Is there a way, preferably simple, how to inspect content of SLAB caches, especially dentry cache? I can imagine that this can be doable through kernel modules, but I highly doubt security would let me install custom-built kernel module to production system.
I'm 99% sure we're impacted by NSS dentry leak, but want to see cached entries to be 100% sure.
rhel, 2.6.32 nss-softokn-3.14.3-23.3.0.1.el6_8.x86_64
Thanks!
Server Fault has covered this before: Unusually high dentry cache usage which resulted in RHEL bug 1044666, Can curl HTTPS requests make fewer access system calls?
Examining cache contents is not required. From the bug report, this is not a small amount objects in the cache, they got millions of them with just a few curl executions. Further, you can see it access files by tracing processes using NSS, looking at calls to access(). There should be a high volume of access to files that do not exist.
Set environment variable NSS_SDB_USE_CACHE and retest. This env var needs to be set to "yes" or "no" to bypass file system speed tests, apparently. Excessive access to non-existent files should cease, and slab consumption stabilize.
In general, slab should not grow without bound.
Monitor this over time. For example, netdata collects slab by default. (Although, export it to a time series database with more retention to see trends over days and weeks.)
