From owner-freebsd-stable@freebsd.org Mon Dec 7 13:00:22 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 880BB4AA29A for ; Mon, 7 Dec 2020 13:00:22 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.sub.de (uucp.dinoex.sub.de [IPv6:2001:1440:5001:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CqNhP3SMQz4mPn for ; Mon, 7 Dec 2020 13:00:20 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.sub.de (uucp.dinoex.org [185.220.148.12]) by uucp.dinoex.org (8.16.0.50/8.16.0.50) with ESMTPS id 0B7D05u6091740 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Mon, 7 Dec 2020 14:00:05 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) X-MDaemon-Deliver-To: X-Authentication-Warning: uucp.dinoex.sub.de: Host uucp.dinoex.org [185.220.148.12] claimed to be uucp.dinoex.sub.de Received: (from uucp@localhost) by uucp.dinoex.sub.de (8.16.0.50/8.16.0.50/Submit) with UUCP id 0B7D05ix091739 for freebsd-stable@freebsd.org; Mon, 7 Dec 2020 14:00:05 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from gate.oper.dinoex.org (gate-e [192.168.98.2]) by citylink.dinoex.sub.de (8.16.1/8.16.1) with ESMTP id 0B7CsurN019060 for ; Mon, 7 Dec 2020 13:54:56 +0100 (CET) (envelope-from peter@gate.oper.dinoex.org) Received: from gate.oper.dinoex.org (gate-e [192.168.98.2]) by gate.oper.dinoex.org (8.16.1/8.16.1) with ESMTP id 0B7CspW0019055 for ; Mon, 7 Dec 2020 13:54:51 +0100 (CET) (envelope-from peter@gate.oper.dinoex.org) Received: (from peter@localhost) by gate.oper.dinoex.org (8.16.1/8.16.1/Submit) id 0B7CspLK019054 for freebsd-stable@freebsd.org; Mon, 7 Dec 2020 13:54:51 +0100 (CET) (envelope-from peter) Date: Mon, 7 Dec 2020 13:54:51 +0100 From: Peter Sender: li-fbsd@citylink.dinoex.sub.org To: freebsd-stable@freebsd.org Subject: Panic: 12.2 fails to use VIMAGE jails Message-ID: <20201207125451.GA11406@gate.oper.dinoex.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Milter: Spamilter (Reciever: uucp.dinoex.sub.de; Sender-ip: 185.220.148.12; Sender-helo: uucp.dinoex.sub.de; ) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (uucp.dinoex.org [185.220.148.12]); Mon, 07 Dec 2020 14:00:08 +0100 (CET) X-Rspamd-Queue-Id: 4CqNhP3SMQz4mPn X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of pmc@citylink.dinoex.sub.org has no SPF policy when checking 2001:1440:5001:1::2) smtp.mailfrom=pmc@citylink.dinoex.sub.org X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2001:1440:5001:1::2:from]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2001:1440:5001:1::2:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[4]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; NEURAL_SPAM_SHORT(1.00)[1.000]; DMARC_NA(0.00)[sub.org]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8469, ipnet:2001:1440::/32, country:DE]; RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[freebsd-stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2020 13:00:22 -0000 After clean upgrade (from source) from 11.4 to 12.2-p1 my jails do no longer work correctly. Old-fashioned jails seem to work, but most are VIMAGE+NETGRAPH style, and do not work properly. All did work flawlessly for nearly a year with Rel.11. If I start 2-3 jails, and then stop them again, there is always a panic. Also reproducible with GENERIC kernel. Can this be fixed, or do I need to revert to 11.4? The backtrace looks like this: #4 0xffffffff810bbadf at trap_pfault+0x4f #5 0xffffffff810bb23f at trap+0x4cf #6 0xffffffff810933f8 at calltrap+0x8 #7 0xffffffff80cdd555 at _if_delgroup_locked+0x465 #8 0xffffffff80cdbfbe at if_detach_internal+0x24e #9 0xffffffff80ce305c at if_vmove+0x3c #10 0xffffffff80ce3010 at vnet_if_return+0x50 #11 0xffffffff80d0e696 at vnet_destroy+0x136 #12 0xffffffff80ba781d at prison_deref+0x27d #13 0xffffffff80c3e38a at taskqueue_run_locked+0x14a #14 0xffffffff80c3f799 at taskqueue_thread_loop+0xb9 #15 0xffffffff80b9fd52 at fork_exit+0x82 #16 0xffffffff8109442e at fork_trampoline+0xe This is my typical jail config, designed and tested with Rel.11: rail { jid = 10; devfs_ruleset = 11; host.hostname = "xxx.xxx.xxx.org"; vnet = "new"; sysvshm; $ifname1l = nge_${name}_1l; $ifname1l_mac = 00:1d:92:01:01:0a; vnet.interface = "$ifname1l"; exec.prestart = " echo -e \"mkpeer eiface crhook ether\nname .:crhook $ifname1l\" \ | /usr/sbin/ngctl -f - /usr/sbin/ngctl connect ${ifname1l}: svcswitch: ether link2 ifname=`/usr/sbin/ngctl msg ${ifname1l}: getifname | \ awk '$1 == \"Args:\" { print substr($2, 2, length($2)-2)}'` /sbin/ifconfig \$ifname name $ifname1l /sbin/ifconfig $ifname1l link $ifname1l_mac "; exec.poststart = " /usr/sbin/jexec $name /sbin/sysctl kern.securelevel=3 ; "; exec.poststop = "/usr/sbin/ngctl shutdown ${ifname1l}:"; }