From owner-freebsd-stable@FreeBSD.ORG Tue Dec 21 22:44:28 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 484CE16A4CE for ; Tue, 21 Dec 2004 22:44:28 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAC1B43D39 for ; Tue, 21 Dec 2004 22:44:27 +0000 (GMT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.13.1/8.13.1) with ESMTP id iBLMfPDR062076; Tue, 21 Dec 2004 17:41:25 -0500 (EST) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)iBLMfPSR062073; Tue, 21 Dec 2004 22:41:25 GMT (envelope-from robert@fledge.watson.org) Date: Tue, 21 Dec 2004 22:41:25 +0000 (GMT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Tom Dymond In-Reply-To: <51722.83.146.61.204.1102776812.squirrel@j2.kmem.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-stable@freebsd.org Subject: Re: 5.3-R : jail bug ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2004 22:44:28 -0000 On Sat, 11 Dec 2004, Tom Dymond wrote: > I'm having a serious problem with jails on my 5.3-RELEASE machine. When > I stop a jail using '/etc/rc.d jail stop ' the jail stops but > jls still shows it running. > > I have tried fstat, lsof, nothing is running in this jail, yet if there > is a reason why jls says it is running, how can i kill it ? > > I thought it could be related to time but it's been 1 hour now since the > jail has been stopped. Jails are reference counted objects, generally referenced from process credentials. Process credentials are in turn reference counted objects, generally referenced by threads, processes, file descriptors, sockets, network protocol control blocks, mountpoints, and a couple of other misc bits and pieces (such as the accounting code). Jails are garbage collected when the last process credential reference to the jail is released, which generally occurs because the last process credential refering to the jail is also released. A straggling jail is almost always a sign of one of two things: - A long-lived object persisting beyond the death of the last process in a jail. For example, a TCP connection in the TIME_WAIT state. - A credential reference count leak. While the second is not impossible (such as the bug mentioned in the PRs you reference), it's more likely to be the first. Could you check "netstat -na" for references to the jail, especially in TCP connections? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research > > ruby# ps aux | grep J > root 46737 0.0 0.2 1472 808 p3 S+ 12:37PM 0:00.01 grep J > > ruby# killall -j 9 > No matching processes were found > > ruby# lsof | grep jail > ruby# > > ruby# jls > JID IP Address Hostname Path > 9 10.0.0.17 green.vps.kmem.org > /usr/local/jails/green.vps.kmem.org > > > ruby# sysctl -a -o | grep jail > security.jail.set_hostname_allowed: 0 > security.jail.socket_unixiproute_only: 1 > security.jail.sysvipc_allowed: 0 > security.jail.getfsstatroot_only: 1 > security.jail.allow_raw_sockets: 1 > security.jail.list: Format:S Length:1292 > Dump:0x01000000090000002f7573722f6c6f63... > security.jail.jailed: 0 > > ------------------------------------- > > kernel : > ruby# uname -a > FreeBSD ruby.london.kmem.org 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Tue Nov > 16 12:08:02 GMT 2004 > tom@ruby.london.kmem.org:/usr/obj/usr/src/sys/EPIA i386 > > My kernel and world are in sync. > > > I have looked on google and found the Following PR's that describes my > problem but it is said to have been resolved. Guess not for me though :( > > http://www.freebsd.org/cgi/query-pr.cgi?pr=65442 > http://www.freebsd.org/cgi/query-pr.cgi?pr=54163 > > My version of tcp_subr.c: > > ruby# grep "FreeBSD" /sys/netinet/tcp_subr.c > * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.201.2.1.2.1 2004/10/21 > 09:30:47 rwatson Exp $ > > If there is any data/information missing here, please let me know and i > will provide it. > > > Thanks > > Tom > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >