diff --git a/libpod/oci_conmon_common.go b/libpod/oci_conmon_common.go index b2414dd6ea..dc370928fa 100644 --- a/libpod/oci_conmon_common.go +++ b/libpod/oci_conmon_common.go @@ -429,15 +429,20 @@ func (r *ConmonOCIRuntime) StopContainer(ctr *Container, timeout uint, all bool) } if err := r.KillContainer(ctr, uint(unix.SIGKILL), all); err != nil { - // If the PID is 0, then the container is already stopped. - if ctr.state.PID == 0 { - return nil - } - // Again, check if the container is gone. If it is, exit cleanly. - if aliveErr := unix.Kill(ctr.state.PID, 0); errors.Is(aliveErr, unix.ESRCH) { - return nil + // Ignore the error if KillContainer complains about it already + // being stopped or exited. There's an inherent race with the + // cleanup process (see #16142). + if !(errors.Is(err, define.ErrCtrStateInvalid) && ctr.ensureState(define.ContainerStateStopped, define.ContainerStateExited)) { + // If the PID is 0, then the container is already stopped. + if ctr.state.PID == 0 { + return nil + } + // Again, check if the container is gone. If it is, exit cleanly. + if aliveErr := unix.Kill(ctr.state.PID, 0); errors.Is(aliveErr, unix.ESRCH) { + return nil + } + return fmt.Errorf("sending SIGKILL to container %s: %w", ctr.ID(), err) } - return fmt.Errorf("sending SIGKILL to container %s: %w", ctr.ID(), err) } // Give runtime a few seconds to make it happen diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 4d13d7ffb1..15efdf07be 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -608,6 +608,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai // be removed also if and only if the container is the sole user // Otherwise, RemoveContainer will return an error if the container is running func (r *Runtime) RemoveContainer(ctx context.Context, c *Container, force bool, removeVolume bool, timeout *uint) error { + // NOTE: container will be locked down the road. return r.removeContainer(ctx, c, force, removeVolume, false, false, timeout) }