Fix a NULL pointer dereference panic that occurs when the TCP protocol
stack races against userland while closing a tcp connection. It is
possible for userland to queue a disconnect request but for the protocol
stack to then receive a packet that causes it to call tcp_drop()->tcp_close()
which also disconnects the inpcb from the tcpcb. When the protocol stack
then processes the disconnect request it hits the panic because the inpcb
no longer has a tcpcb connected to it.
The bug generally only occured on SMP systems where the latency in intra-cpu
communication opens up the window of opportunity for the bug to occur.
Panic-Reported-by: Adam K Kirchhoff <adamk@voicenet.com>
nant's projects / dragonfly.git / commit