search

google / gvisor

Application Kernel for Containers
https://gvisor.dev
Apache License 2.0
15.73k stars 1.29k forks source link

Unable to run gVisor in Proxmox vm #1873

Closed matisiekpl closed 3 years ago

matisiekpl commented 4 years ago

Hello. I want to run gvisor on Proxmox VM, but I can't it, because of following error

D0217 07:12:40.513144    4374 log.go:260] send [channel @0xc00020a480] Tgetxattr{FID: 24, Name: trusted.overlay.whiteout.x86_64-linux-gnu, Size: 1}
D0217 07:12:40.513210    4374 log.go:260] recv [channel @0xc00020a480] Rlerror{Error: 95}
D0217 07:12:40.513235    4374 log.go:260] send [channel @0xc00020a480] Twalkgetattr{FID: 25, NewFID: 26, Names: [ld-2.27.so]}
D0217 07:12:40.526755    4374 log.go:260] recv [channel @0xc00020a480] Rwalkgetattr{Valid: AttrMask{with: Mode NLink UID GID RDev ATime MTime CTime Size Blocks}, Attr: Attr{Mode: 0o100755, UID: 0, GID: 0, NLink: 1, RDev: 0, Size: 170960, BlockSize: 4096, Blocks: 336, ATime: {Sec: 1523909660, NanoSec: 0}, MTime: {Sec: 1523909660, NanoSec: 0}, CTime: {Sec: 1580552098, NanoSec: 2823784}, BTime: {Sec: 0, NanoSec: 0}, Gen: 0, DataVersion: 0}, QIDs: [QID{Type: 0, Version: 0, Path: 1032263}]}
D0217 07:12:40.526817    4374 log.go:260] send [channel @0xc00020a480] Tgetxattr{FID: 25, Name: trusted.overlay.whiteout.ld-2.27.so, Size: 1}
D0217 07:12:40.526905    4374 log.go:260] recv [channel @0xc00020a480] Rlerror{Error: 95}
D0217 07:12:40.526927    4374 log.go:260] send [channel @0xc00020a480] Twalk{FID: 26, NewFID: 27, Names: []}
D0217 07:12:40.527101    4374 log.go:260] recv [channel @0xc00020a480] Rwalk{QIDs: []}
D0217 07:12:40.527132    4374 log.go:260] send [channel @0xc00020a480] Tlopen{FID: 27, Flags: ReadOnly}
D0217 07:12:40.527247    4374 log.go:260] recv [channel @0xc00020a480] Rlopen{QID: QID{Type: 0, Version: 0, Path: 1032263}, IoUnit: 0, File: &{{37}}}
D0217 07:12:40.528198    4374 syscalls.go:266] Allocating stack with size of 8388608 bytes
I0217 07:12:40.529082    4374 log.go:265] Process should have started...
I0217 07:12:40.529098    4374 log.go:265] Starting watchdog, period: 45s, timeout: 3m0s, action: LogWarning
D0217 07:12:40.529220    4374 log.go:260] urpc: successfully marshalled 37 bytes.
D0217 07:12:40.530676    4374 log.go:260] urpc: unmarshal success.
D0217 07:12:40.530747    4374 log.go:260] containerManager.Signal &{CID:cc5583ecc6c09900ff9ac2614dfb1f9fb338e40b081c5abcf44695ed87a586e7 Signo:0 PID:0 Mode:Process}
D0217 07:12:40.531029    4374 log.go:260] [   1] Interrupt queued
SIGILL: illegal instruction
PC=0x740560 m=15 sigcode=2

