From owner-freebsd-net@FreeBSD.ORG  Sat Mar 14 21:06:48 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0AF2810656C4;
	Sat, 14 Mar 2009 21:06:48 +0000 (UTC) (envelope-from sam@freebsd.org)
Received: from ebb.errno.com (ebb.errno.com [69.12.149.25])
	by mx1.freebsd.org (Postfix) with ESMTP id CF01E8FC20;
	Sat, 14 Mar 2009 21:06:47 +0000 (UTC) (envelope-from sam@freebsd.org)
Received: from trouble.errno.com (trouble.errno.com [10.0.0.248])
	(authenticated bits=0)
	by ebb.errno.com (8.13.6/8.12.6) with ESMTP id n2EL6lYU059861
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 14 Mar 2009 14:06:47 -0700 (PDT) (envelope-from sam@freebsd.org)
Message-ID: <49BC1C66.7030400@freebsd.org>
Date: Sat, 14 Mar 2009 14:06:46 -0700
From: Sam Leffler <sam@freebsd.org>
Organization: FreeBSD Project
User-Agent: Thunderbird 2.0.0.18 (X11/20081209)
MIME-Version: 1.0
To: Bruce Simpson <bms@incunabulum.net>
References: <1236937253.2282.0.camel@localhost>	<49BAEA9F.8020302@incunabulum.net>
	<49BB0D3E.2020306@incunabulum.net>
In-Reply-To: <49BB0D3E.2020306@incunabulum.net>
Content-Type: multipart/mixed; boundary="------------020100040401000006060803"
X-DCC-x.dcc-servers-Metrics: ebb.errno.com; whitelist
Cc: current@freebsd.org, freebsd-net <net@freebsd.org>
Subject: Re: IGMP+WiFi panic on recent kernel - in igmp_fasttimo()
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2009 21:06:48 -0000

This is a multi-part message in MIME format.
--------------020100040401000006060803
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

This patches avoids the crash.  Not sure how ifma_protospec is supposed 
to be handled so I'm not committing it.

    Sam


--------------020100040401000006060803
Content-Type: text/plain;
 name="mcast.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="mcast.patch"

Index: in.c
===================================================================
--- in.c	(revision 189750)
+++ in.c	(working copy)
@@ -1040,7 +1040,8 @@
 	 */
 	IF_ADDR_LOCK(ifp);
 	TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
-		if (ifma->ifma_addr->sa_family != AF_INET)
+		if (ifma->ifma_addr->sa_family != AF_INET ||
+		    ifma->ifma_protospec == NULL)
 			continue;
 		inm = (struct in_multi *)ifma->ifma_protospec;
 		LIST_INSERT_HEAD(&purgeinms, inm, inm_link);
Index: igmp.c
===================================================================
--- igmp.c	(revision 189750)
+++ igmp.c	(working copy)
@@ -623,7 +623,8 @@
 	if (igi->igi_version == IGMP_VERSION_3) {
 		IF_ADDR_LOCK(ifp);
 		TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
-			if (ifma->ifma_addr->sa_family != AF_INET)
+			if (ifma->ifma_addr->sa_family != AF_INET ||
+			    ifma->ifma_protospec == NULL)
 				continue;
 			inm = (struct in_multi *)ifma->ifma_protospec;
 			if (inm->inm_state == IGMP_LEAVING_MEMBER) {

--------------020100040401000006060803--