kernel segfault with evdev grab

linux-input.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* kernel segfault with evdev grab
@ 2008-02-20  9:33 Johannes Berg
  0 siblings, 0 replies; only message in thread
From: Johannes Berg @ 2008-02-20  9:33 UTC (permalink / raw)
  To: Dmitry Torokhov; +Cc: linux-input

[-- Attachment #1: Type: text/plain, Size: 2262 bytes --]

Hi,

I just got the following:

[10744.820626] Unable to handle kernel paging request for data at address 0x6b6b6b6b
[10744.820632] Faulting instruction address: 0xc01b8f84
[10744.820647] Oops: Kernel access of bad area, sig: 11 [#1]
[10744.820652] PREEMPT PowerMac
[10744.820658] Modules linked in: ... [last unloaded: appletouch]
[10744.820761] NIP: c01b8f84 LR: c031cf98 CTR: 00000000
[10744.820767] REGS: eed8fd80 TRAP: 0300   Not tainted  (2.6.25-rc2-00261-g54a6132-dirty)
[10744.820774] MSR: 00001032 <ME,IR,DR>  CR: 24008482  XER: 00000000
[10744.820788] DAR: 6b6b6b6b, DSISR: 40000000
[10744.820793] TASK = eefb6000[3154] 'Xorg' THREAD: eed8e000
[10744.820798] GPR00: c031cf98 eed8fe30 eefb6000 eed8fe48 6b6b6b6b eecb0664 6b6b6b6b 00000025 
[10744.820816] GPR08: 00000000 eecb0664 00000001 c0640000 24008488 101f85a4 10212a20 101f0724 
[10744.820834] GPR16: 101f074c bfebc630 00000000 1021564c 1021524c 102152cc 1021554c bfebc3c4 
[10744.820853] GPR24: 1021534c 101f0858 eed8fe48 eecb0664 eefb6000 eed8e000 00009032 eecb0650 
[10744.820872] NIP [c01b8f84] __list_add+0x1c/0x7c
[10744.820884] LR [c031cf98] __mutex_lock_slowpath+0x7c/0x204
[10744.820892] Call Trace:
[10744.820896] [eed8fe30] [eed8e000] 0xeed8e000 (unreliable)
[10744.820907] [eed8fe40] [c031cf98] __mutex_lock_slowpath+0x7c/0x204
[10744.820917] [eed8fe90] [c024496c] input_release_device+0x24/0x48
[10744.820929] [eed8feb0] [f248712c] evdev_ungrab+0x4c/0x64 [evdev]
[10744.820941] [eed8fec0] [f248728c] evdev_release+0xec/0xf0 [evdev]
[10744.820953] [eed8fee0] [c009ea88] __fput+0xc8/0x1e0
[10744.820964] [eed8ff00] [c009b0e4] filp_close+0x5c/0xa4
[10744.820974] [eed8ff20] [c009b1bc] sys_close+0x90/0xf8
[10744.820984] [eed8ff40] [c0012328] ret_from_syscall+0x0/0x38


The reason is that I unloaded appletouch, which had an input device open
that was grabbed by Xorg. Now, when Xorg tried to release the input
device, the kernel segfaulted trying to access an invalidated mutex that
was in released memory (0x6b6b6b6b slab poison).

I think the problem will be solved by iterating the client_list in
evdev_disconnect() and calling evdev_ungrab() if any of them has sa
grab, rather than waiting for userspace to close the file handle.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2008-02-20 18:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-20  9:33 kernel segfault with evdev grab Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).