User space Convertor hangs during Apply step when run in a container

[estebanreyl]

What happened in your environment?

I am trying to run the user space converter within a Mariner container but as of late have been encountering an issue were the userspace convertor will hang on the first apply step and it doesn't seem to ever get past this. I am not entirely sure what changed but at the moment.

What did you expect to happen?

I expected the full conversion process to complete.

How can we reproduce it?

This can be reproduced by building a mariner image with the latest bits. To do so you can use the following dockerfile:

FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS base
# Required Build/Run Tools Dependencies for Overlaybd tools
RUN yum install e2fsprogs-devel -y && \
    yum install libaio-devel -y && \
    yum install ca-certificates -y && \
    yum install shadow-utils -y

# --- OVERLAYBD TOOLS ---
FROM base As overlaybd-build
RUN yum install -y libaio-devel libcurl-devel openssl-devel libnl3-devel e2fsprogs-devel glibc-devel libzstd-devel binutils ca-certificates-microsoft build-essential && \
    yum install -y rpm-build make git wget sudo tar gcc gcc-c++ cmake && \
    yum install golang -y

RUN git clone https://github.com/containerd/overlaybd.git && \
    cd overlaybd && \
    git submodule update --init && \
    git checkout b432a80504a34d0a8601029de4dd200fc7ee4bf3 && \
    mkdir build && \
    cd build && \
    cmake .. && \
    make -j && \
    make install

# --- BUILD LOCAL CONVERTER ---
FROM overlaybd-build AS convert-build
WORKDIR /home/limiteduser/
RUN git clone https://github.com/containerd/accelerated-container-image.git
WORKDIR /home/limiteduser/accelerated-container-image
RUN make

# --- FINAL ---
FROM base
WORKDIR /home/limiteduser/

# Copy Conversion Tools
COPY --from=overlaybd-build /opt/overlaybd/bin /opt/overlaybd/bin
COPY --from=overlaybd-build /opt/overlaybd/baselayers /opt/overlaybd/baselayers

# This is necessary for overlaybd_apply to work
COPY --from=overlaybd-build /etc/overlaybd/overlaybd.json /etc/overlaybd/overlaybd.json

COPY --from=convert-build /home/limiteduser/accelerated-container-image/bin/convertor ./bin/convertor
CMD ["./bin/convertor"]

This file can then be run as:

docker build -f run-userspace-convert.Dockerfile . -t userspace-convertor-latest
docker run userspace-converter-latest ./bin/convertor ./bin/convertor --repository <repository> --username <user>:<password> --input-tag <tag> --oci --overlaybd <output-tag>

I've been able to reproduce this with several images, for the run below I used python:3.8 stored in my own registry. (Digest: sha256:b904ee5365f53d19de5ff11c1ce96a616224a55306d55e3cf29a11e969a3a7e0). The result just shows the conversion hanging (it wont advance even after hours)

Investigation

• So far, I've been able to determine that the hanging happens during the first overlaybd-apply. At that stage there is also some output on writeable_data.
• I've also tried debugging it by launching the project in a devcontainer but seem to occasionally encounter some errors about resource limits on the syscalls but I can't repro that outside of that environment and that does end the program. Just noting that in case it has any relevance.
• Ive output the overlaybd logs but find nothing that clears up the issue. In this case they look like::

