On Tue, Aug 27, 2013 at 01:42:47AM +0100, Al Viro wrote: > Might be buggered refcounting on struct file somewhere (i.e. extra fput() done, > getting the file freed *before* close(), leaving a dangling pointer in > descriptor table). Might be memory corruption of some kind, slapping junk > pointer into descriptor table. Might be buggered refcounting on struct > dentry - if extra dput() is done somewhere, dentry might get freed under > us or become negative. > > Hell, might be buggered refcounting on descriptor table - binder is playing > interesting games there. Try to reproduce that with CONFIG_DEBUG_KMEMLEAK > and slab debugging turned on, see if you hit anything from those; if it's > more or less readily reproducible, I would start with that - too many > scenarios involve broken refcounting of one sort or another. Nevermind dentry refcounting - you get NULL dentry, not NULL inode. Other scenarios still remain, so I'd really recommend slab/kmemleak debugging turned on. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
