Red Hat Bugzilla – Bug 491419
leaking file descriptors
Last modified: 2011-01-10 16:24:02 EST
+++ This bug was initially created as a clone of Bug #428837 +++ Description of problem: nscd against an LDAP directory service appears to leak file descriptors like crazy. Eventually, nscd hits the 1024 limit and goes into a loop consuming 100% CPU attempting to reconnect to the LDAP server and getting EMFILE. It appears that the leaking is triggered by having to reconnect to the LDAP server. Test machine marvin has just rebooted. The lsof shows that nscd has no leaked FDs and a TCP connection to the ldap server. My workstation, anduril shows that nscd is using over 1,000 FDs show as: nscd 24468 nscd 1001u sock 0,5 11243699 can't identify protocol and then a TCP connection to the LDAP server. Busted machine, uni01svn's lsof shows lots of the above and the last file descriptor is 1023. Its done, it can't spare an FD to connect to the LDAP server. Version-Release number of selected component (if applicable): nscd-2.3.4-2.41-x86_64 nss_ldap-253-5.el4-x86_64 How reproducible: This seems to build as LDAP reconnections are required.
Created attachment 336123 [details] patch to fix leaking file descriptors This is a very slightly modified patch to apply to RHEL4 nss_ldap tree.
Created attachment 336124 [details] patch to fix leaking file descriptors Never mind, the original patch actually applies cleanly.
Support, Customers, I have uploaded test packages that should fix this issue below. These packages - if the issue reported can be confirmed as resolved - will be included in the upcoming 4.8 release. http://people.redhat.com/cward/4.8/nss_ldap/ The latest 4.8 Beta can be downloaded from RHN @ https://rhn.redhat.com/network/software/download_isos_full.pxt Please test and provide us with feedback ASAP.
I can confirm that the test package fixes the issue for my customer in CRM 1881376. Now the customer is asking about getting some supported hotfix packages! Thanks
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: libnss-ldap does not pay attention to error codes received from LDAP servers. Therefore, if a process (such as nscd) attempted to re-open a connection after an LDAP server closed the connection, nss-ldap would previously leak file descriptors. A long-lived caller process would eventually run out of file descriptors and enter a loop, preventing any further name service activity. Nss-ldap now checks whether a socket has been closed by the LDAP server and avoids leaking file descriptors.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0986.html