Hello All, I am seeing a bug in get_empty_filp (fs/file_table.c) where files_stat.nr_free_files is out of sync with respect to the actual number of elements in free_list. More precicely, for some reason, free_list became empty (free_list.next and free_list.prev pointed back to free_list) but files_stat.nr_free_files was 180. So the code list_entry(free_list.next...) returned a bad pointer (in this case a pointer to free_list) and the memset in the get_empty_filp overwrote the files_lock. As far as I can see, one way this can happen is if in _fput, the list_del and list_add routines took the *file off of teh free_list and put it back on the free_list, causing the statement files_stat.nr_free_files++ to be out of sync. My question is... can anyone call _fput where the *file parameter is already on the free_list? Thanks Lee ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
