OCPBUGS-76451: fix: prevent panic on closed stopTimeoutChan in StopContainer

[sabujmaity]

/kind bug

What this PR does / why we need it:

There is a race condition in the container stop path. When a second StopContainer call
comes in after the first one has already finished (i.e. SetAsDoneStopping has
run), WaitOnStopTimeout still gets called. At that point stopTimeoutChan
is already closed, so we panic.

The sequence is:

1. First StopContainer -> starts the stop loop, waits via WaitOnStopTimeout
2. Stop loop finishes -> SetAsDoneStopping closes stopTimeoutChan and watchers
3. Second StopContainer -> SetAsStopping returns false (already stopping),
   falls through to WaitOnStopTimeout which tries to use the closed channel

This adds a stopDone bool (guarded by the existing stopLock) that gets set
in SetAsDoneStopping. WaitOnStopTimeout checks it and returns early if
the stop lifecycle is already done.

Which issue(s) this PR fixes:

Addresses: OCPBUGS-76451

Special notes for your reviewer:

The change is small : one new bool field, one assignment, one extra condition
check. All under the existing stopLock so no new synchronization concerns.

Added a unit test that exercises the exact crash sequence:
SetAsStopping -> SetAsDoneStopping -> WaitOnStopTimeout and confirms it
doesn't panic.

Does this PR introduce a user-facing change?

Fixed a panic when concurrent StopContainer calls race against the stop lifecycle completing.

Summary by CodeRabbit

• Bug Fixes

  • Prevented rare panics during container shutdown by improving coordination between stop and timeout handling, making shutdown sequences more reliable and resilient.

• Tests

  • Added regression tests to ensure stop/wait operations do not panic when invoked after shutdown completion, reducing regressions and increasing stability.

[openshift-ci]

Hi @sabujmaity. Thanks for your PR.

I'm waiting for a cri-o member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

Added a stopDone boolean to Container and adjusted stop coordination so WaitOnStopTimeout returns early if not stopping or stopDone is true. SetAsDoneStopping now sets stopDone = true before notifying/closing watchers. Added a test to ensure no panic when waiting after done-stopping.

Changes

Cohort / File(s)	Summary
Stop/Wait Coordination Logic internal/oci/container.go	Added stopDone bool to Container. WaitOnStopTimeout now early-returns when not stopping or stopDone is true. SetAsDoneStopping sets stopDone = true before closing stop watchers and clearing timeout channel.
Synchronization Test Coverage internal/oci/container_test.go	Added regression test ensuring WaitOnStopTimeout does not panic when called after SetAsDoneStopping; adjusted related test to validate watcher/channel clearing and subsequent panic behavior on second call.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• mrunalp
• littlejawa
• QiWang19

Poem

🐰 I set a flag and hopped aside,
The watchers closed; no panic cried.
Waiters call when work is done,
Threads settle under the sun.
🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title directly describes the main fix: preventing a panic on the closed stopTimeoutChan channel in StopContainer, which is the core issue addressed in this PR.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[bitoku]

lgtm, let's make it ready for review so that we can run the tests

First I thought we can put WaitOnStopTimeout in if c.SetAsStopping(), but it's not that simple because the subsequent StopContainer calls can't wait.

[bitoku]

I want more explanation here, about why we want to check this, otherwise developers in the future may have trouble understanding why we check this.

[bitoku]

@sabujmaity

[sabujmaity]

@bitoku I have put up the explanation !

[bitoku]

How about this

// Regression test for a race between concurrent StopContainer calls.
// When a second StopContainer arrives after the first has already
// completed (SetAsDoneStopping closed stopTimeoutChan),
// WaitOnStopTimeout used to panic on the closed channel.
// The stopDone guard ensures it returns early instead.

[sabujmaity]

Sure thing. This is a better explanation ! Thanks for the suggestions.

[bitoku]

/ok-to-test

[sabujmaity]

/retest-required

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.64%. Comparing base (7421a8e) to head (d51616f).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9799      +/-   ##
==========================================
+ Coverage   67.45%   67.64%   +0.19%     
==========================================
  Files         210      212       +2     
  Lines       29123    29237     +114     
==========================================
+ Hits        19644    19777     +133     
+ Misses       7790     7774      -16     
+ Partials     1689     1686       -3     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[sabujmaity]

/retest

[coderabbitai]

🧹 Nitpick comments (1)

internal/oci/container.go (1)

72-74: Consider adding a comment explaining the purpose of stopDone.

Other stop-related fields like stopTimeoutChan have comments explaining their role. A brief comment here would clarify why this flag exists (to guard against the race condition when WaitOnStopTimeout is called after SetAsDoneStopping has already closed the channel).

