From 57e27ff07aff35289892f79288bebf76a3c31fec Mon Sep 17 00:00:00 2001 From: Richard Scheffenegger Date: Mon, 12 Feb 2024 21:43:18 +0100 Subject: [PATCH] tcp: partially undo D43792 At the destruction of the tcpcb, no timers are supposed to be running. However, it turns out that stopping them in the close() / shutdown() call does not have the desired effect under all circumstances. This partially reverts 62d47d73b7eb to reduce the nuisance caused. PR: 277009 Reported-by: syzbot+9a9aa434a14a2b35c3ba@syzkaller.appspotmail.com Reported-by: syzbot+e82856782410e895bae7@syzkaller.appspotmail.com Reviewed By: glebius, tuexen, #transport Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D43855 --- sys/netinet/tcp_subr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 90e1496a822..97d60ceba24 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2383,9 +2383,10 @@ tcp_discardcb(struct tcpcb *tp) #endif INP_WLOCK_ASSERT(inp); - MPASS(!callout_active(&tp->t_callout)); MPASS(TAILQ_EMPTY(&tp->snd_holes)); + tcp_timer_stop(tp); + /* free the reassembly queue, if any */ tcp_reass_flush(tp);