goroutine 14 [running, locked to thread]:
gvisor.dev/gvisor/pkg/sentry/hostcpu.GetCPU()
    pkg/sentry/hostcpu/getcpu_amd64.s:19 fp=0xc000081bf0 sp=0xc000081be8 pc=0x740560
gvisor.dev/gvisor/pkg/sentry/platform/ptrace.(*thread).bind(0xc0002623c0)
    pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go:83 +0x22 fp=0xc000081c20 sp=0xc000081bf0 pc=0xac7152
gvisor.dev/gvisor/pkg/sentry/platform/ptrace.(*subprocess).switchToApp(0xc000072440, 0xc00020ae40, 0xf1e900, 0xc000416c60, 0xc000042400)
    pkg/sentry/platform/ptrace/subprocess.go:520 +0x2d6 fp=0xc000081d70 sp=0xc000081c20 pc=0xac3bc6
gvisor.dev/gvisor/pkg/sentry/platform/ptrace.(*context).Switch(0xc00020ae40, 0xf0c9c0, 0xc000072440, 0xf1e900, 0xc000416c60, 0xc0ffffffff, 0x8417d8, 0xc000474070, 0x0, 0x0)
    pkg/sentry/platform/ptrace/ptrace.go:100 +0x7f fp=0xc000081e08 sp=0xc000081d70 pc=0xac092f
gvisor.dev/gvisor/pkg/sentry/kernel.(*runApp).execute(0x0, 0xc000481500, 0xef28a0, 0x0)
    pkg/sentry/kernel/task_run.go:221 +0x5b9 fp=0xc000081f40 sp=0xc000081e08 pc=0x83db39
gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).run(0xc000481500, 0x1)
    pkg/sentry/kernel/task_run.go:92 +0x1bb fp=0xc000081fd0 sp=0xc000081f40 pc=0x83d09b
runtime.goexit()
    src/runtime/asm_amd64.s:1357 +0x1 fp=0xc000081fd8 sp=0xc000081fd0 pc=0x45fba1
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Task).Start
    pkg/sentry/kernel/task_start.go:310 +0xfe

goroutine 1 [semacquire]:
sync.runtime_Semacquire(0xc00017cb74)
    GOROOT/src/runtime/sema.go:56 +0x42
sync.(*WaitGroup).Wait(0xc00017cb74)
    GOROOT/src/sync/waitgroup.go:130 +0x64
gvisor.dev/gvisor/pkg/sentry/kernel.(*Kernel).WaitExited(...)
    pkg/sentry/kernel/kernel.go:1063
gvisor.dev/gvisor/runsc/boot.(*Loader).WaitExit(0xc0000ae9a0, 0x0, 0x0)
    runsc/boot/loader.go:903 +0x3a
gvisor.dev/gvisor/runsc/cmd.(*Boot).Execute(0xc0000dc240, 0xf02840, 0xc000086000, 0xc0000f8300, 0xc0000f6d00, 0x2, 0x2, 0x0)
    runsc/cmd/boot.go:254 +0xcde
github.com/google/subcommands.(*Commander).Execute(0xc0000a2000, 0xf02840, 0xc000086000, 0xc0000f6d00, 0x2, 0x2, 0x0)
    external/com_github_google_subcommands/subcommands.go:200 +0x2f9
github.com/google/subcommands.Execute(...)
    external/com_github_google_subcommands/subcommands.go:481
main.main()
    runsc/main.go:317 +0x1709

goroutine 18 [syscall]:
os/signal.signal_recv(0x0)
    GOROOT/src/runtime/sigqueue.go:147 +0x9c
os/signal.loop()
    GOROOT/src/os/signal/signal_unix.go:23 +0x22
created by os/signal.init.0
    GOROOT/src/os/signal/signal_unix.go:29 +0x41

goroutine 19 [chan receive, locked to thread]:
gvisor.dev/gvisor/pkg/sentry/platform/ptrace.newSubprocess.func1(0xdff5a0, 0xc000074120, 0xc000074180)
    pkg/sentry/platform/ptrace/subprocess.go:175 +0x1b4
created by gvisor.dev/gvisor/pkg/sentry/platform/ptrace.newSubprocess
    pkg/sentry/platform/ptrace/subprocess.go:159 +0x13c

