hitting Assertion !callout_active(&tp->t_callout) failed at /usr/src/sys/netinet/tcp_subr.c:2386 after 62d47d7

Reply: Dave Cottlehuber: "Re: hitting Assertion !callout_active(&tp->t_callout) failed at /usr/src/sys/netinet/tcp_subr.c:2386 after 62d47d7"
In reply to: Richard Scheffenegger : "git: 62d47d73b7eb - main - tcp: stop timers and clean scoreboard in tcp_close()"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dave Cottlehuber <dch_at_FreeBSD.org>
Date: Mon, 12 Feb 2024 08:31:19 UTC
On Sat, 10 Feb 2024, at 09:34, Richard Scheffenegger wrote:
> The branch main has been updated by rscheff:
>
> URL: 
> https://cgit.FreeBSD.org/src/commit/?id=62d47d73b7eb01f3b0a37541df5e7aaa36f54335
>
> commit 62d47d73b7eb01f3b0a37541df5e7aaa36f54335
> Author:     Richard Scheffenegger <rscheff@FreeBSD.org>
> AuthorDate: 2024-02-10 09:28:42 +0000
> Commit:     Richard Scheffenegger <rscheff@FreeBSD.org>
> CommitDate: 2024-02-10 09:30:00 +0000
>
>     tcp: stop timers and clean scoreboard in tcp_close()
>    
>     Stop timers when in tcp_close() instead of doing that in tcp_discardcb().
>     A connection in CLOSED state shall not need any timers. Assert that no
>     timer is rescheduled after that in tcp_timer_activate() and verfiy that
>     this is also the expected state in tcp_discardcb().
>    
>     PR:                     276761
>     Reviewed By:            glebius, tuexen, #transport
>     Sponsored by:           NetApp, Inc.
>     Differential Revision:  https://reviews.freebsd.org/D43792
> ---
>  sys/netinet/tcp_subr.c  | 4 ++--
>  sys/netinet/tcp_timer.c | 1 +
>  2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
> index 6043a3d458e5..90e1496a822c 100644
> --- a/sys/netinet/tcp_subr.c
> +++ b/sys/netinet/tcp_subr.c
> @@ -2383,10 +2383,9 @@ tcp_discardcb(struct tcpcb *tp)
>  #endif
> 
>  	INP_WLOCK_ASSERT(inp);
> +	MPASS(!callout_active(&tp->t_callout));

I'm repeatedly hitting this assert soon after boot on my ryzen desktop. I've a coredump.

Panic String: Assertion !callout_active(&tp->t_callout) failed at /usr/src/sys/netinet/tcp_subr.c:2386

I'll apply your latest patch in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276761#c16 and report back..

__curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
57              __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu,
(kgdb) #0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:57
#1  doadump (textdump=textdump@entry=0)
    at /usr/src/sys/kern/kern_shutdown.c:403
#2  0xffffffff804a39da in db_dump (dummy=<optimized out>,
    dummy2=<optimized out>, dummy3=<optimized out>, dummy4=<optimized out>)
    at /usr/src/sys/ddb/db_command.c:590
#3  0xffffffff804a37e0 in db_command (last_cmdp=<optimized out>,
    cmd_table=<optimized out>, dopager=false)
    at /usr/src/sys/ddb/db_command.c:503
#4  0xffffffff804a3926 in db_command_script (
    command=command@entry=0xffffffff817b9724 <db_recursion_data+84> "dump")
    at /usr/src/sys/ddb/db_command.c:568
#5  0xffffffff804a8c88 in db_script_exec (
    scriptname=scriptname@entry=0xfffffe0346e96680 "kdb.enter.panic",
    warnifnotfound=warnifnotfound@entry=0) at /usr/src/sys/ddb/db_script.c:301
#6  0xffffffff804a8ab2 in db_script_kdbenter (eventname=<optimized out>)
    at /usr/src/sys/ddb/db_script.c:323
#7  0xffffffff804a6b81 in db_trap (type=<optimized out>, code=<optimized out>)
    at /usr/src/sys/ddb/db_main.c:266
#8  0xffffffff80ba2aa2 in kdb_trap (type=type@entry=3, code=code@entry=0,
    tf=tf@entry=0xfffffe0346e969c0) at /usr/src/sys/kern/subr_kdb.c:790
#9  0xffffffff81057fd6 in trap (frame=0xfffffe0346e969c0)
    at /usr/src/sys/amd64/amd64/trap.c:606
#10 <signal handler called>
#11 kdb_enter (why=<optimized out>, msg=<optimized out>)
    at /usr/src/sys/kern/subr_kdb.c:556
#12 0xffffffff80b532d6 in vpanic (
    fmt=0xffffffff8120a0cb "Assertion %s failed at %s:%d",
    ap=ap@entry=0xfffffe0346e96bf0) at /usr/src/sys/kern/kern_shutdown.c:961
#13 0xffffffff80b53163 in panic (
    fmt=0xffffffff81980440 <cnputs_mtx> "\202\221\024\201\377\377\377\377")
    at /usr/src/sys/kern/kern_shutdown.c:889
#14 0xffffffff80d585e1 in tcp_discardcb (tp=tp@entry=0xfffff808d767ca80)
    at /usr/src/sys/netinet/tcp_subr.c:2386
#15 0xffffffff80d64e81 in tcp_usr_detach (so=0xfffff8012ccd0780)
    at /usr/src/sys/netinet/tcp_usrreq.c:214
#16 0xffffffff80c05151 in sofree (so=0xfffff8012ccd0780)
    at /usr/src/sys/kern/uipc_socket.c:1205
#17 sorele_locked (so=so@entry=0xfffff8012ccd0780)
    at /usr/src/sys/kern/uipc_socket.c:1232
#18 0xffffffff80c05fad in soclose (so=0xfffff8012ccd0780)
    at /usr/src/sys/kern/uipc_socket.c:1302
#19 0xffffffff80aed71b in fo_close (fp=0xfffff8064b7362d0, td=0x80)
    at /usr/src/sys/sys/file.h:390
#20 _fdrop (fp=fp@entry=0xfffff8064b7362d0, td=0x80,
    td@entry=0xfffff8012cc91000) at /usr/src/sys/kern/kern_descrip.c:3666
#21 0xffffffff80af0f83 in closef (fp=fp@entry=0xfffff8064b7362d0,
    td=td@entry=0xfffff8012cc91000) at /usr/src/sys/kern/kern_descrip.c:2839
#22 0xffffffff80af4ea6 in closefp_impl (fdp=0xfffffe02e1a24430, fd=95,
    fp=0xfffff8064b7362d0, td=0xfffff8012cc91000, audit=true)
    at /usr/src/sys/kern/kern_descrip.c:1315
#23 0xffffffff81059473 in syscallenter (td=0xfffff8012cc91000)
    at /usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:186
#24 amd64_syscall (td=0xfffff8012cc91000, traced=0)
    at /usr/src/sys/amd64/amd64/trap.c:1192
#25 <signal handler called>
#26 0x00003069693b76da in ?? ()
Backtrace stopped: Cannot access memory at address 0x30696c9b9818
(kgdb)
(END)

A+
Dave
———
O for a muse of fire, that would ascend the brightest heaven of invention!