Vengala Vinay

Having 9+ Years of Experience in Software Development

Home » Step-by-Step: Diagnosing memory leaks and socket exhaustion in daemon processes on Google Cloud Servers

Step-by-Step: Diagnosing memory leaks and socket exhaustion in daemon processes on Google Cloud Servers

Initial Triage: Identifying the Symptoms

Daemon processes on Google Cloud Platform (GCP) instances, particularly those running custom applications or long-running services, can exhibit two insidious failure modes: memory leaks and socket exhaustion. Both manifest as gradual performance degradation, unresponsiveness, and eventual process termination or system instability. The first step in diagnosis is to confirm these symptoms are indeed present and to pinpoint the affected process.

On a Linux-based GCP instance (e.g., Debian, Ubuntu, CentOS), the primary tools for this initial assessment are top, htop, and ss. We’ll focus on identifying the process ID (PID) of the suspect daemon.

Diagnosing Memory Leaks

A memory leak occurs when a process continuously allocates memory but fails to release it, leading to an ever-increasing memory footprint. Over time, this can exhaust available RAM, causing the operating system to start swapping heavily or, worse, to kill the process (OOM Killer).

Monitoring Memory Usage

Use top or htop to observe the memory consumption of your daemon. Look for the %MEM and RES (Resident Set Size) columns. If these values consistently climb over time without a corresponding decrease, a leak is probable. Note the PID of the offending process.

Heap Analysis (Application-Specific)

The method for deep memory leak analysis is highly dependent on the programming language and runtime of your daemon. Here are common strategies:

PHP Example: Using Xdebug and a Profiler

For PHP daemons (e.g., using Swoole, ReactPHP, or a custom loop), Xdebug can be invaluable. Ensure Xdebug is installed and configured for profiling. You can then use tools like KCacheGrind or QCacheGrind to visualize the profiling data. Look for functions that are repeatedly called and allocate significant memory, especially if they are not being garbage collected.

Alternatively, for a more direct approach, you can instrument your code to track allocations. This requires modifying the application code, which might not be feasible in all production scenarios without careful testing.

Python Example: objgraph and memory_profiler

Python’s objgraph library is excellent for visualizing object references and detecting cycles that prevent garbage collection. You can also use memory_profiler to track memory usage line by line.

First, install the necessary tools:

sudo apt-get update
sudo apt-get install python3-pip
pip3 install objgraph memory_profiler

Then, in your Python daemon script, you can add checks:

import objgraph
import time
import tracemalloc

# ... your daemon logic ...

def check_memory_leaks(interval=60):
    tracemalloc.start()
    snapshot1 = tracemalloc.take_snapshot()
    last_size = 0
    while True:
        time.sleep(interval)
        snapshot2 = tracemalloc.take_snapshot()
        top_stats = snapshot2.compare_to(snapshot1, 'lineno')

        print(f"[{time.strftime('%Y-%m-%d %H:%M:%S')}] Memory Usage Diff:")
        for stat in top_stats[:5]:
            print(stat)

        current_size, peak_size = tracemalloc.get_traced_memory()
        if current_size > last_size * 1.1: # If memory increased by more than 10%
            print(f"Potential leak detected: Current size {current_size} bytes, Peak size {peak_size} bytes")
            # You could also log this or trigger an alert
            # For deeper inspection, use objgraph:
            # objgraph.show_most_common_types(limit=20)
            # objgraph.show_growth()

        last_size = current_size
        snapshot1 = snapshot2 # Reset for next comparison

# Call this function in your daemon's main loop or at strategic points
# check_memory_leaks()

To use objgraph interactively, attach to a running process (requires root or appropriate permissions) or run it within the script:

# In your script, or in an interactive session after importing objgraph
print("Most common types:")
objgraph.show_most_common_types(limit=20)

print("\nGrowth since last snapshot:")
objgraph.show_growth()

Go Example: pprof

Go’s built-in net/http/pprof package is the standard for profiling. It exposes memory and CPU profiles via an HTTP server. Ensure your daemon exposes this endpoint.

