moby/libcontainerd
Antonio Murdaca 27087eacbf
libcontainerd: fix reaper goroutine position
It has observed defunct containerd processes accumulating over
time while dockerd was permanently failing to restart containerd.
Due to a bug in the runContainerdDaemon() function, dockerd does not clean up
its child process if containerd already exits very soon after the (re)start.

The reproducer and analysis below comes from docker 1.12.x but bug
still applies on latest master.

- from libcontainerd/remote_linux.go:

  329 func (r *remote) runContainerdDaemon() error {
   :
   :      // start the containerd child process
   :
  403     if err := cmd.Start(); err != nil {
  404             return err
  405     }
   :
   :      // If containerd exits very soon after (re)start, it is
possible
   :      // that containerd is already in defunct state at the time
when
   :      // dockerd gets here. The setOOMScore() function tries to
write
   :      // to /proc/PID_OF_CONTAINERD/oom_score_adj. However, this
fails
   :      // with errno EINVAL because containerd is defunct. Please see
   :      // snippets of kernel source code and further explanation
below.
   :
  407     if err := setOOMScore(cmd.Process.Pid, r.oomScore); err != nil
{
  408             utils.KillProcess(cmd.Process.Pid)
   :
   :              // Due to the error from write() we return here. As
the
   :              // goroutine that would clean up the child has not
been
   :              // started yet, containerd remains in the defunct
state
   :              // and never gets reaped.
   :
  409             return err
  410     }
   :
  417     go func() {
  418             cmd.Wait()
  419             close(r.daemonWaitCh)
  420     }() // Reap our child when needed
   :
  423 }

This is the kernel function that gets invoked when dockerd tries to
write
to /proc/PID_OF_CONTAINERD/oom_score_adj.

- from fs/proc/base.c:

 1197 static ssize_t oom_score_adj_write(struct file *file, ...
 1198                                         size_t count, loff_t
*ppos)
 1199 {
   :
 1223         task = get_proc_task(file_inode(file));
   :
   :          // The defunct containerd process does not have a virtual
   :          // address space anymore, i.e. task->mm is NULL. Thus the
   :          // following code returns errno EINVAL to dockerd.
   :
 1230         if (!task->mm) {
 1231                 err = -EINVAL;
 1232                 goto err_task_lock;
 1233         }
   :
 1253 err_task_lock:
   :
 1257         return err < 0 ? err : count;
 1258 }

The purpose of the following program is to demonstrate the behavior of
the oom_score_adj_write() function in connection with a defunct process.

$ cat defunct_test.c

\#include <unistd.h>

main()
{
    pid_t pid = fork();

    if (pid == 0)
        // child
        _exit(0);

    // parent
    pause();
}

$ make defunct_test
cc     defunct_test.c   -o defunct_test

$ ./defunct_test &
[1] 3142

$ ps -f | grep defunct_test | grep -v grep
root      3142  2956  0 13:04 pts/0    00:00:00 ./defunct_test
root      3143  3142  0 13:04 pts/0    00:00:00 [defunct_test] <defunct>

$ echo "ps 3143" | crash -s
  PID    PPID  CPU       TASK        ST  %MEM     VSZ    RSS  COMM
  3143   3142   2  ffff880035def300  ZO   0.0       0      0
defunct_test

$ echo "px ((struct task_struct *)0xffff880035def300)->mm" | crash -s
$1 = (struct mm_struct *) 0x0
                          ^^^ task->mm is NULL

$ cat /proc/3143/oom_score_adj
0

$ echo 0 > /proc/3143/oom_score_adj
-bash: echo: write error: Invalid argument"

---

This patch fixes the above issue by making sure we start the reaper
goroutine as soon as possible.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-27 15:13:59 +02:00
..
client.go fix typo in libcontainerd/client.go 2017-01-11 23:10:02 +08:00
client_linux.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
client_solaris.go Add expected 3rd party binaries commit ids to info 2016-11-09 07:42:44 -08:00
client_unix.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
client_windows.go Windows: Remove unused SandboxPath 2017-05-24 13:44:35 -07:00
container.go Remove restartmanager from libcontainerd 2016-10-07 12:09:54 -07:00
container_unix.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
container_windows.go Stop holding client container lock during shutdown 2017-03-07 16:24:34 -08:00
oom_linux.go Add functional support for Docker sub commands on Solaris 2016-11-07 09:06:34 -08:00
oom_solaris.go Add functional support for Docker sub commands on Solaris 2016-11-07 09:06:34 -08:00
pausemonitor_unix.go Add functional support for Docker sub commands on Solaris 2016-11-07 09:06:34 -08:00
process.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
process_unix.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
process_windows.go Windows: Remove unused commandLine 2017-02-02 11:16:11 -08:00
queue_unix.go Add functional support for Docker sub commands on Solaris 2016-11-07 09:06:34 -08:00
remote.go Add --live-restore flag 2016-06-13 19:16:26 -07:00
remote_unix.go libcontainerd: fix reaper goroutine position 2017-05-27 15:13:59 +02:00
remote_windows.go Add --live-restore flag 2016-06-13 19:16:26 -07:00
types.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
types_linux.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
types_solaris.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
types_windows.go Windows: Remove unused SandboxPath 2017-05-24 13:44:35 -07:00
utils_linux.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
utils_solaris.go Use containerd Status variable when checking container state 2017-05-15 10:53:51 -07:00
utils_windows.go Windows: Support credential specs 2016-10-06 09:32:22 -07:00
utils_windows_test.go Allow windows environment variables to contain = 2016-09-05 08:49:07 +10:00