2002434 – CRI-O leaks some children PIDs

Bug 2002434 - CRI-O leaks some children PIDs

Summary: CRI-O leaks some children PIDs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Node
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Peter Hunt
QA Contact:	Sunil Choudhary
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2003197
TreeView+	depends on / blocked

Reported:	2021-09-08 19:47 UTC by Peter Hunt
Modified:	2022-03-10 16:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2003197 (view as bug list)
Environment:
Last Closed:	2022-03-10 16:08:57 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	cri-o cri-o pull 5283	None	None	None	2021-09-10 13:29:28 UTC
Github	cri-o cri-o pull 5306	None	Merged	server: do not wait forever on conmon cgroup move fail	2021-09-14 20:05:36 UTC
Red Hat Product Errata	RHSA-2022:0056	None	None	None	2022-03-10 16:09:24 UTC

Description Peter Hunt 2021-09-08 19:47:10 UTC

Description of problem:
Occasionally, CRI-O may leak a child pid of a process it creates. These situations are weird and tough to reproduce. The most common one is if systemd fails to move conmon to the conmon cgroup for some reason. 

I don't have a great reproducer, but this is related to https://bugzilla.redhat.com/show_bug.cgi?id=1994444 (though branched away to allow for other bugs to be investigated there).

Version-Release number of selected component (if applicable):
All released CRI-O versions

Comment 1 Peter Hunt 2021-09-10 13:29:31 UTC

PR merged

Comment 3 Peter Hunt 2021-09-14 16:55:32 UTC

we need a variation of https://github.com/cri-o/cri-o/pull/5306 first

Comment 5 Peter Hunt 2021-09-14 20:05:43 UTC

PR merged

Comment 7 Sunil Choudhary 2021-10-27 11:04:42 UTC

I see this is tough to reproduce. Verifying it based on sanity checks on 4.10.0-0.nightly-2021-10-25-190146

Comment 10 errata-xmlrpc 2022-03-10 16:08:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.