CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2022/03/28 10:31:26
Modified files:
sys/netinet : igmp.c igmp_var.h in.c
Log message:
if_detach() does if_remove(ifp); NET_LOCK(); rti_delete(). New
igmp groups may join while sleeping in interface destruction. In
this case if_get() in igmp_joingroup() fails and rti_fill() is not
called. Then inm->inm_rti may be NULL. This is the condition when
syzkaller crashes in igmp_leavegroup().
Pass the ifp the current CPU is already holding down to igmp_joingroup()
and igmp_leavegroup() to avoid half constructed igmp groups. Calling
if_get() in caller and callee makes no sense anyway.
Reported-by: syzbot+146823a676b7bea83...@syzkaller.appspotmail.com
OK denis@
