[Bug 229384] Can't remove address from carp

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Aug 3 15:36:03 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229384

--- Comment #6 from Kajetan Staszkiewicz <vegeta at tuxpowered.net> ---
I don't use rc system to configure carps at all. They are done dynamically
whenever required by new configuraion from some external system. I'm not runnig
a clean 11.2-RELEASE. There are some custom patches for pf and backports from
HEAD, please check here:
https://github.com/innogames/freebsd/commits/iglb/11.2/SomethingCompletelyDifferent

I wrote this script in an attempt to provide carp misconfiguration:
---------- 8< ----------
#!/bin/sh

IFACE=internal4027
VHID=27
ADDR_BASE='2a00:f00:42:0000'


if [ -z "$1" ]; then
        for SUBNET in $(seq 10); do
                SUBNET=$(printf '%04x' $SUBNET)
                sh $(dirname $0)/break_carps.sh $SUBNET &
                sh $(dirname $0)/break_carps.sh $SUBNET &
        done
else
        echo "Spawned child for subnet $1"
        for i in $(seq 10); do
                ADDR_LAST=$(printf '%04x' $i)
                ADDR="$ADDR_BASE:$1::$ADDR_LAST"
                ifconfig $IFACE inet6 $ADDR/128 vhid $VHID alias
                sleep 0.5
                ifconfig $IFACE inet6 $ADDR/128 vhid $VHID -alias
        done
fi

wait

---------- >8 ----------

Even better than misconfiguration, I got this nice panic:

Fatal trap 12: page fault while in kernel mode

#13 0xffffffff8159a8d7 in carp_hmac_prepare (sc=0xfffff80008599000)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/netinet/ip_carp.c:384
#14 0xffffffff8159a531 in carp_ioctl (ifr=<value optimized out>,
    cmd=<value optimized out>, td=<value optimized out>)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/netinet/ip_carp.c:1698
#15 0xffffffff8072732f in ifioctl (so=0xfffff80011f61000, cmd=3223349749,
    data=0xfffffe0666e5e9d0 "internal4027", td=0xfffff80102a8b620)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/net/if.c:3041
#16 0xffffffff8069736d in kern_ioctl (td=0xfffff80102a8b620, fd=3,
    com=3223349749, data=<value optimized out>) at file.h:323

Then I compiled kernel with INVARIANTS and INVARIANT_SUPPORT. I tried something
even less ugly than the script above, that is I just added same IPv6 carp
address twice (one which is *not* in any network available on iface). This
resulted in:

panic: carp_attach: ifa 0xfffff80095390000 attached

#11 0xffffffff815b3675 in carp_attach (ifa=0xfffff80095390000, vhid=27)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/netinet/ip_carp.c:1809
#12 0xffffffff807e8ff2 in in6_control (so=<value optimized out>,
    cmd=<value optimized out>, data=<value optimized out>,
    ifp=<value optimized out>, td=<value optimized out>)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/netinet6/in6.c:572
#13 0xffffffff80713b19 in ifioctl (so=0xfffff80011eeb360, cmd=2156423451,
    data=<value optimized out>, td=0xfffff80095861620)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/net/if.c:3071
#14 0xffffffff80688729 in kern_ioctl (td=0xfffff80095861620,
    fd=<value optimized out>, com=<value optimized out>,
    data=<value optimized out>) at file.h:323


While browsing kernel source on Github I've come accross
5bd3158a3b7184c65d3e1b6d96faf0dd720eb6ac (Which is in master branch but not in
11.2-RELEASE). This indeed solves issues on adding same CARP address twice, but
the script above still kills system:

panic: Bad link elm 0xfffff800a44c3c00 prev->next != elm

#11 0xffffffff807eb33d in in6_unlink_ifa (ia=<value optimized out>,
    ifp=<value optimized out>) at fnv_hash.h:29
#12 0xffffffff807e8b2d in in6_control (so=<value optimized out>,
    cmd=2166384921, data=<value optimized out>, ifp=<value optimized out>,
    td=<value optimized out>)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/netinet6/in6.c:701
#13 0xffffffff80713b19 in ifioctl (so=0xfffff80011ee6000, cmd=2166384921,
    data=<value optimized out>, td=0xfffff8002f61b620)
    at /usr/home/kajetan.staszkiewicz/freebsd.git/sys/net/if.c:3071
#14 0xffffffff80688729 in kern_ioctl (td=0xfffff8002f61b620,
    fd=<value optimized out>, com=<value optimized out>,
    data=<value optimized out>) at file.h:323


I'll put kernel with 5bd3158a3b7184c65d3e1b6d96faf0dd720eb6ac on production and
see if that solves issue reported in this ticket. But obviously there are more
issues deeper.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-net mailing list