[Bug 276761] panic: sbsndptr_noadv: sb_mb is NULL

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 11 Feb 2024 13:30:59 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276761

Richard Scheffenegger <rscheff@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Closed                      |In Progress
         Resolution|FIXED                       |---

--- Comment #16 from Richard Scheffenegger <rscheff@freebsd.org> ---
Yes, I suspect that TT_2MSL is allowed to be active.

Would you be willing to test these checks instead of a catch-all if any timer
is active:


diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 90e1496a822c..8acb03d8e3d1 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -2383,7 +2383,11 @@ tcp_discardcb(struct tcpcb *tp)
 #endif

        INP_WLOCK_ASSERT(inp);
-       MPASS(!callout_active(&tp->t_callout));
+       /* only allow TT_2MSL for TIMEWAIT */
+       MPASS(!tcp_timer_active(tp, TT_REXMT));
+       MPASS(!tcp_timer_active(tp, TT_PERSIST));
+       MPASS(!tcp_timer_active(tp, TT_KEEP));
+       MPASS(!tcp_timer_active(tp, TT_DELACK));
        MPASS(TAILQ_EMPTY(&tp->snd_holes));

        /* free the reassembly queue, if any */

Syzcaller found this, but without a reproducer (or core). The above, if it's
another timer than TT_2MSL, which would be expected for TIME-WAIT, would yield
a dedicated panic line...

-- 
You are receiving this mail because:
You are the assignee for the bug.