Kernel panic Docker Desktop inside the macos container

[xiaoyao9184]

Operating system

ubuntu 24.04

Description

I'm trying to run Docker Desktop inside the macos container.

I’ve enabled nested virtualization (kern.hv_support: 1 is confirmed), and Docker Desktop successfully passes the Hypervisor check and memory check.

However, upon starting Docker Desktop, it tries to boot the LinuxKit VM, which immediately crashes with a kernel panic.

Docker compose

version: '3.8'

volumes:
  home:

services:
  docker-osx-15:
    image: sickcodes/docker-osx:latest
    devices:
      - /dev/kvm
    volumes:
      - home:/home/arch
    ports:
      - "50922:10022"
      - "5999:5999"
    environment:
      - GENERATE_UNIQUE=true
      - CPU=host
      - RAM=16
      - SMP=8
      - CORES=8
      - CPUID_FLAGS=kvm=on,vendor=GenuineIntel,+vmx,+invtsc,+xsave,+aes,+ssse3,+fsgsbase,+rdtscp,+sse4.2,+fma,+avx,+avx2,vmware-cpuid-freq=on
      - MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom-sonoma.plist
      - SHORTNAME=sequoia
      - EXTRA=-display none -vnc 0.0.0.0:99,password=off

Docker log

no error on macos container

_sickcodes-docker-osx-15-1_logs.txt

some log

...
# umount-all
libguestfs: trace: set_verbose true
libguestfs: trace: set_verbose = 0
libguestfs: trace: set_backend "direct"
libguestfs: trace: set_backend = 0
libguestfs: create: flags = 0, handle = 0x58e7fed5eab0, program = guestfish
libguestfs: trace: umount_all
guestfsd: <= umount_all (0x2f) request length 40 bytes
umount-all: /proc/mounts: fsname=/dev/root dir=/ type=ext2 opts=rw,noatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/proc dir=/proc type=proc opts=rw,relatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/sys dir=/sys type=sysfs opts=rw,relatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev dir=/dev type=devtmpfs opts=rw,relatime,size=610248k,nr_inodes=152562,mode=755,inode64 freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev/pts dir=/dev/pts type=devpts opts=rw,relatime,mode=600,ptmxmode=000 freq=0 passno=0
umount-all: /proc/mounts: fsname=shmfs dir=/dev/shm type=tmpfs opts=rw,relatime,inode64 freq=0 passno=0
umount-all: /proc/mounts: fsname=tmpfs dir=/run type=tmpfs opts=rw,nosuid,relatime,size=246920k,mode=755,inode64 freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev/sda2 dir=/sysroot type=vfat opts=rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev/sda1 dir=/sysroot/ESP type=vfat opts=rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro freq=0 passno=0
commandrvf: stdout=n stderr=y flags=0x0
commandrvf: umount /sysroot/ESP
commandrvf: stdout=n stderr=y flags=0x0
commandrvf: umount /sysroot
libguestfs: trace: umount_all = 0
libguestfs: trace: shutdown
libguestfs: trace: shutdown = 0
libguestfs: trace: close
libguestfs: closing guestfs handle 0x58e7fed5eab0 (state 0)
### cleaning up ...
libguestfs: trace: close
