Bug#401758: leaks file descriptors (connections to the LDAP server)

John Morrissey Tue, 05 Dec 2006 10:28:15 -0800

Package: libnss-ldap
Version: 251-7
Severity: important

libnss-ldap seems to be leaking connections to the LDAP server on several of
our machines that run testing. After a few hours/days, nscd(8) will have
several hundred open file descriptors for sockets where lsof(8) "can't
identify protocol" (the output is below).


According to netstat(8), the machines only have a handful of connections
open to the LDAP server, so I suspect the leaked descriptors are LDAP
connections that were closed (probably timed out by the LDAP server, which
has an idle connection timeout) and not reaped by libnss-ldap or nscd.

Eventually, nscd hits its per-process file descriptor limit and can't look
users up. AFAICT, this causes all name service queries to fail.

We have several dozen machines running sarge which don't exhibit this
behavior (nscd has perhaps a dozen file descriptors open, and this number
never increases). This problem occurs both on machines upgraded from sarge
to testing and fresh testing installs.

This seems somewhat similar to #315547, but that reporter is running sarge
(his problem began to exhibit itself after a woody -> sarge upgrade) whereas
ours is with etch.


COMMAND  PID USER   FD   TYPE     DEVICE    SIZE     NODE NAME
nscd    3343 root  cwd    DIR        8,2    1024        2 /
nscd    3343 root  rtd    DIR        8,2    1024        2 /
nscd    3343 root  txt    REG        8,5   87836   264682 /usr/sbin/nscd
nscd    3343 root  mem    REG        0,0                0 [heap] (stat: No such 
file or directory)
nscd    3343 root  mem    REG        8,5  872544   289323 /usr/lib/libdb-4.2.so
nscd    3343 root  mem    REG        8,2   17840   104570 
/lib/tls/libnss_dns-2.3.6.so
nscd    3343 root  mem    REG        8,5   78500   289158 /usr/lib/libz.so.1.2.3
nscd    3343 root  mem    REG        8,5   14504   549768 
/usr/lib/libkrb5support.so.0.0
nscd    3343 root  mem    REG        8,2    5820   104430 /lib/libcom_err.so.2.1
nscd    3343 root  mem    REG        8,5  151252   289355 
/usr/lib/libk5crypto.so.3.0
nscd    3343 root  mem    REG        8,5  508328   289441 
/usr/lib/libkrb5.so.3.2
nscd    3343 root  mem    REG        8,5   11556   289115 
/usr/lib/libgpg-error.so.0.3.0
nscd    3343 root  mem    REG        8,5  327776   289265 
/usr/lib/libgcrypt.so.11.2.2
nscd    3343 root  mem    REG        8,5   73456   289162 
/usr/lib/libtasn1.so.3.0.6
nscd    3343 root  mem    REG        8,5  445816   289192 
/usr/lib/libgnutls.so.13.0.9
nscd    3343 root  mem    REG        8,5   82060   289325 
/usr/lib/libsasl2.so.2.0.19
nscd    3343 root  mem    REG        8,2   21868   104564 
/lib/tls/libcrypt-2.3.6.so
nscd    3343 root  mem    REG        8,2   67364   104576 
/lib/tls/libresolv-2.3.6.so
nscd    3343 root  mem    REG        8,5  111676   289305 
/usr/lib/libgssapi_krb5.so.2.2
nscd    3343 root  mem    REG        8,5   47128   289430 
/usr/lib/liblber.so.2.0.130
nscd    3343 root  mem    REG        8,5  217872   289432 
/usr/lib/libldap_r.so.2.0.130
nscd    3343 root  mem    REG        8,2   76216   104464 
/lib/libnss_ldap-2.3.6.so
nscd    3343 root  mem    REG        8,2   38372   104571 
/lib/tls/libnss_files-2.3.6.so
nscd    3343 root  mem    REG        8,2   34320   104573 
/lib/tls/libnss_nis-2.3.6.so
nscd    3343 root  mem    REG        8,2   30428   104569 
/lib/tls/libnss_compat-2.3.6.so
nscd    3343 root  mem    REG        8,5   17896   346574 
/usr/lib/sasl2/libsasldb.so.2.0.19
nscd    3343 root  mem    REG        8,8  244020  2342917 /var/db/nscd/hosts
nscd    3343 root  mem    REG        8,8  217016  2342916 /var/db/nscd/group
nscd    3343 root  mem    REG        8,8  217016  2342915 /var/db/nscd/passwd
nscd    3343 root  mem    REG        8,2 1241580   104562 /lib/tls/libc-2.3.6.so
