Distribution: Debian Hardware Environment: i386 Software Environment: gcc 3.3.3 Problem Description: After loading the 'uinput' module (drivers/input/misc/uinput.c), a char device /dev/misc/uinput is created. (For non-devfs based systems, use "cat /proc/misc" to find out the device minor. The major is 10. Then, you can create the device node yourself.) This device node is for interacting with the input subsystem to let userland programs create and manipulate "virtual" devices. The node can be open()ed, read() and write()n without problems. However, as soon as I do a select() or poll(), it Oops! The userland program gets a SEGV signal. Steps to reproduce: Compile the attached file. Then, run it. You'll get the Oops and SEGV. Changing the device file to /dev/zero, the program runs without problems. Try other files, and the program runs without problems.
Created attachment 3001 [details] C program to generate the Oops (Change the filename in the open line to "/dev/misc/uinput" to trigger the bug.)
Created attachment 3002 [details] The oops message Apparently, there is a null pointer deference in kernel code.
Created attachment 3007 [details] Patch to avoid oopsing in uinput_poll You need to create userspace device before starting polling. Please try the attached patch (it checks whether the device has been created before doing poll_wait as the user device may not be created yet and corresponding wait queue is not yet initialized).
Thanks, Dmitry. The patch looks obviously correct, so I implemented a similar fix in my input tree.