goroutine 5 [sync.Cond.Wait]:
runtime.goparkunlock(...)
    GOROOT/src/runtime/proc.go:310
sync.runtime_notifyListWait(0xc000268448, 0x0)
    GOROOT/src/runtime/sema.go:510 +0xf8
sync.(*Cond).Wait(0xc000268438)
    GOROOT/src/sync/cond.go:56 +0x9d
gvisor.dev/gvisor/pkg/sentry/pgalloc.(*MemoryFile).findReclaimable(0xc000268000, 0x0, 0x0, 0x0)
    pkg/sentry/pgalloc/pgalloc.go:1090 +0x95
gvisor.dev/gvisor/pkg/sentry/pgalloc.(*MemoryFile).runReclaim(0xc000268000)
    pkg/sentry/pgalloc/pgalloc.go:1019 +0x6a
created by gvisor.dev/gvisor/pkg/sentry/pgalloc.NewMemoryFile
    pkg/sentry/pgalloc/pgalloc.go:330 +0x1fd

goroutine 7 [select]:
gvisor.dev/gvisor/pkg/sentry/kernel.(*Timekeeper).startUpdater.func1(0xc0000680c0, 0xc0002740a0)
    pkg/sentry/kernel/timekeeper.go:216 +0x164
created by gvisor.dev/gvisor/pkg/sentry/kernel.(*Timekeeper).startUpdater
    pkg/sentry/kernel/timekeeper.go:184 +0xbf

goroutine 8 [select]:
gvisor.dev/gvisor/pkg/sleep.(*Sleeper).nextWaker(0xc00000c240, 0x42df01, 0xc00000c240)
    pkg/sleep/sleep_unsafe.go:190 +0x6a
gvisor.dev/gvisor/pkg/sleep.(*Sleeper).Fetch(0xc00000c240, 0xc000072101, 0x1, 0x0)
    pkg/sleep/sleep_unsafe.go:225 +0x38
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*processor).handleSegments(0xc000072140)
    pkg/tcpip/transport/tcp/dispatcher.go:94 +0x26a
created by gvisor.dev/gvisor/pkg/tcpip/transport/tcp.newProcessor
    pkg/tcpip/transport/tcp/dispatcher.go:78 +0x5d

goroutine 9 [select]:
gvisor.dev/gvisor/pkg/sleep.(*Sleeper).nextWaker(0xc00000c220, 0x42df01, 0xc00000c220)
    pkg/sleep/sleep_unsafe.go:190 +0x6a
gvisor.dev/gvisor/pkg/sleep.(*Sleeper).Fetch(0xc00000c220, 0xc000072101, 0x1, 0x0)
    pkg/sleep/sleep_unsafe.go:225 +0x38
gvisor.dev/gvisor/pkg/tcpip/transport/tcp.(*processor).handleSegments(0xc000072180)
    pkg/tcpip/transport/tcp/dispatcher.go:94 +0x26a
created by gvisor.dev/gvisor/pkg/tcpip/transport/tcp.newProcessor
    pkg/tcpip/transport/tcp/dispatcher.go:78 +0x5d

goroutine 20 [chan receive]:
gvisor.dev/gvisor/pkg/sentry/watchdog.(*Watchdog).waitForStart(0xc0000a2500)
    pkg/sentry/watchdog/watchdog.go:216 +0x5e
created by gvisor.dev/gvisor/pkg/sentry/watchdog.New
    pkg/sentry/watchdog/watchdog.go:168 +0x1ba

goroutine 21 [syscall]:
syscall.Syscall6(0x10f, 0xc000044eb0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/syscall/asm_linux_amd64.s:44 +0x5
gvisor.dev/gvisor/pkg/unet.(*Socket).wait(0xc0001fb6b0, 0xffffffffffffff00, 0x0, 0x0)
    pkg/unet/unet_unsafe.go:55 +0x93
gvisor.dev/gvisor/pkg/unet.(*ServerSocket).Accept(0xc000098928, 0x0, 0x0, 0x0)
    pkg/unet/unet.go:539 +0x13a
gvisor.dev/gvisor/pkg/control/server.(*Server).serve(0xc000239920)
    pkg/control/server/server.go:99 +0x32
gvisor.dev/gvisor/pkg/control/server.(*Server).StartServing.func1(0xc000239920)
    pkg/control/server/server.go:87 +0x2b
created by gvisor.dev/gvisor/pkg/control/server.(*Server).StartServing
    pkg/control/server/server.go:86 +0x92

