Hi, I just got the following: [10744.820626] Unable to handle kernel paging request for data at address 0x6b6b6b6b [10744.820632] Faulting instruction address: 0xc01b8f84 [10744.820647] Oops: Kernel access of bad area, sig: 11 [#1] [10744.820652] PREEMPT PowerMac [10744.820658] Modules linked in: ... [last unloaded: appletouch] [10744.820761] NIP: c01b8f84 LR: c031cf98 CTR: 00000000 [10744.820767] REGS: eed8fd80 TRAP: 0300 Not tainted (2.6.25-rc2-00261-g54a6132-dirty) [10744.820774] MSR: 00001032 <ME,IR,DR> CR: 24008482 XER: 00000000 [10744.820788] DAR: 6b6b6b6b, DSISR: 40000000 [10744.820793] TASK = eefb6000[3154] 'Xorg' THREAD: eed8e000 [10744.820798] GPR00: c031cf98 eed8fe30 eefb6000 eed8fe48 6b6b6b6b eecb0664 6b6b6b6b 00000025 [10744.820816] GPR08: 00000000 eecb0664 00000001 c0640000 24008488 101f85a4 10212a20 101f0724 [10744.820834] GPR16: 101f074c bfebc630 00000000 1021564c 1021524c 102152cc 1021554c bfebc3c4 [10744.820853] GPR24: 1021534c 101f0858 eed8fe48 eecb0664 eefb6000 eed8e000 00009032 eecb0650 [10744.820872] NIP [c01b8f84] __list_add+0x1c/0x7c [10744.820884] LR [c031cf98] __mutex_lock_slowpath+0x7c/0x204 [10744.820892] Call Trace: [10744.820896] [eed8fe30] [eed8e000] 0xeed8e000 (unreliable) [10744.820907] [eed8fe40] [c031cf98] __mutex_lock_slowpath+0x7c/0x204 [10744.820917] [eed8fe90] [c024496c] input_release_device+0x24/0x48 [10744.820929] [eed8feb0] [f248712c] evdev_ungrab+0x4c/0x64 [evdev] [10744.820941] [eed8fec0] [f248728c] evdev_release+0xec/0xf0 [evdev] [10744.820953] [eed8fee0] [c009ea88] __fput+0xc8/0x1e0 [10744.820964] [eed8ff00] [c009b0e4] filp_close+0x5c/0xa4 [10744.820974] [eed8ff20] [c009b1bc] sys_close+0x90/0xf8 [10744.820984] [eed8ff40] [c0012328] ret_from_syscall+0x0/0x38 The reason is that I unloaded appletouch, which had an input device open that was grabbed by Xorg. Now, when Xorg tried to release the input device, the kernel segfaulted trying to access an invalidated mutex that was in released memory (0x6b6b6b6b slab poison). I think the problem will be solved by iterating the client_list in evdev_disconnect() and calling evdev_ungrab() if any of them has sa grab, rather than waiting for userspace to close the file handle. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part