runc run can hang indefinitely

[teddyking]

We've noticed a condition under which a runc run ... process can hang indefinitely.
This can occur when the runc:[2:INIT] process gets killed for some reason before it is able to open the exec fifo.

This situation can be simulated by adding an os.Exit(1) right before opening the exec fifo here:

runc/libcontainer/standard_init_linux.go

Line 172 in ab4a819

fd, err := unix.Open(fmt.Sprintf("/proc/self/fd/%d", l.fifoFd), unix.O_WRONLY|unix.O_CLOEXEC, 0)

and then running a runc run .... You will see the process hang and a <defunct> init process in the process tree:

root      7509 Sl+  14:38   0:00  | \_ runc run my-container
root      7517 Zs   14:38   0:00  |     \_ [runc:[2:INIT]] <defunct>

This is manifesting as container init still running errors for us on concurrent attempts to create/destroy containers that share a pid ns.

We're looking at how we can work around this but wondered if it might make sense to fix the underlying issue in runc?

One potential solution we've been thinking about involves getting the runc run ... process to wait on the child and then explicitly exit.

The call to wait would need to occur as soon as the child process has been spawned, so probably somewhere after the p.execSetns() call here:

runc/libcontainer/process_linux.go

Lines 300 to 303 in ab4a819

	if err := p.execSetns(); err != nil {
	return newSystemErrorWithCause(err, "running exec setns process for init")
	}

We added the following hack right after the p.execSetns() while testing this out and it seemed to solve the issue:

	go func() {
		p.wait()
		os.Exit(0)
	}()

I'm sure there's probably a neater way of doing this, but it at least demonstrates a possible fix.

[crosbymichael]

Could you show your full diff? We have seen this as well

[teddyking]

Here's the patch to simulate the issue:

diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go
index 8a544ed5..c241dbdc 100644
--- a/libcontainer/standard_init_linux.go
+++ b/libcontainer/standard_init_linux.go
@@ -169,6 +169,7 @@ func (l *linuxStandardInit) Init() error {
        // user process. We open it through /proc/self/fd/$fd, because the fd that
        // was given to us was an O_PATH fd to the fifo itself. Linux allows us to
        // re-open an O_PATH fd through /proc.
+       os.Exit(1)
        fd, err := unix.Open(fmt.Sprintf("/proc/self/fd/%d", l.fifoFd), unix.O_WRONLY|unix.O_CLOEXEC, 0)
        if err != nil {
                return newSystemErrorWithCause(err, "open exec fifo")

And here's the hacky patch that fixes it:

diff --git a/libcontainer/process_linux.go b/libcontainer/process_linux.go
index 58980b05..46cb79f3 100644
--- a/libcontainer/process_linux.go
+++ b/libcontainer/process_linux.go
@@ -301,6 +301,11 @@ func (p *initProcess) start() error {
                return newSystemErrorWithCause(err, "running exec setns process for init")
        }
 
+       go func() {
+               p.wait()
+               os.Exit(0)
+       }()
+
        // Save the standard descriptor names before the container process
        // can potentially move them (e.g., via dup2()).  If we don't do this now,
        // we won't know at checkpoint time which file descriptor to look up.

[crosbymichael]

The process_linux.go code shouldn't exit but just return an error.

The only thing we have to watchout for is that wait is not called twice or else go errors.

[williammartin]

Yeh, avoiding calling wait multiple times ended up being a bit tricky, particularly in the non-detach case where there is a reap loop. Have opened a PR for you to look at which we think resolves this in a sensible manner, but open to other ideas. Hopefully it resolves what you're seeing as well.

Thanks for taking a look.