package main

import (
	"log"
	"net/http"
	_ "net/http/pprof" // Import for side effects
	"runtime"
	"time"
)

func main() {
	// Start a goroutine to simulate memory allocation
	go func() {
		var data [][]byte
		for i := 0; ; i++ {
			data = append(data, make([]byte, 1024*1024)) // Allocate 1MB
			if i%100 == 0 {
				log.Printf("Allocated %d MB", i)
				// In a real leak, this memory might not be released
				// For demonstration, we keep it.
			}
			time.Sleep(10 * time.Millisecond)
		}
	}()

	// Expose pprof endpoints on a separate port or path
	go func() {
		log.Println(http.ListenAndServe("localhost:6060", nil))
	}()

	log.Println("Daemon started. Pprof available at http://localhost:6060/debug/pprof/")

	// Keep the main goroutine alive
	select {}
}

Once running, you can fetch the heap profile using go tool pprof:

# On the GCP instance, assuming your daemon is running and listening on localhost:6060
go tool pprof http://localhost:6060/debug/pprof/heap

Inside the pprof interactive shell, use commands like top, list <function_name>, and web (requires graphviz) to analyze the memory allocation hotspots.

Diagnosing Socket Exhaustion

Socket exhaustion occurs when a process opens too many network connections (or file descriptors, which include sockets) and exhausts the system’s limits. This can happen with clients that fail to close connections, servers that don’t properly handle concurrent connections, or bugs leading to resource leaks.

Monitoring Open Sockets and File Descriptors

The ss command is the modern replacement for netstat and is highly efficient for inspecting network sockets. To check the number of open sockets for a specific process:

# Replace <PID> with the actual Process ID
sudo ss -tpn | grep "pid=<PID>" | wc -l

This command lists all TCP (-t) and UDP (-p) sockets, showing the process using them (-p), and their numeric addresses (-n). We then filter by the PID and count the lines.

To check all file descriptors for a process (which includes sockets, files, pipes, etc.):

# Replace <PID> with the actual Process ID
ls -l /proc/<PID>/fd | wc -l

If the count is consistently high and approaching system limits (e.g., ulimit -n), socket exhaustion is likely.

Analyzing Socket States

Use ss to examine the states of the open sockets. Look for an unusually high number of sockets in states like TIME_WAIT, CLOSE_WAIT, or ESTABLISHED.

# For a specific PID, showing TCP sockets and their states
sudo ss -tpn state established pid <PID>
sudo ss -tpn state time-wait pid <PID>
sudo ss -tpn state close-wait pid <PID>

A large number of CLOSE_WAIT sockets often indicates that the application is not properly closing its end of the connection after the remote peer has closed its end. A large number of TIME_WAIT sockets can indicate rapid connection establishment and teardown, or issues with TCP keepalives.

Application-Level Debugging

Again, the specific debugging approach depends on your application’s language and framework.

PHP Example: Connection Pooling and Error Handling

In PHP applications, especially those using persistent connections (e.g., with MySQL) or managing external API calls, ensure that connections are explicitly closed when no longer needed. For long-running daemons, consider implementing connection pooling or periodic connection health checks.

// Example for MySQLi - ensure connection is closed
$mysqli = new mysqli("host", "user", "password", "db");

if ($mysqli->connect_error) {
    die("Connection failed: " . $mysqli->connect_error);
}

// ... perform database operations ...

// Explicitly close the connection when done
$mysqli->close();
// If this is in a loop, ensure it's closed before the next iteration if not using persistent connections.

// For external HTTP requests (e.g., Guzzle)
$client = new \GuzzleHttp\Client();
try {
    $response = $client->request('GET', 'http://example.com');
    // Process response
} catch (\GuzzleHttp\Exception\RequestException $e) {
    // Log error, but ensure client resources are managed if applicable
    // Guzzle generally manages its own connection pooling and closing.
    // If using lower-level cURL, ensure curl_close() is called.
}

Python Example: Context Managers and try...finally

Python’s context managers (with statement) are ideal for ensuring resources like sockets are properly closed. If not using context managers, a try...finally block is essential.

import socket
import requests

# Example with sockets
sock = None
try:
    sock = socket.create_connection(('example.com', 80), timeout=5)
    sock.sendall(b'GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n')
    response = sock.recv(4096)
    # Process response
finally:
    if sock:
        sock.close() # Ensure socket is closed

# Example with requests library (handles connection management well)
try:
    response = requests.get('http://example.com', timeout=5)
    response.raise_for_status() # Raise an exception for bad status codes
    # Process response
except requests.exceptions.RequestException as e:
    print(f"An error occurred: {e}")
    # Requests typically handles connection closing automatically on scope exit or error.

