Date: Sun, 11 Feb 2024 13:30:59 +0000 From: bugzilla-noreply@freebsd.org To: transport@FreeBSD.org Subject: [Bug 276761] panic: sbsndptr_noadv: sb_mb is NULL Message-ID: <bug-276761-38102-rHDqce1hAB@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-276761-38102@https.bugs.freebsd.org/bugzilla/> References: <bug-276761-38102@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276761 Richard Scheffenegger <rscheff@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Closed |In Progress Resolution|FIXED |--- --- Comment #16 from Richard Scheffenegger <rscheff@freebsd.org> --- Yes, I suspect that TT_2MSL is allowed to be active. Would you be willing to test these checks instead of a catch-all if any tim= er is active: diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 90e1496a822c..8acb03d8e3d1 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2383,7 +2383,11 @@ tcp_discardcb(struct tcpcb *tp) #endif INP_WLOCK_ASSERT(inp); - MPASS(!callout_active(&tp->t_callout)); + /* only allow TT_2MSL for TIMEWAIT */ + MPASS(!tcp_timer_active(tp, TT_REXMT)); + MPASS(!tcp_timer_active(tp, TT_PERSIST)); + MPASS(!tcp_timer_active(tp, TT_KEEP)); + MPASS(!tcp_timer_active(tp, TT_DELACK)); MPASS(TAILQ_EMPTY(&tp->snd_holes)); /* free the reassembly queue, if any */ Syzcaller found this, but without a reproducer (or core). The above, if it's another timer than TT_2MSL, which would be expected for TIME-WAIT, would yi= eld a dedicated panic line... --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276761-38102-rHDqce1hAB>