release_mem() is altering the file->f_list lists without taking the
appropriate spinlock.



 drivers/char/tty_io.c |    4 ++++
 1 files changed, 4 insertions(+)

diff -puN drivers/char/tty_io.c~tty_files-fixes drivers/char/tty_io.c
--- 25/drivers/char/tty_io.c~tty_files-fixes	2003-03-09 23:15:15.000000000 -0800
+++ 25-akpm/drivers/char/tty_io.c	2003-03-09 23:15:58.000000000 -0800
@@ -1037,7 +1037,9 @@ static void release_mem(struct tty_struc
 		}
 		o_tty->magic = 0;
 		(*o_tty->driver.refcount)--;
+		file_list_lock();
 		list_del(&o_tty->tty_files);
+		file_list_unlock();
 		free_tty_struct(o_tty);
 	}
 
@@ -1049,7 +1051,9 @@ static void release_mem(struct tty_struc
 	}
 	tty->magic = 0;
 	(*tty->driver.refcount)--;
+	file_list_lock();
 	list_del(&tty->tty_files);
+	file_list_unlock();
 	module_put(tty->driver.owner);
 	free_tty_struct(tty);
 }

_