On Mon, Nov 12, 2012 at 10:05:07PM +0100, Sylvain Munaut wrote:
> Hi,
>
> > I am now rebasing and start with testing just the SMC rework and I have seen
> > a crash in the cp_timer_expired routine (NULL pointer + small offset). I
> > have
> > not seen how this can happen because the smc instance should be cleared at
> > the
> > end of an instance.. I will continue to test with the modem bank and improve
> > the debugging (sadly an ABI incompatible change to the SMC/SMR structure).
>
> btw, how easy are those to reproduce ?
the crash with the entire patch set is 'easy' to reproduce. I have four devices
that SMS to each other but I am confident that only two can cause the same
crash.
the cp_timer_expired is more difficult to reproduce but I think I know how it
can happen.
1.) cp_timer expired..
2.)
nmsg = gsm411_msgb_alloc();
inst->mn_recv(inst, GSM411_MNSMS_ERROR_IND, nmsg);
msgb_free(nmsg);
3.)
case GSM411_MNSMS_ERROR_IND:
if (gh)
DEBUGP(DLSMS, "MNSMS-ERROR-IND, cause %d (%s)\n",
gh->data[0],
get_value_string(gsm411_cp_cause_strs,
gh->data[0]));
else
DEBUGP(DLSMS, "MNSMS-ERROR-IND, no cause\n");
trans_free(trans);
at this point the smc is gone... so thanks for asking to make me reflect on the
crash. I wonder if I shouldn't just put the smc/smr patch together and debug the
result.
>
> Do you need an automated setup or just sending a couple SMS using a
> phone can trigger them ?
I think it helps that the Wavecom module of our modem bank is generally not
happy
with our SMS protocol handling and I end up in all the error paths.
