[Bug 264981] jail with vnet interface stuck in dying state

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 264981] Invisible interface after destroying vnet jail"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 17 Dec 2022 13:38:28 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264981

Zhenlei Huang <zlei.huang@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zlei.huang@gmail.com

--- Comment #6 from Zhenlei Huang <zlei.huang@gmail.com> ---
@bz also encountered this issue and reported in mailing list:
https://lists.freebsd.org/archives/freebsd-jail/2022-December/000156.html

I'll quote from the mail about some analyzations by me:

> After DDB debugging and tracing , it seems that is triggered by a combine of [1] and [2]
>
> [1] https://reviews.freebsd.org/rGfec8a8c7cbe4384c7e61d376f3aa5be5ac895915
> [2] https://reviews.freebsd.org/rGeb93b99d698674e3b1cc7139fda98e2b175b8c5b
>
> In [1] the per-VNET uma zone is shared with the global one.
> `pcbinfo->ipi_zone = pcbstor->ips_zone;`
>
> In [2] unref `inp->inp_cred` is deferred called in inpcb_dtor() by uma_zfree_smr() .
>
> Unfortunately inps freed by uma_zfree_smr() are cached and inpcb_dtor() is not called immediately ,
> thus leaking `inp->inp_cred` ref and hence `prison->pr_ref`.
>
> And it is also not possible to free up the cache by per-VNET SYSUNINIT tcp_destroy / udp_destroy / rip_destroy.

-- 
You are receiving this mail because:
You are the assignee for the bug.