goroutine 15 [select]:
gvisor.dev/gvisor/pkg/sentry/kernel/time.(*Timer).runGoroutine(0xc000280480)
    pkg/sentry/kernel/time/time.go:515 +0xb9
created by gvisor.dev/gvisor/pkg/sentry/kernel/time.(*Timer).init
    pkg/sentry/kernel/time/time.go:494 +0x139

goroutine 22 [syscall]:
gvisor.dev/gvisor/pkg/tcpip/link/rawfile.callEntersyscallblock()
    pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go:60 +0x5
gvisor.dev/gvisor/pkg/tcpip/link/rawfile.BlockingPoll(0xc00007ed20, 0x1, 0x0, 0x8, 0x40)
    pkg/tcpip/link/rawfile/blockingpoll_amd64.s:23 +0x5
gvisor.dev/gvisor/pkg/tcpip/link/rawfile.BlockingRecvMMsg(0x15, 0xc0001c0400, 0x8, 0x8, 0x0, 0x0)
    pkg/tcpip/link/rawfile/rawfile_unsafe.go:189 +0xbd
gvisor.dev/gvisor/pkg/tcpip/link/fdbased.(*recvMMsgDispatcher).dispatch(0xc0000f9440, 0x0, 0x10)
    pkg/tcpip/link/fdbased/packet_dispatchers.go:261 +0x96
gvisor.dev/gvisor/pkg/tcpip/link/fdbased.(*endpoint).dispatchLoop(0xc0002c6510, 0xef3060, 0xc0000f9440, 0xc0002567b0)
    pkg/tcpip/link/fdbased/endpoint.go:583 +0x31
gvisor.dev/gvisor/pkg/tcpip/link/fdbased.(*endpoint).Attach.func1(0xc0002c6510, 0x0)
    pkg/tcpip/link/fdbased/endpoint.go:331 +0x54
created by gvisor.dev/gvisor/pkg/tcpip/link/fdbased.(*endpoint).Attach
    pkg/tcpip/link/fdbased/endpoint.go:330 +0x95

goroutine 23 [syscall]:
syscall.Syscall6(0x119, 0x16, 0xc00007fb00, 0x64, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/syscall/asm_linux_amd64.s:44 +0x5
gvisor.dev/gvisor/pkg/fdnotifier.epollWait(0x16, 0xc00007fb00, 0x64, 0x64, 0xffffffffffffffff, 0x0, 0x0, 0x0)
    pkg/fdnotifier/poll_unsafe.go:77 +0x74
gvisor.dev/gvisor/pkg/fdnotifier.(*notifier).waitAndNotify(0xc000372a80, 0x0, 0xc0001f1160)
    pkg/fdnotifier/fdnotifier.go:149 +0x7a
created by gvisor.dev/gvisor/pkg/fdnotifier.newNotifier
    pkg/fdnotifier/fdnotifier.go:64 +0xaa

