>Number:         36245
>Category:       install
>Synopsis:       destroying a tap interface causes a panic
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    install-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 29 16:25:00 +0000 2007
>Originator:     Jeff Ito
>Release:        -CURRENT
>Organization:
>Environment:
NetBSD 4.99.18 (XEN3_DOMU) #1: Sun Apr 29 08:01:41 EDT 2007
>Description:
destroying a tap interface causes a panic (note, DIAGNOSTIC is enabled).




>How-To-Repeat:
# ifconfig tap0 create
# ifconfig tap0 destroy
panic: config_detach: bad device fstate
Stopped in pid 2161.1 (ifconfig) at     netbsd:cpu_Debugger+0x4:        popl    %
ebp
db> trace
cpu_Debugger(c0412b91,cac42a78,0,ca1e9430,0) at netbsd:cpu_Debugger+0x4
panic(c042da38,c08d0c58,cac42b88,c034633b,c08d0c6c) at netbsd:panic+0x155
config_detach(c08d0c00,0,0,80206979,cac42b88) at netbsd:config_detach+0x2ea
tap_clone_destroyer(c08d0c00,4,14,c08d0c58,80206979) at netbsd:tap_clone_destroy
er+0x2a
ifioctl(c07b2cbc,80206979,cac42b88,caed04c0,c07a5d24) at netbsd:ifioctl+0x10b
sys_ioctl(caed04c0,cac42c48,cac42c68,805198d,8051000) at netbsd:sys_ioctl+0x174
syscall_plain() at netbsd:syscall_plain+0xb9
--- syscall (number 54) ---
0xbbbb483f:
db>

>Fix:
This patch works, but I don't know how correct the solution is.

Index: if_tap.c
===================================================================
RCS file: /export/cvs/netbsd/src/sys/net/if_tap.c,v
retrieving revision 1.27
diff -u -r1.27 if_tap.c
--- if_tap.c    9 Mar 2007 18:42:22 -0000       1.27
+++ if_tap.c    29 Apr 2007 14:25:02 -0000
@@ -603,7 +603,7 @@
                cf->cf_fstate = FSTATE_STAR;
        } else {
                cf->cf_unit = unit;
-               cf->cf_fstate = FSTATE_NOTFOUND;
+               cf->cf_fstate = FSTATE_FOUND;
        }

        return (struct tap_softc *)config_attach_pseudo(cf);