nscd    3343 root  mem    REG        8,2   76548   104568 
/lib/tls/libnsl-2.3.6.so
nscd    3343 root  mem    REG        8,2   85010   104559 
/lib/tls/libpthread-2.3.6.so
nscd    3343 root  mem    REG        8,2   26516   104577 
/lib/tls/librt-2.3.6.so
nscd    3343 root  mem    REG        8,2    9592   104565 
/lib/tls/libdl-2.3.6.so
nscd    3343 root  mem    REG        8,2   88164   104468 /lib/ld-2.3.6.so
nscd    3343 root    0u   CHR        1,3             1344 /dev/null
nscd    3343 root    1u   CHR        1,3             1344 /dev/null
nscd    3343 root    2u   CHR        1,3             1344 /dev/null
nscd    3343 root    3u   REG        8,8  217016  2342915 /var/db/nscd/passwd
nscd    3343 root    4r   REG        8,8  217016  2342915 /var/db/nscd/passwd
nscd    3343 root    5u   REG        8,8  217016  2342916 /var/db/nscd/group
nscd    3343 root    6r   REG        8,8  217016  2342916 /var/db/nscd/group
nscd    3343 root    7u   REG        8,8  244020  2342917 /var/db/nscd/hosts
nscd    3343 root    8r   REG        8,8  244020  2342917 /var/db/nscd/hosts
nscd    3343 root    9u  unix 0xf6f24880             8430 /var/run/nscd/socket
nscd    3343 root   10r  0000       0,10       0     8432 eventpoll
nscd    3343 root   11u  sock        0,5           421490 can't identify 
protocol
nscd    3343 root   12u  sock        0,5             9952 can't identify 
protocol
nscd    3343 root   13u  sock        0,5            46697 can't identify 
protocol
nscd    3343 root   14u  sock        0,5            82186 can't identify 
protocol
nscd    3343 root   15u  sock        0,5           113378 can't identify 
protocol
nscd    3343 root   16u  sock        0,5           151085 can't identify 
protocol
nscd    3343 root   17u  sock        0,5           187138 can't identify 
protocol
[snip]
nscd    3343 root  590u  sock        0,5         10462156 can't identify 
protocol
nscd    3343 root  591u  sock        0,5         10487376 can't identify 
protocol
nscd    3343 root  592u  sock        0,5         10559978 can't identify 
protocol
nscd    3343 root  593u  sock        0,5         10574638 can't identify 
protocol
nscd    3343 root  594u  sock        0,5         10599296 can't identify 
protocol
nscd    3343 root  595u  sock        0,5         10622278 can't identify 
protocol
nscd    3343 root  596u  sock        0,5         10764311 can't identify 
protocol
nscd    3343 root  597u  sock        0,5         10664079 can't identify 
protocol
nscd    3343 root  598u  sock        0,5         10690861 can't identify 
protocol
nscd    3343 root  599u  sock        0,5         10719112 can't identify 
protocol
nscd    3343 root  600u  sock        0,5         10743831 can't identify 
protocol

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-10-xeon
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libnss-ldap depends on:
ii  debconf [debconf-2.0]       1.5.8        Debian configuration management sy
ii  libc6                       2.3.6.ds1-8  GNU C Library: Shared libraries
ii  libkrb53                    1.4.4-4      MIT Kerberos runtime libraries
ii  libldap2                    2.1.30-13+b1 OpenLDAP libraries

Versions of packages libnss-ldap recommends:
ii  libpam-ldap                  180-1.4     Pluggable Authentication Module al
ii  nscd                         2.3.6.ds1-8 GNU C Library: Name Service Cache 

-- debconf information:
* libnss-ldap/dblogin: true
* libnss-ldap/override: true
* shared/ldapns/base-dn: ou=shells,o=example
* shared/ldapns/ldap-server: 1.2.3.4 5.6.7.8
* libnss-ldap/confperm: false
* libnss-ldap/rootbinddn: cn=nsspluspasswd,o=example
* shared/ldapns/ldap_version: 3
* libnss-ldap/binddn: cn=nss,o=example
* libnss-ldap/nsswitch:
* libnss-ldap/dbrootlogin: true


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#401758: leaks file descriptors (connections to the LDAP server)

Reply via email to