ifconfig carp0 destroy = kernel panic

Gleb Smirnoff glebius at FreeBSD.org
Wed Jun 6 14:49:19 UTC 2007

On Wed, Jun 06, 2007 at 04:35:28PM +0200, Ed Schouten wrote:
E> * Ed Schouten <ed at fxq.nl> wrote:
E> > Please take a look at this patch as well. It has been lying around in
E> > GNATS for some time and it really makes me go insane a lot of times:
E> > 
E> > [...]
E> Looks like it just got committed. Thanks a lot! :)

Btw, the problems do not end at this. On HEAD (didn't check RELENG_6), the
following sequence panics:

ifconfig em0
ifconfig carp0 create
ifconfig carp0 vhid 1
ifconfig carp1 create
ifconfig carp1 vhid 1

(ifconfig returns EINVAL. This EINVAL comes via
in_control()->in_ifinit()->carp_ioctl()->carp_setrun(). Really it should
be EEXIST. I will change this later.)

After this the last ifconfig command we have somewhat garbaged IP stack -
the interface address lists and ia_hash reference a freed memory. The
panic comes after an ARP request or if you repeat the command again:

ifconfig carp1 vhid 1

I am now trying to understand the panic.

Totus tuus, Glebius.

More information about the freebsd-current mailing list