On Sun, Mar 02, 2008 at 03:20:17PM -0500, Daniel Barkalow wrote: > > And the problem lies in the fact we run_active_slot() during cleanup, > > which can end up going through all the slots starting at > > active_queue_head, while we have freed the first slots... > > > > Now, why do we need to run slots when cleaning up ? > > AFAICT, it's always been that way. I assume there was code that set up all > of the remaining transfers and then just called http_cleanup, relying on > the callbacks to handle the receipt of the remaining data, but I'm not > sure if that's still the case. It doesn't look like it is stil the case. > On the other hand, I think that code is > supposed to remove slots from the active queue as they get processed, so > that run_active_slot() is always safe to call and just won't do anything > if it's not needed in cleanup. > > So I'm guessing that we have list corruption due to code getting careless > in error cases, in addition to cleanup code that possibly cares too much > about finishing everything it can. That's in fill_active_slots that it's trying to go through all slots starting at active_queue_head, which is likely to be freed at this point. The fix I sent earlier just throws all active slots, which should just be fine now. Mike -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
