[Openib-windows] A typo when destroying thecq_tinfo in the function pnp_ca_remove

Tzachi Dar tzachid at mellanox.co.il
Sun Jun 4 12:05:48 PDT 2006 

Thanks for your fast response.

However, while running some more tests I have received a different
access violation with the following call stack:

ChildEBP RetAddr  Args to Child              
0321f808 004c3368 00000013 00c38ff0 7c8883a0 ntdll!DbgBreakPoint
WARNING: Stack unwind information not available. Following frames may be
wrong.
0321f9d8 004c6843 004ca528 00000013 0d252ff4
vrfcore!VerifierStopMessageEx+0x3d3
0321fa00 007f2139 00000013 007e3140 0d252ff4
vrfcore!VerifierRegisterLayerEx+0x120
0321fa30 007e8f19 00000013 007e3140 0d252ff4 vfbasics+0x12139
0321fa94 007e8658 0321fabc 0321fabc 0321facc vfbasics+0x8f19
0321faa4 7c84f937 0321fabc 0321fb68 0321fb68 vfbasics+0x8658
0321facc 7c813fb5 00000000 00c38ff0 7c888f68
ntdll!RtlpCallVectoredHandlers+0x57
0321fae0 7c814055 0321fb68 0321fb84 02a18f38
ntdll!RtlCallVectoredExceptionHandlers+0x15
0321fb50 7c82ecc6 0321fb68 0321fb84 0321fb68
ntdll!RtlDispatchException+0x19
0321fb50 02b50765 0321fb68 0321fb84 0321fb68
ntdll!KiUserExceptionDispatcher+0xe
0321fec0 02b5adb0 0d252fd0 02b5c6f3 00000001
ibwsd!ib_destroy_cq_tinfo+0x7a5
[q:\projinf1\trunk\ulp\wsd\user\ibsp_iblow.c @ 697]
0321fee8 02b50c7a 02e98f50 02b777e0 0321ff08 ibwsd!pnp_ca_remove+0x150
[q:\projinf1\trunk\ulp\wsd\user\ibsp_pnp.c @ 183]
0321ff0c 02b6efb4 00000000 00000000 71b53275 ibwsd!ib_release+0xda
[q:\projinf1\trunk\ulp\wsd\user\ibsp_iblow.c @ 846]
0321ff24 71b4a323 0321ff40 71b593b8 00000000 ibwsd!IBSPCleanup+0x5a4
[q:\projinf1\trunk\ulp\wsd\user\ibspdll.c @ 2171]
0321ff38 71b26828 02a18f38 0321ff68 0321ff78
MSWSOCK!SockSanAsyncFreeProvider+0x11
0321ff48 71b23ed7 71b4a312 02a18f38 0321ff68
MSWSOCK!SockHandleAsyncIndication+0x73
0321ff78 007e4e8f 71b4a312 0321c79e 00000000
MSWSOCK!SockAsyncThread+0xb3
0321ffb8 77e66063 02f30fe0 00000000 00000000 vfbasics+0x4e8f
0321ffec 00000000 007e4e20 02f30fe0 00000000
kernel32!BaseThreadStart+0x34

After looking at the error, it seems that the problem is after the
lines:

		/* ib_cq_thread() will release the cq_tinfo before exit.
Don't
		   reference cq_tinfo after signaling  */
		h_cq_thread = cq_tinfo->ib_cq_thread;
		cq_tinfo->ib_cq_thread = NULL;

		cq_tinfo->ib_cq_thread_exit_wanted = TRUE;
		cl_waitobj_signal( cq_tinfo->cq_waitobj );

According to this lines, cq_tinfo shouldn't be used any more after
signaling the event.
However one line after that cq_tinfo->ib_cq_thread_id  is indeed being
touched. This causes the AV of course.

Thanks
Tzachi

> -----Original Message-----
> From: ftillier.sst at gmail.com [mailto:ftillier.sst at gmail.com] 
> On Behalf Of Fabian Tillier
> Sent: Sunday, June 04, 2006 9:40 PM
> To: Tzachi Dar
> Cc: openib-windows at openib.org
> Subject: Re: [Openib-windows] A typo when destroying 
> thecq_tinfo in the function pnp_ca_remove
> 
> Hi Tzachi,
> 
> On 6/4/06, Fabian Tillier <ftillier at silverstorm.com> wrote:
> > Hi Tzachi,
> >
> > On 6/4/06, Tzachi Dar <tzachid at mellanox.co.il> wrote:
> > >
> > > Hi Fab,
> > >
> > > While debugging a failure in the function pnp_ca_remove I have 
> > > noticed that the code takes an object from the linked 
> list, removes 
> > > it but than it calls ib_destroy_cq_tinfo on the first 
> item in the list.
> > > ib_destroy_cq_tinfo( hca->cq_tinfo );
> > >
> > > I believe that what you really wanted to do was to call
> > >
> > > ib_destroy_cq_tinfo( p_cq_tinfo );
> > >
> > > Do you agree?
> >
> > Yes, that's right.  Do you already have a fix for this or 
> do you want 
> > me to code this up?  If you already have it, please just go 
> ahead and 
> > check it in.
> 
> I just checked in a fix for this, in revision 371.
> 
> - Fab
> 
> 
>

More information about the ofw mailing list