Date: Fri, 16 Jan 2026 06:14:28 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 292495] Kernel panic in 15.0 when using inotify from podman with ZFS encrypted datasets Message-ID: <bug-292495-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292495 Bug ID: 292495 Summary: Kernel panic in 15.0 when using inotify from podman with ZFS encrypted datasets Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jlaundry@jlaundry.com Created attachment 267185 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=267185&action=edit Core file (This is my first FreeBSD bug report, apologies if I've missed a step) After upgrading from 14.3 to 15.0, I found that trying to use my Visual Studio Code podman containers resulted in a kernel panic. I was able to reproduce this issue in a fresh 15.0 install. It seems to be something to do with the new inotify implementation, and only seems to happen when mapping an encrypted ZFS dataset into the container, where not all files are owned by root:wheel. I've attached the core.txt.6 file, and I can provide the full vmcore.6 if required. Steps to reproduce: 1. Install FreeBSD 15 with ZFS root 2. Install and configure podman: ```bash pkg install podman echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab default_if=$(netstat -rn | awk '/^default/ {print $NF}' | tail -n1) cat /usr/local/etc/containers/pf.conf.sample | sed "s/if = \"ix0\"/if = \"$default_if\"/g" > /etc/pf.conf service linux enable service podman enable service pf enable reboot ``` 3. Create an encrypted home: ```bash zfs destroy zroot/home/jlaundry zfs create -o encryption=on -o keyformat=passphrase zroot/home/jlaundry ``` 4. Create a Linux container to run vscode - I use Tunnels as the FreeBSD VM is headless, but I don’t think that’s strictly necessary: ```bash podman pull --os=linux docker.io/library/ubuntu:24.04 mkdir vscode cat << 'EOF' > vscode/Dockerfile FROM ubuntu:24.04 # fix for error "E: Dynamic MMap ran out of room. Please increase the size of APT::Cache-Start. Current value: 25165824. (man 5 apt.conf)" RUN echo 'APT::Cache-Start "100000000";' >> /etc/apt/apt.conf.d/70debconf RUN apt update && \ apt install curl git build-essential python3 python3-venv -y && \ apt clean all && \ curl -sL "https://code.visualstudio.com/sha/download?build=stable&os=cli-alpine-x64" --output /tmp/vscode-cli.tar.gz && \ tar -xf /tmp/vscode-cli.tar.gz -C /usr/bin && \ rm /tmp/vscode-cli.tar.gz && \ mkdir /src VOLUME /src VOLUME /root CMD [ "code", "tunnel", "--accept-server-license-terms", "--no-sleep" ] EOF podman build --os=linux -t localhost/vscode ./vscode mkdir /root/testcode podman run --replace -v /home/jlaundry/src:/src:rw -v /root/testcode:/root:rw --os=linux --name f15test -h f15test vscode ``` 5. In my case I followed the steps to authenticate the Tunnel, and then, inside the container: ```bash # Any repo will do, as long as you can push to it git clone https://github.com/jlaundry/test.git ``` 6. Stop the container, and change the ownership of the mapped encrypted volume: ```bash chmod -R jlaundry:jlaundry /home/jlaundry/src ``` 7. Start the container again, then from vscode make a change to a file, commit, and try to push - the crash happens immediately on push. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-292495-227>