Skip to main content
This guide covers common issues you might encounter when using SmolVM and how to resolve them.

Diagnostics

SmolVM includes a built-in diagnostic tool to check your system configuration:
The smolvm doctor command validates:
  • KVM availability (Linux/Firecracker)
  • Firecracker binary installation
  • QEMU installation and HVF support (macOS)
  • Network configuration (nftables, iproute2)
  • System permissions

Common issues

Problem: Image builds fail because Docker is not installed, the daemon is not running, or your user lacks permission to access it.SmolVM automatically diagnoses the specific Docker issue and returns a targeted error message. The three most common scenarios are:Docker not installed:
Daemon not running:
Permission denied:
Solution:
  1. Install Docker if missing:
  1. Start the Docker daemon:
  1. Fix socket permissions (Linux):
You can also check Docker status programmatically before building:
Problem: The Firecracker backend requires KVM hardware virtualization.Solution:
  1. Verify KVM is available:
  1. If missing, enable virtualization in your BIOS/UEFI settings
  2. Add your user to the kvm group:
  1. Verify permissions:
Alternative: Use the QEMU backend if KVM is unavailable:
Problem: The firecracker executable is not in PATH.Solution:
  1. Run the setup command:
  1. Or install manually using the HostManager:
  1. Verify installation:
Problem: User lacks permissions to create TAP networking devices.Solution:
  1. Run the setup command:
  1. Or configure manually:
  1. Verify nftables is installed:
Problem: VM starts successfully but SSH connection fails.Solution:
  1. Check VM status:
  1. Test network connectivity:
  1. Check firewall rules:
  1. Examine VM logs:
  1. Increase the startup wait time:
Problem: A command, file transfer, shell, or snapshot preflight waits for the guest agent and then times out.Solution:
  1. Check that the sandbox uses a recent SmolVM image:
  1. On Linux QEMU hosts, verify the vsock device exists:
  1. Try the SSH compatibility path for file or environment operations:
  1. Inspect the sandbox log and guest-agent log output:
  1. Recreate the sandbox with a current published image if the log says the guest agent is missing:
Problem: Snapshot creation fails before SmolVM writes a disk, memory, or state artifact.This usually means SmolVM could not finish the guest sync step. SmolVM asks the guest to save pending file changes before it pauses the sandbox.Solution:
  1. Confirm the sandbox can run a simple command:
  1. If the fast shell fails, test SSH directly:
  1. Retry with a current image or recreate the sandbox. Recent images include the guest-agent /sync endpoint used before snapshot capture.
  2. Include the VM log when reporting the issue:
Problem: Multiple SmolVM processes trying to access the state database simultaneously.Solution:
  1. The state database uses exclusive locks for writes. Ensure only one process modifies VMs at a time.
  2. Check for stale processes:
  1. Clean up stale resources using the CLI:
  1. If persistent, manually remove the lock:
Problem: All IPs in the 172.16.0.2-254 range are allocated.Solution:
  1. List all VMs:
  1. Clean up stopped or stale VMs:
  1. The IP pool supports 253 concurrent VMs (172.16.0.2 through 172.16.0.254). If you need more, consider implementing a custom IP allocator.
Problem: QEMU process terminates immediately after start.Solution:
  1. Verify QEMU installation:
  1. Check HVF acceleration support:
  1. Reinstall QEMU via Homebrew:
  1. Check VM logs for kernel panic:
  1. Use auto-config mode to let SmolVM pick a compatible kernel and rootfs:
Problem: VM is marked as ERROR and cannot be restarted.Solution:
  1. Check VM details:
  1. Examine logs:
  1. Delete the failed VM and create a fresh one:
  1. Run cleanup to remove all stale resources:
Problem: SmolVM cannot create or write to any data directory.Solution:
  1. Check directory permissions:
  1. Create directory manually:
  1. Set explicit data directory:
  1. Use environment variable:

Debugging tips

Enable debug logging

Inspect Firecracker socket

Manually query the Firecracker API:

Check network rules

Monitor VM processes

Getting help

If you’re still experiencing issues:
  1. Check the GitHub Issues for similar problems
  2. Run smolvm doctor --json and include the output in your bug report
  3. Include relevant logs from ~/.local/state/smolvm/*.log
  4. Join the Celesto AI Discord community

Known limitations

  • IP Pool: Maximum 253 concurrent VMs (172.16.0.2-254)
  • SSH Port Pool: Maximum 800 concurrent VMs (ports 2200-2999)
  • Firecracker: Linux only and requires KVM
  • QEMU: Required for macOS and Windows guests; Linux direct-kernel guests can use the faster microvm machine model
  • libkrun: Experimental and does not support pause, resume, snapshots, or snapshot restore yet
  • Windows guests: Use SSH for the control channel
Last modified on June 30, 2026