On Thu, Jun 1, 2017 at 2:13 AM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Wed, 2017-05-31 at 16:55 -0700, Eric Dumazet wrote: > >> The issue here is the timer firing while ip_mc_clear_src() has been >> already called. >> >> My patch should fix the problem. >> >> Or another one using del_timer_sync() instead of del_timer() in >> igmp_stop_timer(), but such a change would be more invasive, >> since the del_timer_sync() would need to happen while im->lock >> spinlock is not held. > > BTW, I guess that Andrey could try to add a delay to trigger the bug > more often.
Applied, now testing with your patch. Thanks! > > diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c > index > 44fd86de2823dd17de16276a8ec01b190e69b8b4..84fff17daab0832c470a613b29b2aaade07cec0a > 100644 > --- a/net/ipv4/igmp.c > +++ b/net/ipv4/igmp.c > @@ -798,7 +798,7 @@ static void igmp_timer_expire(unsigned long data) > } > im->reporter = 1; > spin_unlock(&im->lock); > - > + udelay(10000); > if (IGMP_V1_SEEN(in_dev)) > igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); > else if (IGMP_V2_SEEN(in_dev)) > > > -- > You received this message because you are subscribed to the Google Groups > "syzkaller" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to syzkaller+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout.