goroutine 24 [syscall]:
syscall.Syscall6(0x10f, 0xc0003c8000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x40c0f6, 0x7f50ea717008, 0xc48207)
    src/syscall/asm_linux_amd64.s:44 +0x5
golang.org/x/sys/unix.ppoll(0xc0003c8000, 0x4, 0x0, 0x0, 0x7f50ea717008, 0x0, 0xed82b15)
    external/org_golang_x_sys/unix/zsyscall_linux_amd64.go:79 +0x88
golang.org/x/sys/unix.Ppoll(0xc0003c8000, 0x4, 0x4, 0x0, 0x0, 0x10, 0xc0003c8000, 0x18)
    external/org_golang_x_sys/unix/syscall_linux.go:133 +0x9d
gvisor.dev/gvisor/runsc/boot.(*Loader).startGoferMonitor.func1.1(0x20, 0x1, 0xc0003c8000, 0xc0003c8000)
    runsc/boot/loader.go:711 +0x44
gvisor.dev/gvisor/runsc/specutils.RetryEintr(0xc000080f80, 0xc000042180, 0x2, 0x2, 0x3)
    runsc/specutils/specutils.go:475 +0x27
gvisor.dev/gvisor/runsc/boot.(*Loader).startGoferMonitor.func1(0x7ffeefc44fa8, 0x40, 0xc00007d960, 0x4, 0x4, 0xc0000ae9a0)
    runsc/boot/loader.go:709 +0x1b9
created by gvisor.dev/gvisor/runsc/boot.(*Loader).startGoferMonitor
    runsc/boot/loader.go:700 +0x71

goroutine 25 [syscall]:
syscall.Syscall6(0x10f, 0xc000046748, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/syscall/asm_linux_amd64.s:44 +0x5
golang.org/x/sys/unix.ppoll(0xc000046748, 0x1, 0x0, 0x0, 0x42df5a, 0x0, 0x0)
    external/org_golang_x_sys/unix/zsyscall_linux_amd64.go:79 +0x88
golang.org/x/sys/unix.Ppoll(0xc000046748, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
    external/org_golang_x_sys/unix/syscall_linux.go:133 +0x9d
gvisor.dev/gvisor/pkg/p9.(*Client).watch(0xc0000cc900, 0xc0002cf890)
    pkg/p9/client.go:252 +0xb3
created by gvisor.dev/gvisor/pkg/p9.NewClient
    pkg/p9/client.go:232 +0x417

goroutine 26 [syscall]:
syscall.Syscall6(0x10f, 0xc000046f48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/syscall/asm_linux_amd64.s:44 +0x5
golang.org/x/sys/unix.ppoll(0xc000046f48, 0x1, 0x0, 0x0, 0x42df5a, 0x0, 0x0)
    external/org_golang_x_sys/unix/zsyscall_linux_amd64.go:79 +0x88
golang.org/x/sys/unix.Ppoll(0xc000046f48, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
    external/org_golang_x_sys/unix/syscall_linux.go:133 +0x9d
gvisor.dev/gvisor/pkg/p9.(*Client).watch(0xc0000cd500, 0xc000407470)
    pkg/p9/client.go:252 +0xb3
created by gvisor.dev/gvisor/pkg/p9.NewClient
    pkg/p9/client.go:232 +0x417

goroutine 27 [syscall]:
syscall.Syscall6(0x10f, 0xc000047748, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/syscall/asm_linux_amd64.s:44 +0x5
golang.org/x/sys/unix.ppoll(0xc000047748, 0x1, 0x0, 0x0, 0x42df5a, 0x0, 0x0)
    external/org_golang_x_sys/unix/zsyscall_linux_amd64.go:79 +0x88
golang.org/x/sys/unix.Ppoll(0xc000047748, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
    external/org_golang_x_sys/unix/syscall_linux.go:133 +0x9d
gvisor.dev/gvisor/pkg/p9.(*Client).watch(0xc0000cdb00, 0xc000407ce0)
    pkg/p9/client.go:252 +0xb3
created by gvisor.dev/gvisor/pkg/p9.NewClient
    pkg/p9/client.go:232 +0x417

goroutine 28 [syscall]:
syscall.Syscall6(0x10f, 0xc000047f48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
    src/syscall/asm_linux_amd64.s:44 +0x5
golang.org/x/sys/unix.ppoll(0xc000047f48, 0x1, 0x0, 0x0, 0x42df5a, 0x0, 0x0)
    external/org_golang_x_sys/unix/zsyscall_linux_amd64.go:79 +0x88
golang.org/x/sys/unix.Ppoll(0xc000047f48, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
    external/org_golang_x_sys/unix/syscall_linux.go:133 +0x9d
gvisor.dev/gvisor/pkg/p9.(*Client).watch(0xc000438000, 0xc0004283c0)
    pkg/p9/client.go:252 +0xb3
created by gvisor.dev/gvisor/pkg/p9.NewClient
    pkg/p9/client.go:232 +0x417

