Hi,
I now have a very weird IrDA crash. I basically crash in
__wake_up(). The call stack is like this :
----------------------
kfree_skb() ->
sock_wfree(struct sk_buff *) ->
sock_def_write_space(struct sock *) ->
__wake_up(sk->sleep) ->
Crash !!!!
----------------------
It doesn't seem that sk->sleep is manipulated by IrDA itself
and all calls to skb_set_owner_w() seem reasonable.
The only thing weird in the IrDA code is that in a lot of case
we skb_clone() and then skb_set_owner_w(), which, if I understand
right, would increase twice the buffer space in the write socket. But
I may be wrong. Whatever...
If I exclude massive skb corruption, the only way it could
happen is if we keep some skb alive after the socket is closed and
they are freed after that.
The PC is am IrDA slave (server), and the IrDA connection tend
to cut. I strongly suspect that WD_TIMER_EXPIRED in
irlap_state_nrm_s(); should require a
irlap_flush_all_queues(self);... It look like other places would need
that as well.
What do you think ?
Jean
_______________________________________________
Linux-IrDA mailing list - [EMAIL PROTECTED]
http://www.pasta.cs.UiT.No/mailman/listinfo/linux-irda
