Bug 2107449

Summary: podman checkpoint restore: CRIU restoring failed -52. Segfault in criu/cr-restore.c:1510
Product: Red Hat Enterprise Linux 9 Reporter: Martin Pitt <mpitt>
Component: podmanAssignee: Adrian Reber <areber>
Status: CLOSED DUPLICATE QA Contact: atomic-bugs <atomic-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.1CC: bbaude, dwalsh, fweimer, jnovy, lsm5, mheon, mmarusak, mvollmer, pthomas, santiago, tsweeney, umohnani
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: CockpitTest
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-18 20:15:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2105220    
Bug Blocks:    
Attachments:
Description Flags
restore.log none

Description Martin Pitt 2022-07-15 05:46:00 UTC 
Created attachment 1897305 [details]
restore.log

Description of problem: Today's cockpit CI image refresh of RHEL 9.1 nightly [1] shows a CRIU restore regression in podman.


Version-Release number of selected component (if applicable):

podman-4.1.1-3.el9.x86_64
crun-1.4.5-2.el9.x86_64
criu-3.17-2.el9.x86_64
kernel-5.14.0-127.el9.x86_64
glibc-2.34-39.el9.x86_64


How reproducible: Always:


Steps to Reproduce:

podman run -dit --name test1 busybox:latest sh
podman container checkpoint test1
podman container restore test1

Actual results:

Error: OCI runtime error: crun: CRIU restoring failed -52.  Please check CRIU logfile /var/lib/containers/storage/overlay-containers/3d5a151f5151f45c3999207a8e70d8d2a5bfff50b5e1292eeed1da167d9d402f/userdata/restore.log

I attach the complete restore.log. It ends with

task_args->pid: 1
task_args->nr_threads: 1
task_args->clone_restore_fn: 0x11e70
task_args->thread_args: 0x25580
(00.022155) pie: 1: Switched to the restorer 1
(00.022276) pie: 1: Mapping native vDSO at 0x2d000
(00.022281) pie: 1: vdso: Using gettimeofday() on vdso at 0x31be0
(00.022287) pie: 1: 	mmap(0x400000 -> 0x401000, 0x3 0x12 3)
(00.022291) pie: 1: 	mmap(0x401000 -> 0x4de000, 0x7 0x12 3)
(00.022293) pie: 1: 	mmap(0x4de000 -> 0x517000, 0x1 0x12 3)
(00.022294) pie: 1: 	mmap(0x517000 -> 0x519000, 0x3 0x12 3)
(00.022316) Error (criu/cr-restore.c:1510): 4875 stopped by signal 11: Segmentation fault
(00.022396) mnt: Switching to new ns to clean ghosts
(00.022481) Error (criu/cr-restore.c:2536): Restoring FAILED.

Expected results: restore succeeds.


Additional info:

The image build log [2] shows the full package version diff at the end, compared to the previous image refresh a week ago. The likely candidates are

  podman (2:4.1.1-1.el9 -> 2:4.1.1-3.el9)
  glibc (2.34-32.el9 -> 2.34-39.el9)
  kernel (5.14.0-121.el9 -> 5.14.0-127.el9)
  libgcc (11.3.1-2.el9 -> 11.3.1-2.1.el9)

[1] https://github.com/cockpit-project/bots/pull/3616
[2] https://logs.cockpit-project.org/logs/image-refresh-3616-20220715-035050/log
Comment 2 Tom Sweeney 2022-07-15 15:35:27 UTC 
Adrian, PTAL
Comment 3 Adrian Reber 2022-07-15 15:42:20 UTC 
This is because glibc changed an internal API which requires a rebuild of CRIU. Tracked here: https://bugzilla.redhat.com/show_bug.cgi?id=2105220 and already solved. The package just needs to appear in the repository.
Comment 4 Tom Sweeney 2022-07-18 20:15:45 UTC 
Thanks Adrian.  Given that, closing this as a duplicate.

*** This bug has been marked as a duplicate of bug 2105220 ***
Comment 9 Ed Santiago 2022-08-03 20:10:23 UTC 
Oof - sorry, this never came to my inbox. My filter rules must be broken.

We run lots of criu tests in github CI and Fedora gating. Any time there's a "podman checkpoint" test, it uses criu. I don't know whether RHEL has new-enough versions of podman to have checkpoints. (I think some RHELs do, but don't know how to check). Anyhow, there's nothing at all that podman can do about this. It depends on getting the fixed criu pushed out, which it sounds like is happening.
Comment 10 Martin Pitt 2022-08-04 05:55:55 UTC 
Ed: FTR, cockpit-podman tests checkpoint/restore comprehensively. With cgroupsv1 it works on all RHEL/CentOS 8/9, Fedora, Debian, Ubuntu releases. cgroupsv2 is not available on RHEL/CentOS 8, so but everywhere else it works as well.

Thanks for confirming your criu tests! So structurally, the failure was that we didn't gate glibc on reverse dependency tests.
Comment 11 Marius Vollmer 2022-09-05 10:01:56 UTC 
We haven't seen this bug anymore in our CI for 24 days.  Thanks!