Index: sys/netinet/tcp_input.c
===================================================================
RCS file: /mount/openbsd/cvs/src/sys/netinet/tcp_input.c,v
diff -u -p -u -p -r1.424 tcp_input.c
--- sys/netinet/tcp_input.c	25 Jan 2025 22:06:41 -0000	1.424
+++ sys/netinet/tcp_input.c	25 Jan 2025 23:40:44 -0000
@@ -3581,6 +3581,7 @@ syn_cache_get(struct sockaddr *src, stru
 	soassertlocked(so);
 	soref(so);
 	inp = sotoinpcb(so);
+	tp = intotcpcb(inp);
 
 #ifdef IPSEC
 	/*
@@ -3639,7 +3640,6 @@ syn_cache_get(struct sockaddr *src, stru
 	}
 	(void) m_free(am);
 
-	tp = intotcpcb(inp);
 	tp->t_flags = sototcpcb(oldso)->t_flags & (TF_NOPUSH|TF_NODELAY);
 	if (sc->sc_request_r_scale != 15) {
 		tp->requested_s_scale = sc->sc_requested_s_scale;
@@ -3650,10 +3650,8 @@ syn_cache_get(struct sockaddr *src, stru
 		tp->t_flags |= TF_REQ_TSTMP|TF_RCVD_TSTMP;
 
 	tp->t_template = tcp_template(tp);
-	if (tp->t_template == 0) {
-		tp = tcp_drop(tp, ENOBUFS);	/* destroys socket */
+	if (tp->t_template == NULL)
 		goto abort;
-	}
 	tp->sack_enable = ISSET(sc->sc_fixflags, SCF_SACK_PERMIT);
 	tp->ts_modulate = sc->sc_modulate;
 	tp->ts_recent = sc->sc_timestamp;
@@ -3710,9 +3708,9 @@ syn_cache_get(struct sockaddr *src, stru
 resetandabort:
 	tcp_respond(NULL, mtod(m, caddr_t), th, (tcp_seq)0, th->th_ack, TH_RST,
 	    m->m_pkthdr.ph_rtableid, now);
-	if (so != NULL)
-		soabort(so);
 abort:
+	if (tp != NULL)
+		tp = tcp_drop(tp, ECONNABORTED);	/* destroys socket */
 	m_freem(m);
 	in_pcbsounlock_rele(inp, so);
 	syn_cache_put(sc);