Check the inp_flags under inp lock. Looks like the race was hidden

before, the conversion of tcbinfo to CK_LIST have uncovered it.
svn path=/head/; revision=335749
2018-06-27 22:01:59 +00:00 · 2018-06-27 22:01:59 +00:00 · b8ab659396 · 2020-12-20 02:59:44 +00:00
commit b8ab659396
parent 95dce07dea
1 changed files with 4 additions and 2 deletions
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@ -2019,9 +2019,11 @@ tcp_drain(void)
 	 */
 		INP_INFO_WLOCK(&V_tcbinfo);
 		CK_LIST_FOREACH(inpb, V_tcbinfo.ipi_listhead, inp_list) {
-			if (inpb->inp_flags & INP_TIMEWAIT)
-				continue;
 			INP_WLOCK(inpb);
+			if (inpb->inp_flags & INP_TIMEWAIT) {
+				INP_WUNLOCK(inpb);
+				continue;
+			}
 			if ((tcpb = intotcpcb(inpb)) != NULL) {
 				tcp_reass_flush(tcpb);
 				tcp_clean_sackreport(tcpb);