andwoo
June 15, 2020, 6:01am
1
Hello,
I have been working on scaling further upwards and have encountered another occurrence of the following failure when attempting to start a container, after having 1351 containers up:
lxc-start 438 20200615053953.628 ERROR seccomp - seccomp.c:lxc_seccomp_load:1239 - Unknown error 524 - Error loading the seccomp policy
This was originally raised & solved in this thread:
Hey,
I am trying to evaluate LXD for a mass container solution and I just build up my first node with upstream snap version of LXD on a baremetal Ubuntu 18.04 LTS. Works everything fine, but when I scale over now exactly 597 containers, the next containers fail to start.
I researched and found different solutions for this error and already tested it with the optimizations from https://lxd.readthedocs.io/en/latest/production-setup/ . I also raised the values to maybe not good values, only to be …
Where the solution was to increase this:
net.core.bpf_jit_limit = 3000000000
I have tried increasing it much further than what is advised (net.core.bpf_jit_limit = 3000000000000), but am still encountering the seccomp errors, so I believe that there might be another constraint at play.
Here is sysctl:
The containers are running Ubuntu 18.04.
Could you please advise where to look next in order to diagnose the issue?
andwoo
June 15, 2020, 6:57am
2
Actually this appears to be unrelated to LXC, i see the following in the syslog:
Jun 15 06:45:14 host kernel: vmap allocation for size 8192 failed: use vmalloc= to increase size
Jun 15 06:45:14 host kernel: Call Trace:
Jun 15 06:45:14 host kernel: Node 0 active_anon:96891592kB inactive_anon:176347476kB active_file:42523196kB inactive_file:38214056kB unevictable:285892kB isolated(anon):0kB isolated(file):0kB mapped:11951496kB dirty:1392kB writeback:0kB shmem:78572kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no4kB (U) 1 8kB (U) 116kB (U) 1 32kB (U) 364kB (U) 0 128kB 1256kB (U) 0 512kB 11024kB (U) 1 2048kB (M) 34096kB (M) = 15872kB 4kB (UM) 38kB (M) 6 16kB (M) 632kB (M) 4 64kB (M) 6128kB (M) 5 256kB (UM) 7512kB (UM) 9 1024kB (UM) 72048kB (UM) 634 4096kB (M) = 2626636kB4kB (UME) 19286 8kB (UM) 639816kB (UME) 2009 32kB (UME) 3764kB (UME) 192 128kB (UME) 173256kB (UM) 53 512kB (UM) 7521024kB (UME) 356 2048kB (U) 136294096kB (M) = 57810820kB 4kB (UME) 378348kB (UME) 17518 16kB (UME) 2570332kB (UME) 10200 64kB (UME) 6514128kB (UME) 794 256kB (UME) 755512kB (UE) 685 1024kB (UE) 1562048kB (U) 18879 4096kB (M) = 82040852kB
So perhaps related to space taken by bpf_jit, but also possibly related to my almost full swap (1.52TB/1.82TB) which I imagine could be fragmented. That is increasing in size shortly, so will retest after that. I still have plenty free RAM.
I have continued to try a few tweaks here and there with being able to boot more containers than 1350, but am still getting stuck. I have a thread on the proxmox forums looking for some advice, but no progress yet:
As I mention there, I see very few similar reports of this error, other than old issues with vmalloc on 32-bit. I reduced the footprint of zfs on the server by reducing zpools on the server from 71 to 10, thinking that might help, but no change at all. My last thoughts are around cgroups, but i am at a loss as to how to interpret the call trace, and what direction that points in.