rpcbind sockets remain ESTABLISHED indefinitely after port vulnerability scan.

Solution Verified - Updated -


  • Red Hat Enterprise Linux 8
  • RHEL as NFS client


  • rpcbind out of file descriptors due to not closing dead connections
  • rpcbind server running on RHEL8 does not close the stale/idle nfs client connections even after the client closing from it's side.


  • This issue was tracked as Red Hat Bugzilla 1940341 and fixed in version libtirpc-1.1.4-6.el8

Root Cause

  • Currently an idle TCP connection can remain ESTABLISHED indefinitely. When the number of fd's for the connections exceeds 'ulimit -n' then accept(2) fails with EMFILE causing rpcbind to get in a tight loop calling accept(2). The result is rpcbind process consumes 100 % CPU and high number of CPU time and basically rpcbind service is down; rpcinfo hangs, can't mount any exports from server using NFSv3.
diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c
index 1743dadf5db7..ac258769b4fe 100644
--- a/src/rpcb_svc_com.c
+++ b/src/rpcb_svc_com.c
@@ -1048,10 +1048,13 @@ netbuffree(struct netbuf *ap)

+extern bool_t __svc_destroy_idle(fd_set *, int, bool_t);
    int poll_ret, check_ret;
+   fd_set cleanfds;

    for (;;) {
            struct pollfd my_pollfd[svc_max_pollfd];
@@ -1076,6 +1079,8 @@ my_svc_run()
             * other outside event) and not caused by poll().
        case 0:
+           cleanfds = svc_fdset;
+           __svc_destroy_idle(&cleanfds, 30, FALSE);


This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.