  
  sh-5.1# cat /var/log/overlaybd.log
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_service.cpp:219|read_global_config_and_set:log config: [log_level=1][log_path=/var/log/overlaybd.log][log_size=10485760][log_num=3]
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_service.cpp:321|init:cache config: [cache_type=file][cache_dir=/opt/overlaybd/registry_cache][cache_size_GB=4][refill_size=262144]
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_service.cpp:58|create_dir:dir /opt/overlaybd/registry_cache doesn't exist. create succ.
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_service.cpp:336|init:create registryfs with cafile:/etc/ssl/certs/ca-bundle.crt, version:v1
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_service.cpp:412|init:use gzip file cache
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_service.cpp:58|create_dir:dir /opt/overlaybd/gzip_cache doesn't exist. create succ.
  2023/06/30 22:49:27|INFO |th=00007FAEBE48E680|/overlaybd/src/image_file.cpp:48|__open_ro_file:open ro file: /opt/overlaybd/baselayers/ext4_64
  2023/06/30 22:49:27|INFO |th=00007FAEBE48E680|/overlaybd/src/overlaybd/zfile/zfile.cpp:697|load_jump_table:trailer_offset: 4737183, idx_offset: 4207947, idx_bytes: 529236, dict_size: 0, use_dict: 0
  2023/06/30 22:49:27|INFO |th=00007FAEBE48E680|/overlaybd/src/overlaybd/zfile/zfile.cpp:204|build:create jump table done. {part_count: 8270, deltas_count: 132310, size: 330780}
  2023/06/30 22:49:27|INFO |th=00007FAEBE48E680|/overlaybd/src/overlaybd/zfile/compressor.cpp:352|create_compressor:ZFileObject using LZ4 algorithm
  2023/06/30 22:49:27|INFO |th=00005646A026F300|/overlaybd/src/overlaybd/lsmt/file.cpp:1532|do_parallel_load_index:check file if normalfile or LSMTFile
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_file.cpp:348|open_lowers:LSMT::open_files_ro(files, 1) success
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_file.cpp:408|open_upper:overlaybd upper layer : tmp_conv/0000_sha256:bba7bb10d5baebcaad1d68ab3cbfd37390c646b2a688529b1d118a47991116f4/writable_index , tmp_conv/0000_sha256:bba7bb10d5baebcaad1d68ab3cbfd37390c646b2a688529b1d118a47991116f4/writable_data
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/lsmt/file.cpp:1012|create_mappings:segment size: 0
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/lsmt/file.cpp:1328|open_file_rw:create LSMTSparseFile object
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/lsmt/file.cpp:1339|open_file_rw:Layer Info: { UUID:78BB9F08-5CAD-4322-BDBD-F238E79FCBF5 , Parent_UUID: 00000000-0000-0000-0000-000000000000, SparseRW: 1, Virtual size: 68719476736, Version: 1.1 }
  2023/06/30 22:49:27|WARN |th=000056469F9A6E10|/overlaybd/src/overlaybd/lsmt/file.cpp:1740|stack_files:STACK FILES WITHOUT CHECK ORDER!!!
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/lsmt/file.cpp:471|~LSMTReadOnlyFile:pread times: 0, size: 0M
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/lsmt/file.cpp:471|~LSMTReadOnlyFile:pread times: 0, size: 0M
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_file.cpp:197|start_bk_dl_thread:no need to download
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/image_file.h:52|ImageFile:new imageFile, bs: 512, size: 68719476736
  2023/06/30 22:49:27|WARN |th=000056469F9A6E10|/overlaybd/src/image_service.cpp:257|set_result_file:no resultFile config set, ignore writing result
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/extfs_io.cpp:106|m_extfs_open:[name=extfs]
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/extfs_io.cpp:107|operator():opened
  2023/06/30 22:49:27|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/extfs.cpp:70|do_ext2fs_open:ext2fs opened
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/tar/libtar.cpp:107|extract_all:extract 6664 file
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/extfs_io.cpp:162|extfs_close:extfs close
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/extfs.cpp:1153|~ExtFileSystem:ext2fs flushed and closed
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/extfs_io.cpp:97|~ExtfsIOManager:[total_read_cnt=167429120][total_write_cnt=767493120]
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/buffer_file.h:59|close:buffer file flush and close, cache hit: 227024, cache miss: 1212, cache hit rate: 99.4690%
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/buffer_file.h:60|close:mem_read: 167395328, mem_write: 767459328, disk_read: 158893056, disk_write: 141722624
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/extfs/extfs.cpp:1157|~ExtFileSystem:[total_read_cnt=0][total_write_cnt=116475576]
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/src/overlaybd/lsmt/file.cpp:471|~LSMTReadOnlyFile:pread times: 192, size: 15M
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/build/_deps/photon-src/io/epoll.cpp:75|~EventEngineEPoll:Finish event engine: epoll
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/build/_deps/photon-src/io/signal.cpp:301|sync_signal_fini:signalfd finished
  2023/06/30 22:49:30|INFO |th=000056469F9A6E10|/overlaybd/build/_deps/photon-src/io/epoll.cpp:75|~EventEngineEPoll:Finish event engine: epoll`

At this point any help would be appreciated :)

### What is the version of your Accelerated Container Image?

I am using the latest commit for this:
**accelerated-container-image** 5e13470827896d8f7c11264415359c2cada4d5aa
**overlaybd** b432a80504a34d0a8601029de4dd200fc7ee4bf3 
### What is your OS environment?

Mariner (Docker Container)

### Are you willing to submit PRs to fix it?

- [X] Yes, I am willing to fix it.

[estebanreyl]

As an update, I have verified that I can reproduce the above while using an ubuntu base image as well:

FROM ubuntu:latest AS base
# Required Build/Run Tools Dependencies for Overlaybd tools
RUN apt-get update && \
    apt-get install -y ca-certificates && \
    update-ca-certificates

RUN apt update && \
    apt install -y libcurl4-openssl-dev libext2fs-dev libaio-dev

# --- OVERLAYBD TOOLS ---
FROM base As overlaybd-build
RUN apt update && \
    apt install -y libssl-dev libnl-3-dev libnl-genl-3-dev libgflags-dev libzstd-dev && \
    apt install -y zlib1g-dev binutils && \
    apt install -y make git wget sudo tar gcc cmake && \
    apt install -y golang

RUN git clone https://github.com/containerd/overlaybd.git && \
    cd overlaybd && \
    git submodule update --init && \
    git checkout b432a80504a34d0a8601029de4dd200fc7ee4bf3 && \
    mkdir build && \
    cd build && \
    cmake .. && \
    make -j && \
    make install

# --- BUILD LOCAL CONVERTER ---
FROM overlaybd-build AS convert-build
WORKDIR /home/limiteduser/
RUN git clone https://github.com/containerd/accelerated-container-image.git
WORKDIR /home/limiteduser/accelerated-container-image
RUN make

# --- FINAL ---
FROM base
WORKDIR /home/limiteduser/

# Copy Conversion Tools
COPY --from=overlaybd-build /opt/overlaybd/bin /opt/overlaybd/bin
COPY --from=overlaybd-build /opt/overlaybd/baselayers /opt/overlaybd/baselayers

# # This is necessary for overlaybd_apply to work
COPY --from=overlaybd-build /etc/overlaybd/overlaybd.json /etc/overlaybd/overlaybd.json

COPY --from=convert-build /home/limiteduser/accelerated-container-image/bin/convertor ./bin/convertor
CMD ["./bin/convertor"]

[estebanreyl]

As a further investigation note, the issue appears to begin from overlaybd commit fc255f39800ba01e80ae414514ac953ddced4842 onwards.

[liulanzheng]

overlaybd commit fc255f enhanced the destruction process that ignore in previous versions. This enhancement waits some related content to destruct. I think the hang might be caused by some content not being destructed as expected. I will see and find it. you may temporarily use the previous version.