libguestfs: closing guestfs handle 0x5b1417f2dab0 (state 2)
libguestfs: trace: internal_autosync
guestfsd: => umount_all (0x2f) took 0.10 secs
guestfsd: <= internal_autosync (0x11a) request length 40 bytes
umount-all: /proc/mounts: fsname=/dev/root dir=/ type=ext2 opts=rw,noatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/proc dir=/proc type=proc opts=rw,relatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/sys dir=/sys type=sysfs opts=rw,relatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev dir=/dev type=devtmpfs opts=rw,relatime,size=610248k,nr_inodes=152562,mode=755,inode64 freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev/pts dir=/dev/pts type=devpts opts=rw,relatime,mode=600,ptmxmode=000 freq=0 passno=0
umount-all: /proc/mounts: fsname=shmfs dir=/dev/shm type=tmpfs opts=rw,relatime,inode64 freq=0 passno=0
umount-all: /proc/mounts: fsname=tmpfs dir=/run type=tmpfs opts=rw,nosuid,relatime,size=246920k,mode=755,inode64 freq=0 passno=0
commandrvf: stdout=n stderr=y flags=0x0
commandrvf: udevadm --debug settle -E /dev/sdb
No filesystem is currently mounted on /sys/fs/cgroup.
Failed to determine unit we run in, ignoring: No data available
commandrvf: stdout=n stderr=y flags=0x0
commandrvf: udevadm --debug settle -E /dev/sda
No filesystem is currently mounted on /sys/fs/cgroup.
Failed to determine unit we run in, ignoring: No data available
fsync /dev/sda
libguestfs: trace: internal_autosync = 0
libguestfs: sending SIGTERM to process 1061
libguestfs: qemu maxrss 280008K
libguestfs: command: run: rm
libguestfs: command: run: \ -rf /tmp/libguestfsTvEu1L
libguestfs: command: run: rm
libguestfs: command: run: \ -rf /tmp/libguestfsU8HewI
DEVICE_MODEL,SERIAL,BOARD_SERIAL,UUID,MAC_ADDRESS,WIDTH,HEIGHT,KERNEL_ARGS
"iMacPro1,1","C02DT04BHX87","C02050108QXJG36FB","D91EEFBF-2065-437D-89B8-378034646BCF","D8:96:95:34:F6:45","1920","1080",""
DEVICE_MODEL	SERIAL	BOARD_SERIAL	UUID	MAC_ADDRESS	WIDTH	HEIGHT	KERNEL_ARGS
iMacPro1,1	C02DT04BHX87	C02050108QXJG36FB	D91EEFBF-2065-437D-89B8-378034646BCF	D8:96:95:34:F6:45	1920	1080	
ssh-keygen: generating new host keys: RSA ECDSA ED25519 
++ id -u
++ id -g
+ sudo chown 1000:1000 /dev/kvm
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ [[ 16 = max ]]
+ [[ 16 = half ]]
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 16000 -cpu host,kvm=on,vendor=GenuineIntel,+vmx,+invtsc,+xsave,+aes,+ssse3,+fsgsbase,+rdtscp,+sse4.2,+fma,+avx,+avx2,vmware-cpuid-freq=on -machine q35,accel=kvm:tcg -smp 8,cores=8 -device qemu-xhci,id=xhci -device usb-kbd,bus=xhci.0 -device usb-tablet,bus=xhci.0 -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -device ide-hd,bus=sata.3,drive=InstallMedia -drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -boot menu=on -vga vmware -display none -vnc 0.0.0.0:99,password=off
QEMU 9.2.2 monitor - type 'help' for more information
...