goroutine 30 [select]:
gvisor.dev/gvisor/pkg/sentry/kernel/time.(*Timer).runGoroutine(0xc0002c6870)
    pkg/sentry/kernel/time/time.go:515 +0xb9
created by gvisor.dev/gvisor/pkg/sentry/kernel/time.(*Timer).init
    pkg/sentry/kernel/time/time.go:494 +0x139

goroutine 11 [select]:
reflect.rselect(0xc0002a9200, 0x22, 0x22, 0xc0002a9200, 0x40c0f6)
    GOROOT/src/runtime/select.go:542 +0x38a
reflect.Select(0xc0004ca000, 0x22, 0x49, 0x20, 0x21, 0xc0004ca000, 0x20, 0x49)
    GOROOT/src/reflect/value.go:2229 +0x170
gvisor.dev/gvisor/pkg/sentry/sighandling.handleSignals(0xc0004ba000, 0x21, 0x40, 0xc000478b00, 0xc000075bc0, 0xc000075c20)
    pkg/sentry/sighandling/sighandling.go:44 +0x378
created by gvisor.dev/gvisor/pkg/sentry/sighandling.StartSignalForwarding
    pkg/sentry/sighandling/sighandling.go:91 +0x214

goroutine 12 [select]:
gvisor.dev/gvisor/pkg/sentry/watchdog.(*Watchdog).loop(0xc0000a2500)
    pkg/sentry/watchdog/watchdog.go:232 +0xce
created by gvisor.dev/gvisor/pkg/sentry/watchdog.(*Watchdog).Start
    pkg/sentry/watchdog/watchdog.go:191 +0x1e8

goroutine 13 [select]:
gvisor.dev/gvisor/pkg/sentry/kernel/time.(*Timer).runGoroutine(0xc0002803f0)
    pkg/sentry/kernel/time/time.go:515 +0xb9
created by gvisor.dev/gvisor/pkg/sentry/kernel/time.(*Timer).init
    pkg/sentry/kernel/time/time.go:494 +0x139

goroutine 16 [chan receive, locked to thread]:
gvisor.dev/gvisor/pkg/sentry/platform/ptrace.newSubprocess.func1(0xc000032290, 0xc000258240, 0xc0002582a0)
    pkg/sentry/platform/ptrace/subprocess.go:175 +0x1b4
created by gvisor.dev/gvisor/pkg/sentry/platform/ptrace.newSubprocess
    pkg/sentry/platform/ptrace/subprocess.go:159 +0x13c

goroutine 33 [runnable]:
gvisor.dev/gvisor/pkg/gate.(*Gate).Leave(0xc0002568d0)
    pkg/gate/gate.go:101 +0x86
gvisor.dev/gvisor/pkg/unet.(*SocketWriter).WriteVec(0xc000449c38, 0xc000449c20, 0x1, 0x1, 0x30, 0x0, 0x0)
    pkg/unet/unet_unsafe.go:219 +0x350
gvisor.dev/gvisor/pkg/urpc.marshal(0xc0002568d0, 0xc237e0, 0xc00046b200, 0x0, 0x0, 0x0, 0xc00047c860, 0x1)
    pkg/urpc/urpc.go:511 +0x37c
gvisor.dev/gvisor/pkg/urpc.(*Server).handleOne(0xc0001fb740, 0xc0002568d0, 0x0, 0x0)
    pkg/urpc/urpc.go:341 +0x807
gvisor.dev/gvisor/pkg/urpc.(*Server).handleRegistered(0xc0001fb740, 0xc0002568d0, 0x0, 0x0)
    pkg/urpc/urpc.go:420 +0x35
gvisor.dev/gvisor/pkg/urpc.(*Server).StartHandling.func1(0xc0001fb740, 0xc0002568d0)
    pkg/urpc/urpc.go:440 +0x73
created by gvisor.dev/gvisor/pkg/urpc.(*Server).StartHandling
    pkg/urpc/urpc.go:438 +0x61

