Coverity reports that tv.tv_sec is uninitialized when passed to tvtosbt(), which returns the timeout used for the HPTS callout. Presumably the intent is to initialize it to 0? I also see that in tcp_run_hpts(), "hpts" is declared as static, but that is not thread safe and doesn't make sense to me.
The second find is super weird! Thanks for reporting. I also noticed the recent Coverity report.
rrs@ fixed both issues in https://cgit.FreeBSD.org/src/commit/?id=6a79e48076bcce3e902323e62689eacb98faa180
MFCed now.