Virtualised runners unable to run i386 container images
View options
All our CI runners running on Ganeti instances are unable to run i386 images:
root@ci-runner-x86-02:~# podman run --rm -it i386/debian:bullseye-slim apt update
Resolving "i386/debian" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/i386/debian:bullseye-slim...
Getting image source signatures
Copying blob 71e749b27156 done
Copying config b5e76b3dd2 done
Writing manifest to image destination
Storing signatures
WARNING: image platform ({386 linux [] }) does not match the expected platform ({amd64 linux [] })
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Err:1 http://deb.debian.org/debian bullseye InRelease
Sub-process apt-key exited unexpectedly
Get:4 http://deb.debian.org/debian-security bullseye-security/main i386 Packages [275 kB]
Err:3 http://deb.debian.org/debian bullseye-updates InRelease
Sub-process apt-key exited unexpectedly
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bullseye InRelease: Sub-process apt-key exited unexpectedly
E: The repository 'http://deb.debian.org/debian bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bullseye-updates InRelease: Sub-process apt-key exited unexpectedly
E: The repository 'http://deb.debian.org/debian bullseye-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error codeThe host's kernel logs a segmentation fault:
Jun 19 18:26:26 ci-runner-x86-02 kernel: apt-key[2897082]: segfault at ff9d04d0 ip 00000000f7f5d559 sp 00000000ff9d04d0 error 25 likely on CPU 9 (core 0, socket 9)
Jun 19 18:26:26 ci-runner-x86-02 kernel: Code: Unable to access opcode bytes at 0xf7f5d52f.
Jun 19 18:26:26 ci-runner-x86-02 kernel: apt-key[2897164]: segfault at ffb19440 ip 000000005665ba4a sp 00000000ffb19444 error 27 in dash[56655000+14000] likely on CPU 1 (core 0, socket 1)
Jun 19 18:26:26 ci-runner-x86-02 kernel: Code: 8b 85 58 ff ff ff 85 c0 74 36 83 ec 0c 50 e8 bd 96 ff ff 83 c4 10 8b 85 54 ff ff ff 85 c0 78 20 83 ec 0c 50 e8 e7 9a ff ff 5a <ff> b5 60 ff ff ff e8 ab 31 00 00 8b b5 04 ff ff ff 83 c4 10 89 06
Jun 19 18:26:26 ci-runner-x86-02 kernel: sh[2897182]: segfault at ffdc9e70 ip 00000000f7f13559 sp 00000000ffdc9e70 error 25 likely on CPU 12 (core 0, socket 12)
Jun 19 18:26:26 ci-runner-x86-02 kernel: Code: Unable to access opcode bytes at 0xf7f1352f.On physical runners, eg. ci-runner-x86-03 this works fine.
This is likely to be either a kernel or qemu/kvm issue, but unclear which exactly.
Initially reported as #41242 (closed)