ifconfig carp0 destroy = kernel panic
Gleb Smirnoff
glebius at FreeBSD.org
Wed Jun 6 14:49:19 UTC 2007
On Wed, Jun 06, 2007 at 04:35:28PM +0200, Ed Schouten wrote:
E> * Ed Schouten <ed at fxq.nl> wrote:
E> > Please take a look at this patch as well. It has been lying around in
E> > GNATS for some time and it really makes me go insane a lot of times:
E> >
E> > [...]
E>
E> Looks like it just got committed. Thanks a lot! :)
Btw, the problems do not end at this. On HEAD (didn't check RELENG_6), the
following sequence panics:
ifconfig em0 10.0.0.2/24
ifconfig carp0 create
ifconfig carp0 10.0.0.3/24 vhid 1
ifconfig carp1 create
ifconfig carp1 10.0.0.4/24 vhid 1
(ifconfig returns EINVAL. This EINVAL comes via
in_control()->in_ifinit()->carp_ioctl()->carp_setrun(). Really it should
be EEXIST. I will change this later.)
After this the last ifconfig command we have somewhat garbaged IP stack -
the interface address lists and ia_hash reference a freed memory. The
panic comes after an ARP request or if you repeat the command again:
ifconfig carp1 10.0.0.4/24 vhid 1
I am now trying to understand the panic.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-current
mailing list