From 1696176312f2452d97af549618c7f240f4972136 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@apollo.backplane.com>
Date: Fri, 30 Apr 2010 11:08:14 -0700
Subject: [PATCH] kernel - Try to fix NULL pointer issue in
 syncache_timer_handler()

* There seems to be a case where a tcpcb's inp can be NULL when accessed
  from syncache_timer_handler().  Try to handle it.
---
 sys/netinet/tcp_syncache.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 3b1673fad3..d5ceb2382b 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -513,6 +513,7 @@ syncache_timer_handler(netmsg_t netmsg)
 		inp = sc->sc_tp->t_inpcb;
 		if (slot == SYNCACHE_MAXREXMTS ||
 		    slot >= tcp_syncache.rexmt_limit ||
+		    inp == NULL ||
 		    inp->inp_gencnt != sc->sc_inp_gencnt) {
 			nsc = TAILQ_NEXT(sc, sc_timerq);
 			syncache_drop(sc, NULL);
-- 
2.41.0