Node.js Example: Event Emitters and Streams

In Node.js, managing asynchronous operations and their associated resources (like network sockets) is critical. Ensure you handle ‘close’ and ‘error’ events correctly for streams and network connections.

const http = require('http');

const server = http.createServer((req, res) => {
  // Example: Making an outgoing request
  const options = {
    hostname: 'example.com',
    port: 80,
    path: '/',
    method: 'GET',
    headers: {
      'Connection': 'close' // Explicitly request closing the connection
    }
  };

  const reqOut = http.request(options, (resOut) => {
    let data = '';
    resOut.on('data', (chunk) => { data += chunk; });
    resOut.on('end', () => {
      res.writeHead(200, {'Content-Type': 'text/plain'});
      res.end('Data from example.com: ' + data.substring(0, 100));
    });
  });

  reqOut.on('error', (e) => {
    console.error(`problem with request: ${e.message}`);
    res.writeHead(500);
    res.end('Internal Server Error');
  });

  // Ensure the request is ended to send it
  reqOut.end();
});

server.on('error', (e) => {
  if (e.code === 'EADDRINUSE') {
    console.error('Port already in use');
  } else {
    console.error('Server error:', e);
  }
});

const PORT = 3000;
server.listen(PORT, () => {
  console.log(`Server listening on port ${PORT}`);
});

// For long-running daemons, ensure proper shutdown handling
process.on('SIGTERM', () => {
  console.log('SIGTERM signal received: closing HTTP server');
  server.close(() => {
    console.log('HTTP server closed');
    process.exit(0);
  });
});

System-Level Configuration Tuning

If your application is fundamentally sound but experiences issues under heavy load, you might need to tune the operating system’s network stack and resource limits. These changes are typically made in /etc/sysctl.conf and /etc/security/limits.conf.

Network Stack Tuning (sysctl.conf)

Edit /etc/sysctl.conf (or a file in /etc/sysctl.d/) to adjust kernel parameters. Apply changes with sudo sysctl -p.

# Increase the maximum number of sockets that can be in TIME_WAIT state
net.ipv4.tcp_max_tw_buckets = 180000

# Reduce the TIME_WAIT timeout (use with caution, may affect legitimate connections)
# net.ipv4.tcp_fin_timeout = 30

# Increase the backlog queue size for listening sockets
net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 2048

# Enable faster reuse of TIME_WAIT sockets
net.ipv4.tcp_tw_reuse = 1

# Enable recycling of sockets in TIME_WAIT state (use with caution)
# net.ipv4.tcp_fin_timeout = 30 # Already mentioned, but relevant for recycling

# Increase the maximum number of file handles the kernel can allocate
fs.file-max = 2097152

# Increase the maximum number of open file handles per process (see limits.conf below)

Apply the changes:

sudo sysctl -p

Process Resource Limits (limits.conf)

Edit /etc/security/limits.conf to set resource limits for users or groups. These limits apply to processes started by users logged in via SSH or other means. For systemd services, limits are often configured within the service unit file.

# Example for a user running the daemon (e.g., 'myuser')
myuser soft nofile 65536
myuser hard nofile 1048576

# Example for all users (less recommended for specific daemons)
# * soft nofile 65536
# * hard nofile 1048576

# For systemd services, edit the service file (e.g., /etc/systemd/system/mydaemon.service)
# Add or modify the following lines in the [Service] section:
# LimitNOFILE=65536
# LimitNOFILESoft=65536
# Then reload systemd: sudo systemctl daemon-reload

After modifying limits.conf, users need to log out and log back in for the changes to take effect. For systemd services, a systemctl daemon-reload and restart of the service is required.

Conclusion and Best Practices

Diagnosing memory leaks and socket exhaustion requires a multi-faceted approach, combining system-level monitoring with application-specific analysis. Proactive measures are key: implement robust error handling, ensure resource cleanup (especially network connections), use connection pooling where appropriate, and consider application performance monitoring (APM) tools for continuous insight. Regularly review system logs and metrics for early warning signs.