[Bug 228501] [VIMAGE JAIL] panic: negative refcount 0xfffff8002717643c (when stopping jail)

Sat May 26 13:20:10 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228501

--- Comment #4 from Marie Helene Kvello-Aune <marieheleneka at gmail.com> ---
Update:

If I manually remove all IPv4 addresses so that only IPv6 addresses remain (or
even if I remove ::1 too, but leave fe80::1%lo0 there) before stopping the
jail, I get a similar kernel panic as previously (see new attachment:
panic_backtrace_ipv6.txt)

I managed to crash the system spectacularly by removing all IP addresses before
stopping the jail:
# jexec devsamba ifconfig lo0 inet6 ::1 -alias
# jexec devsamba ifconfig lo0 inet6 fe80::1%lo0 -alias
# jexec devsamba ifconfig lo0 -alias
# service jail stop devsamba

Fatal trap 9: general protection fault while in kernel mode
cpuid = 7; apic id = 07
instruction pointer     = 0x20:0xffffffff80ca2032
stack pointer           = 0x0:0xfffffe0077b96770
frame pointer           = 0x0:0xfffffe0077b96840
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (thread taskq)

## This was printed in console, but not part of dump:
[ thread pid 0 tid 100015 ]
Stopped at rt_foreach_fib_walk_del+0x1c2: call *%eax

I have the default FIB configuration (one fib, which is fib 0).

=====

Summary; all actions taken inside the jail, followed by stopping the jail:

* Manually remove all IPv4 addresses (but leaving IPv6 addresses): panic
(negative ref count)
* Manually remove all IP addresses: panic (general protection fault)
* Just stopping the jail: panic (negative ref count)

-- 
You are receiving this mail because:
You are the assignee for the bug.