Re: ifconfig carp0 destroy = kernel panic

From: Gleb Smirnoff <glebius_at_FreeBSD.org>
Date: Wed, 6 Jun 2007 18:49:17 +0400
On Wed, Jun 06, 2007 at 04:35:28PM +0200, Ed Schouten wrote:
E> * Ed Schouten <ed_at_fxq.nl> wrote:
E> > Please take a look at this patch as well. It has been lying around in
E> > GNATS for some time and it really makes me go insane a lot of times:
E> > 
E> > [...]
E> 
E> Looks like it just got committed. Thanks a lot! :)

Btw, the problems do not end at this. On HEAD (didn't check RELENG_6), the
following sequence panics:

ifconfig em0 10.0.0.2/24
ifconfig carp0 create
ifconfig carp0 10.0.0.3/24 vhid 1
ifconfig carp1 create
ifconfig carp1 10.0.0.4/24 vhid 1

(ifconfig returns EINVAL. This EINVAL comes via
in_control()->in_ifinit()->carp_ioctl()->carp_setrun(). Really it should
be EEXIST. I will change this later.)

After this the last ifconfig command we have somewhat garbaged IP stack -
the interface address lists and ia_hash reference a freed memory. The
panic comes after an ARP request or if you repeat the command again:

ifconfig carp1 10.0.0.4/24 vhid 1

I am now trying to understand the panic.

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
Received on Wed Jun 06 2007 - 12:49:19 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:11 UTC