💡 Suggested comment

 	stopping           bool
+	// stopDone guards WaitOnStopTimeout from using stopTimeoutChan after
+	// SetAsDoneStopping has closed it, preventing a panic on concurrent
+	// StopContainer calls that race against the stop lifecycle completing.
 	stopDone           bool
 	stopLock           sync.Mutex

As per coding guidelines: "Add comments explaining 'why' not 'what' in Go code".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/oci/container.go` around lines 72 - 74, Add a brief Go comment above
the stopDone field explaining why it exists (not what it is): state that
stopDone is a boolean used to indicate the stop completion to avoid a race where
WaitOnStopTimeout may be invoked after SetAsDoneStopping has already closed
stopTimeoutChan; mention it is checked/guarded under stopLock to prevent
double-close/race conditions with stopTimeoutChan and other stop-related logic
(references: stopDone, stopLock, stopTimeoutChan, WaitOnStopTimeout,
SetAsDoneStopping).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@internal/oci/container.go`:
- Around line 72-74: Add a brief Go comment above the stopDone field explaining
why it exists (not what it is): state that stopDone is a boolean used to
indicate the stop completion to avoid a race where WaitOnStopTimeout may be
invoked after SetAsDoneStopping has already closed stopTimeoutChan; mention it
is checked/guarded under stopLock to prevent double-close/race conditions with
stopTimeoutChan and other stop-related logic (references: stopDone, stopLock,
stopTimeoutChan, WaitOnStopTimeout, SetAsDoneStopping).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b94841fd-8b3b-405e-a64e-e97891214235

📥 Commits

Reviewing files that changed from the base of the PR and between 142482e and d51616f.

📒 Files selected for processing (2)

• internal/oci/container.go
• internal/oci/container_test.go

[bitoku]

/lgtm if the tests pass

[bitoku]

/lgtm

[bitoku]

@cri-o/cri-o-maintainers PTAL

[openshift-ci-robot]

@sabujmaity: This pull request references Jira Issue OCPBUGS-76451, which is invalid:

• expected the bug to target the "4.22.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

/kind bug

What this PR does / why we need it:

There is a race condition in the container stop path. When a second StopContainer call
comes in after the first one has already finished (i.e. SetAsDoneStopping has
run), WaitOnStopTimeout still gets called. At that point stopTimeoutChan
is already closed, so we panic.

The sequence is:

1. First StopContainer -> starts the stop loop, waits via WaitOnStopTimeout
2. Stop loop finishes -> SetAsDoneStopping closes stopTimeoutChan and watchers
3. Second StopContainer -> SetAsStopping returns false (already stopping),
   falls through to WaitOnStopTimeout which tries to use the closed channel

This adds a stopDone bool (guarded by the existing stopLock) that gets set
in SetAsDoneStopping. WaitOnStopTimeout checks it and returns early if
the stop lifecycle is already done.

Which issue(s) this PR fixes:

Addresses: OCPBUGS-76451

Special notes for your reviewer:

The change is small : one new bool field, one assignment, one extra condition
check. All under the existing stopLock so no new synchronization concerns.

Added a unit test that exercises the exact crash sequence:
SetAsStopping -> SetAsDoneStopping -> WaitOnStopTimeout and confirms it
doesn't panic.

Does this PR introduce a user-facing change?

Fixed a panic when concurrent StopContainer calls race against the stop lifecycle completing.

Summary by CodeRabbit

• Bug Fixes

• Prevented rare panics during container shutdown by improving coordination between stop and timeout handling, making shutdown sequences more reliable and resilient.

• Tests

• Added regression tests to ensure stop/wait operations do not panic when invoked after shutdown completion, reducing regressions and increasing stability.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bitoku]

/jira refresh

[openshift-ci-robot]

@bitoku: This pull request references Jira Issue OCPBUGS-76451, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lyman9966

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@openshift-ci-robot: GitHub didn't allow me to request PR reviews from the following users: lyman9966.

Note that only cri-o members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

@bitoku: This pull request references Jira Issue OCPBUGS-76451, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @lyman9966

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sabujmaity, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@sabujmaity: Jira Issue OCPBUGS-76451: All pull requests linked via external trackers have merged:

• cri-o/cri-o#9799

Jira Issue OCPBUGS-76451 has been moved to the MODIFIED state.

Details

In response to this:

/kind bug

What this PR does / why we need it:

There is a race condition in the container stop path. When a second StopContainer call
comes in after the first one has already finished (i.e. SetAsDoneStopping has
run), WaitOnStopTimeout still gets called. At that point stopTimeoutChan
is already closed, so we panic.

The sequence is:

1. First StopContainer -> starts the stop loop, waits via WaitOnStopTimeout
2. Stop loop finishes -> SetAsDoneStopping closes stopTimeoutChan and watchers
3. Second StopContainer -> SetAsStopping returns false (already stopping),
   falls through to WaitOnStopTimeout which tries to use the closed channel

This adds a stopDone bool (guarded by the existing stopLock) that gets set
in SetAsDoneStopping. WaitOnStopTimeout checks it and returns early if
the stop lifecycle is already done.

Which issue(s) this PR fixes:

Addresses: OCPBUGS-76451

Special notes for your reviewer:

The change is small : one new bool field, one assignment, one extra condition
check. All under the existing stopLock so no new synchronization concerns.

Added a unit test that exercises the exact crash sequence:
SetAsStopping -> SetAsDoneStopping -> WaitOnStopTimeout and confirms it
doesn't panic.

Does this PR introduce a user-facing change?

Fixed a panic when concurrent StopContainer calls race against the stop lifecycle completing.

Summary by CodeRabbit

• Bug Fixes

• Prevented rare panics during container shutdown by improving coordination between stop and timeout handling, making shutdown sequences more reliable and resilient.

• Tests

• Added regression tests to ensure stop/wait operations do not panic when invoked after shutdown completion, reducing regressions and increasing stability.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bitoku]

/cherry-pick release-1.35

[openshift-cherrypick-robot]

@bitoku: new pull request created: #9814

Details

In response to this:

/cherry-pick release-1.35

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.