rax    0xc0002623c0
rbx    0x1
rcx    0xc000357980
rdx    0xc000081cc0
rdi    0xc0002641e8
rsi    0xef2ba0
rbp    0xc000081c10
rsp    0xc000081be8
r8     0x1
r9     0x0
r10    0x0
r11    0xc0002641c0
r12    0x0
r13    0x0
r14    0xedaa5a
r15    0x0
rip    0x740560
rflags 0x10206
cs     0x33
fs     0x0
gs     0x0
root@vps10558:~# docker info
Containers: 11
 Running: 1
 Paused: 0
 Stopped: 10
Images: 14
Server Version: 18.09.7
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc runsc
Default Runtime: runc
Init Binary: docker-init
containerd version: 
runc version: N/A
init version: v0.18.0 (expected: fec3683b971d9c3ef73f284f176672c44b448662)
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-60-generic
Operating System: Ubuntu 18.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.852GiB
Name: vps10558
ID: P74S:OZ5H:H2VO:3FYZ:R7ZB:PW2H:EV6X:RDVJ:NTXJ:BJFC:YGJI:U5DI
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: matisiekpl
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support
Linux vps10558 4.15.0-60-generic #67-Ubuntu SMP Thu Aug 22 16:55:30 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Proxmox vm options: image

What should I do to run container in my vm?

prattmic commented 4 years ago

runsc is crashing because the RDTSCP instruction is not supported.

What host CPU and kernel version are you using?

That instruction has been in x86 CPUs for 10+ years, so I imagine that the host does support it, but the hypervisor is disabling it in the guest.

Does Proxmox use QEMU+KVM? It seems there is some complexity about QEMU disabling RDTSCP on AMD guests because kernel support was added only a few years ago. It's not clear to me if they've merged patches to re-enable it, but it at least sounds possible to manually enabled with the appropriate flags.

https://lkml.org/lkml/2018/12/10/687

matisiekpl commented 4 years ago

@prattmic I enabled the RDTSCP flag on proxmox config, but I still getting following error:

root@vps10558:~# docker run -it --runtime=runsc ubuntu dmesg
docker: Error response from daemon: OCI runtime start failed: starting container: setting gofer oom_score_adj for container "3aee26e28473b2ce36699f953eeb2f99f8d1f042b76dfc175c59e5ed83b10047": write /proc/5180/oom_score_adj: invalid argument: unknown.
ERRO[0000] error waiting for container: context canceled

What should I do now? Thanks, Matt

prattmic commented 4 years ago

Hm, that's a very different error. I assume this failure is consistent?

@ianlewis or @fvoznika will need to take a look.

matisiekpl commented 4 years ago

Hm, that's a very different error. I assume this failure is consistent?

I don't know, I just want to use gVisor on my VPS. @prattmic Can it be caused by Proxmox vm setup? Or it's KVM-related bug?

ianlewis commented 4 years ago

@MatisiekPL It seems strange that it would be caused by the VM but I'm not really familiar with Proxmox.

A few questions come to mind:

matisiekpl commented 4 years ago

Docker version: 19.03.6 I can run container using docker default runtime. And I have mounted /proc. How can I find runsc version?

fvoznika commented 4 years ago

For runsc version: runsc --version

Not sure why the call is failing with invalid argument. Could you patch #1953 and run again to ensure the value being set is correct. Also, enable debug logging and attach the logs to here.

ianlewis commented 4 years ago

Since we don't validate oomScoreAdj from the OCI bundle it's possible that the value set there is either >1000 or <-1000 and thus causes this issue.

ianlewis commented 4 years ago

@MatisiekPL Can you try again with the latest version of runsc from HEAD so we can get more logging info?

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.