Bug 2011648

Summary: crun 1.1: error "is paused" when trying to exec command in running container
Product: [Fedora] Fedora Reporter: khu60048
Component: crunAssignee: Giuseppe Scrivano <gscrivan>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 34CC: container-sig, gscrivan, lsm5, pehunt, rh.container.bot
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: crun-1.2-1.fc34 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-11 15:32:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description khu60048 2021-10-07 00:34:26 UTC 
Description of problem:

The upgrade from crun 1.0-1.fc34 -> 1.1-1.fc34 makes toolbox unusable.
Trying to exec /bin/bash in running containers errors out with:
Error: OCI runtime error: the container `xxxxxxxxxxxx` is paused.


Version-Release number of selected component (if applicable):

crun 1.1-1.fc34
Fedora Silverblue 34.20211006.0


How reproducible:

100%


Steps to Reproduce:
1. `toolbox create`
2. `toolbox enter -v --log-level=debug`

or

1. `podman start CONTAINER`
2. `podman exec -ti CONTAINER /bin/bash`


Actual results:

```
$ podman start CONTAINER
$ podman ps
CONTAINER ID  IMAGE                                         COMMAND               CREATED         STATUS             PORTS       NAMES
xxxxxxxxxxxx  registry.fedoraproject.org/fedora-toolbox:34  toolbox --log-lev...  2 months ago    Up 36 minutes ago              CONTAINER
$ podman exec -ti CONTAINER /bin/bash
Error: OCI runtime error: the container `xxxxxxxxxxxx` is paused.
```


Expected results:

Be able to run bash inside container.


Additional info:

This makes toolbox unusable on Fedora Silverblue.
Reverting to crun 1.0-1.fc34 fixes the problem.
Comment 1 khu60048 2021-10-07 05:07:28 UTC 
Upstream commit introducing the issue:
https://github.com/containers/crun/commit/4810ac6adb02595772e7d4560641ef7b749e54b4

Looking at https://github.com/containers/crun/blob/7d35659e5e7b1fd3c36b365759fc5458fd77f816/src/libcrun/cgroup.c#L1870
I guess this means that some "cgroup.freeze" file contains "1" at the time of check?

However the following command does not return anything:
$ find /sys/fs/cgroup/ -name cgroup.freeze -exec grep -H "1" {} \;

So maybe one of the pause/unpause functions in crun set cgroup.freeze to "1" just before the check?
As I'm not familiar with crun or cgroups, I don't know how to better identify the source of the issue.
Comment 2 Giuseppe Scrivano 2021-10-08 07:43:48 UTC 
fixed by: https://github.com/containers/crun/pull/747
Comment 3 Fedora Update System 2021-10-08 07:47:03 UTC 
FEDORA-2021-cf11d4d615 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf11d4d615
Comment 4 Fedora Update System 2021-10-09 00:59:44 UTC 
FEDORA-2021-cf11d4d615 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --advisory=FEDORA-2021-cf11d4d615 \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-cf11d4d615

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2021-10-11 15:32:36 UTC 
FEDORA-2021-cf11d4d615 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.