I'm not sure how much of a bug this is, rather a feature request for special cases.
carp HMAC is calculated using a hash of carp IP addresses for a given VHID. This means that if two routes are configured with different carp IP addresses, verifying signatures will fail and routers will ignore carp annoucements from eachother resulting in MASTER/MASTER operation.
However I understand this is a feature for enforcing configuration check, there are cases when this is a bad idea: on some routers I have carp addresses reconfigured tens of times a day. As it is impossible to configure both routers exactly at the same time, there is often a difference big enough to triger MASTER/MASTER operation which is then soon resolved. I value network stability more than configuration check enforced on me and if configuration was wrong, things s would break anyway and I would be notified by other means.
Please see https://github.com/innogames/freebsd/commit/a1b1ff410c0f532b67660c86593ef7bda2398be8 for my first attempt. It still lacks sysctl value set hook, so works fine only after carp addresses are configured. If you like the idea and believe it could be merged into kernel, I will add a set hook recalculating HMAC and post the patch here.