From owner-freebsd-current@FreeBSD.ORG  Sun Feb 15 08:37:44 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8032216A4CE
	for <current@freebsd.org>; Sun, 15 Feb 2004 08:37:44 -0800 (PST)
Received: from relay.macomnet.ru (relay.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D96C843D1D
	for <current@freebsd.org>; Sun, 15 Feb 2004 08:37:43 -0800 (PST)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (7gonbrkk@news1.macomnet.ru [195.128.64.14])
	by relay.macomnet.ru (8.12.10/8.12.10) with ESMTP id i1FGbgo26223167;
	Sun, 15 Feb 2004 19:37:42 +0300 (MSK)
Date: Sun, 15 Feb 2004 19:37:42 +0300 (MSK)
From: Maxim Konovalov <maxim@macomnet.ru>
To: Melvyn Sopacua <freebsd-current@webteckies.org>
In-Reply-To: <200402151714.26631.freebsd-current@webteckies.org>
Message-ID: <20040215191756.P49729@news1.macomnet.ru>
References: <200402151714.26631.freebsd-current@webteckies.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: current@freebsd.org
Subject: Re: Jails that keep hanging around
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Feb 2004 16:37:44 -0000

Hello,

On Sun, 15 Feb 2004, 17:14+0100, Melvyn Sopacua wrote:

> Hi,
>
> I have yet to figure out what triggers the bug, but I end up with 'running'
> jails, without any processes. So I thought I'd create 'jld' to remove a jail.
> However - prison_find isn't exported to userland. Probably for good reason.
>
> Should I worry about these jails or is it harmless:
[...]

Yes, it is a known bug, see kern/54163 for example.  It seems we are
leaking ucred reference somewhere.  TIME_WAIT handling is involved
too.  You can reproduce it easily:

1/ Start a jail:

# jail / j 127.0.0.1 /usr/local/bin/nc -p 1973 -l 127.0.0.1

2/ Telnet to it:

# telnet 127.0.0.1 1973

3/ Kill the jail:

# killall nc

4/ Watch a leak:

# jls
...

or

# sysctl -o security.jail.list
...

I were trying to fix this for a long time but no success.

-- 
Maxim Konovalov