https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292495
Bug ID: 292495
Summary: Kernel panic in 15.0 when using inotify from podman
with ZFS encrypted datasets
Product: Base System
Version: 15.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Created attachment 267185
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=267185&action=edit
Core file
(This is my first FreeBSD bug report, apologies if I've missed a step)
After upgrading from 14.3 to 15.0, I found that trying to use my Visual Studio
Code podman containers resulted in a kernel panic. I was able to reproduce this
issue in a fresh 15.0 install.
It seems to be something to do with the new inotify implementation, and only
seems to happen when mapping an encrypted ZFS dataset into the container, where
not all files are owned by root:wheel.
I've attached the core.txt.6 file, and I can provide the full vmcore.6 if
required.
Steps to reproduce:
1. Install FreeBSD 15 with ZFS root
2. Install and configure podman:
```bash
pkg install podman
echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab
default_if=$(netstat -rn | awk '/^default/ {print $NF}' | tail -n1)
cat /usr/local/etc/containers/pf.conf.sample | sed "s/if = \"ix0\"/if =
\"$default_if\"/g" > /etc/pf.conf
service linux enable
service podman enable
service pf enable
reboot
```
3. Create an encrypted home:
```bash
zfs destroy zroot/home/jlaundry
zfs create -o encryption=on -o keyformat=passphrase zroot/home/jlaundry
```
4. Create a Linux container to run vscode - I use Tunnels as the FreeBSD VM is
headless, but I don’t think that’s strictly necessary:
```bash
podman pull --os=linux docker.io/library/ubuntu:24.04
mkdir vscode
cat << 'EOF' > vscode/Dockerfile
FROM ubuntu:24.04
# fix for error "E: Dynamic MMap ran out of room. Please increase the size of
APT::Cache-Start. Current value: 25165824. (man 5 apt.conf)"
RUN echo 'APT::Cache-Start "100000000";' >> /etc/apt/apt.conf.d/70debconf
RUN apt update && \
apt install curl git build-essential python3 python3-venv -y && \
apt clean all && \
curl -sL
"https://code.visualstudio.com/sha/download?build=stable&os=cli-alpine-x64";
--output /tmp/vscode-cli.tar.gz && \
tar -xf /tmp/vscode-cli.tar.gz -C /usr/bin && \
rm /tmp/vscode-cli.tar.gz && \
mkdir /src
VOLUME /src
VOLUME /root
CMD [ "code", "tunnel", "--accept-server-license-terms", "--no-sleep" ]
EOF
podman build --os=linux -t localhost/vscode ./vscode
mkdir /root/testcode
podman run --replace -v /home/jlaundry/src:/src:rw -v /root/testcode:/root:rw
--os=linux --name f15test -h f15test vscode
```
5. In my case I followed the steps to authenticate the Tunnel, and then, inside
the container:
```bash
# Any repo will do, as long as you can push to it
git clone https://github.com/jlaundry/test.git
```
6. Stop the container, and change the ownership of the mapped encrypted volume:
```bash
chmod -R jlaundry:jlaundry /home/jlaundry/src
```
7. Start the container again, then from vscode make a change to a file, commit,
and try to push - the crash happens immediately on push.
--
You are receiving this mail because:
You are the assignee for the bug.
