On Fri, Dec 02, 2016 at 04:14:37PM -0600, Jim wrote:
> Hello,
>
> I was able to reproduce a kernel panic on one of my -stable machines. I
> tested with current and the issue does not cause the machine to drop to
> ddb.
>
> When I set my vio0 interface manually to the same address that would be
> generated with inet6 autoconf and then manually do ifconfig vio0 inet6
> autoconf to get the router, it creates an identical inet6 address on
> vio0. Then ifconfig vio0 -inet6 cause's the kernel to panic and drop to
> ddb. I have a screen shot of the ddb info below:
>
> https://github.com/jimchoffman/inet6-bug-report/blob/master/Untitled.jpg
>
> Thanks,
> Jim
>
Not 100% sure, but I guess we could fix it like this:
Index: in6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.195
diff -u -p -r1.195 in6.c
--- in6.c 28 Nov 2016 14:14:39 -0000 1.195
+++ in6.c 3 Dec 2016 11:13:23 -0000
@@ -908,14 +908,13 @@ in6_unlink_ifa(struct in6_ifaddr *ia6, s
TAILQ_REMOVE(&in6_ifaddr, ia6, ia_list);
/* Release the reference to the base prefix. */
- if (ia6->ia6_ndpr == NULL) {
+ if (ia6->ia6_ndpr == NULL || (ia6->ia6_flags & IN6_IFF_AUTOCONF) == 0) {
plen = in6_mask2len(&ia6->ia_prefixmask.sin6_addr, NULL);
if ((ifp->if_flags & IFF_LOOPBACK) == 0 && plen != 128) {
rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED,
ifa->ifa_addr);
}
- } else {
- KASSERT(ia6->ia6_flags & IN6_IFF_AUTOCONF);
+ } else if (ia6->ia6_flags & IN6_IFF_AUTOCONF) {
ia6->ia6_flags &= ~IN6_IFF_AUTOCONF;
if (--ia6->ia6_ndpr->ndpr_refcnt == 0)
prelist_remove(ia6->ia6_ndpr);
