Debian Sid/ Kernel 5.10 and docker-ce issues relating to cgroup

ric96 · April 29, 2021, 8:55pm

I have currently only tested this with build 487, latest snapshot as of the day of writing.

running docker-ce currently causes this error:

linaro@linaro-gnome:~$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
256ab8fe8778: Pull complete 
Digest: sha256:f2266cbfc127c960fd30e76b7c792dc23b588c0db76233517e1891a4e357d519
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: process_linux.go:458: setting cgroup config for procHooks process caused: can't load program: function not implemented: unknown.
ERRO[0006] error waiting for container: context canceled

the solution for the time being is to add systemd.unified_cgroup_hierarchy=0 to the kernel cmdline and can be achieved by modifying the boot image with abootimg and reflashing.

$ abootimg -u boot-linaro-sid-dragonboard-845c-487.img -c "cmdline = root=PARTLABEL=rootfs console=tty0 console=ttyMSM0,115200n8 clk_ignore_unused pd_ignore_unused systemd.unified_cgroup_hierarchy=0"
reading config args
Writing Boot Image boot-linaro-sid-dragonboard-845c-487.img

I haven’t looked at what changed between 5.2 and 5.10 images but just posing the solution here.

I’m wondering if we can have prebuilt images with this workaround till we find a fix?

fcolumbu · July 6, 2021, 11:37pm

I am having a similar issue with a DragonBoard 410c running Debian Bullseye using the boot from SD flash image:

linaro@DragonBoard**:~$ sudo docker run hello-world**

docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: process_linux.go:508: setting cgroup config for procHooks process caused: load program: function not implemented: unknown.

ERRO**[0003] error waiting for container: context canceled**

linaro@DragonBoard**:~$ sudo docker version

Client: Docker Engine - Community

Version: 20.10.7

API version: 1.41

Go version: go1.13.15

Git commit: f0df350

Built: Wed Jun 2 11:57:51 2021

OS/Arch: linux/arm64

Context: default

Experimental: true

Server: Docker Engine - Community

Engine:

Version: 20.10.7

API version: 1.41 (minimum version 1.12)

Go version: go1.13.15

Git commit: b0f5bc3

Built: Wed Jun 2 11:55:56 2021

OS/Arch: linux/arm64

Experimental: false

containerd:

Version: 1.4.6

GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d

runc:

Version: 1.0.0-rc95

GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7

docker-init:

Version: 0.19.0

GitCommit: de40ad0

Docker is running but the “abootimg” command does not exist on the image I am running.

linaro@DragonBoard**:~$ cat /etc/os-release**

PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"

NAME="Debian GNU/Linux"

VERSION_ID="11"

VERSION="11 (bullseye)"

VERSION_CODENAME=bullseye

ID=debian

**HOME_URL=…

**SUPPORT_URL=…

**BUG_REPORT_URL=…

linaro@DragonBoard**:~$**

The kernel version is 5.10.0.

linaro@DragonBoard**:~$ uname -a**

Linux DragonBoard 5.10.0-qcomlt-arm64 #172 SMP PREEMPT Thu Feb 25 22:58:09 UTC 2021 aarch64 GNU/Linux

What can I do?

Thanks

Loic · July 7, 2021, 9:27am

Is it the latest release? @alimon any known issue with docker? maybe some kernel CGROUP flags are missing?

You can probably install android tool with apt-get, alternatively you can use dbootimg to update command line parameters: HDMI screen when device was booted without HDMI - #9 by Loic

fcolumbu · July 8, 2021, 11:19pm

It would appear that the 410c does not have “dbootimg” either.
linaro@DragonBoard**:~$ which dbootimg**

linaro@DragonBoard**:~$**

fcolumbu · July 7, 2021, 6:22pm

The crux of the problem is that Docker is running but it cannot launch a container due to the cgroups issue.

sudo docker version works — but —

sudo docker run hello-world results in:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: process_linux.go:508: setting cgroup config for procHooks process caused: load program: function not implemented: unknown.

fcolumbu · July 7, 2021, 9:58pm

Here is the detailed OS info:

linaro@DragonBoard**:~$ cat /etc/os-release**

PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"

NAME="Debian GNU/Linux"

VERSION_ID="11"

VERSION="11 (bullseye)"

VERSION_CODENAME=bullseye

ID=debian

HOME_URL="https://www.debian.org/"

**SUPPORT_URL=… link removed

**BUG_REPORT_URL=… link removed

linaro@DragonBoard**:~$ uname -a**

Linux DragonBoard 5.10.0-qcomlt-arm64 #172 SMP PREEMPT Thu Feb 25 22:58:09 UTC 2021 aarch64 GNU/Linux

linaro@DragonBoard**:~$**

danielt · July 9, 2021, 9:28am

The link to the HDMI thread contains instructions on how to install dbootimg (dbootimg is one of the tools in the dt-update repo).

alimon · July 13, 2021, 1:13am

@Loic Researching about systemd.unified_cgroup_hierarchy=0 set cgroups to be v1. I’m reviewing which is the best solution to fix this issue with docker-ce.