Docker Desktop log

docker@dockers-iMac-Pro ~ % cat /Users/docker/Library/Containers/com.docker.docker/Data/log/vm/console.log
[   16.007514] Oops: general protection fault, maybe for address 0x1: 0000 [#1] PREEMPT SMP PTI
[   16.008514] CPU: 5 PID: 0 Comm: swapper/5 Not tainted 6.10.14-linuxkit #1
[   16.008514] RIP: 0010:switch_mm_irqs_off+0x473/0x500
[   16.008514] Code: 48 83 c2 10 66 83 f8 06 75 de 65 c6 05 59 72 fb 48 00 e9 86 fc ff ff 48 8b 05 51 fd b0 01 b9 49 00 00 00 48 89 c2 48 c1 ea 20 <0f> 30 e9 13 fc ff ff 0f 0b e9 65 fc ff ff 65 48 c7 05 13 72 fb 48
[   16.008514] RSP: 0000:ffff8f24c0833e90 EFLAGS: 00000046
[   16.008514] RAX: 0000000000000001 RBX: ffff8f24c26f8000 RCX: 0000000000000049
[   16.008514] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffffb9507040
[   16.008514] RBP: ffff8f24c0330000 R08: 0000000000000000 R09: 0000000000000000
[   16.008514] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffb9507040
[   16.008514] R13: ffff8f24c26f8000 R14: 0000000000000005 R15: ffff8f24c03eaa80
[   16.008514] FS:  0000000000000000(0000) GS:ffff8f25ebf40000(0000) knlGS:0000000000000000
[   16.008514] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   16.008514] CR2: 0000000000000000 CR3: 000000009642e001 CR4: 0000000000370eb0
[   16.008514] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   16.008514] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   16.008514] Call Trace:
[   16.008514]  <TASK>
[   16.008514]  ? die_addr+0x36/0x90
[   16.008514]  ? exc_general_protection+0x1bc/0x3c0
[   16.008514]  ? tmigr_update_events+0x1f7/0x300
[   16.008514]  ? asm_exc_general_protection+0x26/0x30
[   16.008514]  ? switch_mm_irqs_off+0x473/0x500
[   16.008514]  __schedule+0x2ab/0x8b0
[   16.008514]  schedule_idle+0x20/0x40
[   16.008514]  cpu_startup_entry+0x29/0x30
[   16.008514]  start_secondary+0xf5/0x100
[   16.008514]  common_startup_64+0x13b/0x148
[   16.008514]  </TASK>
[   16.008514] Modules linked in:
[   16.008514] ---[ end trace 0000000000000000 ]---
[   16.008514] RIP: 0010:switch_mm_irqs_off+0x473/0x500
[   16.008514] Code: 48 83 c2 10 66 83 f8 06 75 de 65 c6 05 59 72 fb 48 00 e9 86 fc ff ff 48 8b 05 51 fd b0 01 b9 49 00 00 00 48 89 c2 48 c1 ea 20 <0f> 30 e9 13 fc ff ff 0f 0b e9 65 fc ff ff 65 48 c7 05 13 72 fb 48
[   16.008514] RSP: 0000:ffff8f24c0833e90 EFLAGS: 00000046
[   16.008514] RAX: 0000000000000001 RBX: ffff8f24c26f8000 RCX: 0000000000000049
[   16.008514] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffffb9507040
[   16.008514] RBP: ffff8f24c0330000 R08: 0000000000000000 R09: 0000000000000000
[   16.008514] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffb9507040
[   16.008514] R13: ffff8f24c26f8000 R14: 0000000000000005 R15: ffff8f24c03eaa80
[   16.008514] FS:  0000000000000000(0000) GS:ffff8f25ebf40000(0000) knlGS:0000000000000000
[   16.008514] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   16.008514] CR2: 0000000000000000 CR3: 000000009642e001 CR4: 0000000000370eb0
[   16.008514] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   16.008514] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   16.008514] Kernel panic - not syncing: Fatal exception
[   16.008514] Kernel Offset: 0x36000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   16.008514] ---[ end Kernel panic - not syncing: Fatal exception ]---

Nested virtualization

docker@dockers-iMac-Pro ~ % sysctl -a | grep -E 'machdep.cpu.features|machdep.cpu.leaf7_features'
machdep.cpu.features: FPU VME DE PSE TSC MSR PAE MCE CX8 APIC SEP MTRR PGE MCA CMOV PAT PSE36 CLFSH MMX FXSR SSE SSE2 SS HTT SSE3 PCLMULQDQ VMX SSSE3 FMA CX16 PDCM SSE4.1 SSE4.2 x2APIC MOVBE POPCNT AES VMM PCID XSAVE OSXSAVE TSCTMR AVX1.0 RDRAND F16C
machdep.cpu.leaf7_features: RDWRFSGS TSC_THREAD_OFFSET BMI1 AVX2 FDPEO SMEP BMI2 ERMS INVPCID FPU_CSDS MPX AVX512F AVX512DQ RDSEED ADX SMAP CLFSOPT CLWB AVX512CD AVX512BW AVX512VL UMIP PKU AVX512VNNI MDCLEAR IBRS STIBP L1DF ACAPMSR SSBD

docker@dockers-iMac-Pro ~ % sysctl kern.hv_support
kern.hv_support: 1

qemu cmd

qemu-system-x86_64 -m 16000 -cpu host,kvm=on,vendor=GenuineIntel,+vmx,+invtsc,+xsave,+aes,+ssse3,+fsgsbase,+rdtscp,+sse4.2,+fma,+avx,+avx2,vmware-cpuid-freq=on -machine q35,accel=kvm:tcg -smp 8,cores=8 -device qemu-xhci,id=xhci -device usb-kbd,bus=xhci.0 -device usb-tablet,bus=xhci.0 -device isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc -drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore/OpenCore.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -device ide-hd,bus=sata.3,drive=InstallMedia -drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -boot menu=on -vga vmware -display none -vnc 0.0.0.0:99,password=off