_usb                16224  2
rfcomm                 48092  0
l2cap                  28836  5 rfcomm
bluetooth              64332  7 hci_usb,rfcomm,l2cap
af_packet              21320  2
ipv6                  323272  10
joydev                 12000  0
usbhid                 55136  0
ohci_hcd               26824  0
eth1394                24712  0
ehci_hcd               38436  0
usbcore               147280  5 hci_usb,usbhid,ohci_hcd,ehci_hcd
ohci1394               41924  0
dm_mod                 73992  6
evdev                  11968  2
sr_mod                 23396  0
snd_powermac           48132  0
snd_pcm_oss            67940  0
snd_mixer_oss          23296  1 snd_pcm_oss
snd_pcm               115096  2 snd_powermac,snd_pcm_oss
snd_timer              29316  1 snd_pcm
snd                    67736  5 
snd_powermac,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
soundcore              11876  1 snd
snd_page_alloc         11620  1 snd_pcm
sbp2                   28208  0
scsi_mod              119840  2 sr_mod,sbp2
ieee1394              448744  3 eth1394,ohci1394,sbp2
ide_cd                 50052  0
cdrom                  50940  2 sr_mod,ide_cd
generic                 5248  0 [permanent]
unix                   32152  54
Comment 16 Colin Leroy 2004-11-28 09:04:11 UTC
great, thanks for the patch Jean!
Can you push to Andrew before 2.6.10?

Thanks.
Comment 17 Jean Delvare 2004-11-28 10:23:59 UTC
I'll push it to Greg or Andrew or Linus, whoever wants it, but maybe not before
2.6.10 as there is no regression as far as I can see (the problem was already
there before, just not triggering). I'm also not certain why the code which is
supposed to handle names longer than 19 bytes won't work in this case, so maybe
my patch isn't the proper way to fix the problem.
Comment 18 Colin Leroy 2004-11-28 10:56:59 UTC
Sure. I'd rather like thermal control working in every kernel release, that's
why I'd like a fix in maintree now that the bug triggers...
Comment 19 Colin Leroy 2004-11-29 00:38:13 UTC
Adding Greg to Cc: 
You may be interested, looks like the code in kobject.c::kobject_set_name fails
with strings longer than KOBJ_NAME_LEN.
Comment 20 Greg Kroah-Hartman 2004-11-29 11:51:20 UTC
The oops has already been fixed in the latest -bk tree.  It was because
of the use of varargs.  It would work on some archs properly, and others
not at all.
Comment 21 Greg Kroah-Hartman 2004-11-29 11:52:04 UTC
Jean, please send me the other patch in an email, I'll add it to my queue.

Note You need to log in before you can comment on or make changes to this bug.