More precicely, for some reason, free_list became empty (free_list.next and
free_list.prev pointed back to free_list) but files_stat.nr_free_files was
180. So the code list_entry(free_list.next...) returned a bad pointer (in
this case a pointer to free_list) and the memset in the get_empty_filp
overwrote the files_lock.
As far as I can see, one way this can happen is if in _fput, the list_del
and list_add routines took the *file off of teh free_list and put it back on
the free_list, causing the statement files_stat.nr_free_files++ to be out of
sync.
My question is... can anyone call _fput where the *file parameter is already
on the free_list?
Thanks
Lee
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/