[CRIU] Failing second checkpoint with iptables-restore v1.8.0 (nf_tables)
Adrian Reber
adrian at lisas.de
Wed Sep 5 12:14:14 MSK 2018
I got a report of a checkpoint failure that is happening when dumping a
already restored runc container.
On the second 'runc checkpoint' the log says:
(00.101158) Lock network
(00.101161) Running network-lock scripts
(00.101162) RPC
iptables-restore v1.8.0 (nf_tables):
line 2: CHAIN_USER_FLUSH failed (Device or resource busy): chain CRIU
line 2: CHAIN_USER_ADD failed (File exists): chain CRIU
(00.109645) Error (criu/util.c:811): exited, status=4
ip6tables-restore v1.8.0 (nf_tables):
line 2: CHAIN_USER_FLUSH failed (Device or resource busy): chain CRIU
line 2: CHAIN_USER_ADD failed (File exists): chain CRIU
(00.117250) Error (criu/util.c:811): exited, status=4
(00.117267) Error (criu/net.c:2560): Locking network failed:
iptables-restore returned -1. This may be connected to disabled
CONFIG_NETFILTER_XT_MARK kernel build config option.
(00.117284) Unlock network
(00.117286) Running network-unlock scripts
(00.117288) RPC
iptables-restore v1.8.0 (nf_tables):
line 2: CHAIN_USER_FLUSH failed (Device or resource busy): chain CRIU
line 2: CHAIN_USER_ADD failed (File exists): chain CRIU
(00.124776) Error (criu/util.c:811): exited, status=4
ip6tables-restore v1.8.0 (nf_tables):
line 2: CHAIN_USER_FLUSH failed (Device or resource busy): chain CRIU
line 2: CHAIN_USER_ADD failed (File exists): chain CRIU
(00.132118) Error (criu/util.c:811): exited, status=4
(00.132144) Unfreezing tasks into 1
(00.132154) Unseizing 15729 into 1
(00.132175) Error (criu/cr-dump.c:1720): Dumping FAILED.
This is criu 3.10 on a 4.18 kernel. This is the first time I am seeing a
system with 'iptables-restore v1.8.0 (nf_tables)'. Not sure if that is
related.
I cannot reproduce it with runc currently. So right now I just wanted to
reach it out if this is something anybody has already seen.
Adrian
More information about the CRIU
mailing list