Description

Containerd leaks file descriptors (specifically pidfds) when creating containers with user namespaces enabled. Each container launched with user namespaces enabled results in one pidfd that is never closed, accumulating file descriptors over time.

Steps to reproduce the issue

1. Enable user namespaces for containers (e.g., in Kubernetes, set hostUsers: false on pods)
2. Launch a container that uses user namespaces
3. Check the pidfd count for the containerd process:

   sudo ls -la /proc/$(pgrep -f 'containerd')/fd | grep -c pidfd

4. Launch another container with user namespaces
5. Recheck the pidfd count - it will have increased, and the old pidfds remain open

Describe the results you received and expected

Results Received:

• pidfd file descriptors accumulate over time, never being closed
• Each container launch with user namespaces leaks exactly one pidfd
• In production environments with high container churn, this exhausts the system's file descriptor limit
• At Netflix, we observed containerd's open FDs continuously incrementing over time

Expected Results:

• pidfd file descriptors should be properly closed after the child process exits
• No file descriptor leaks should occur
• The number of open pidfds should remain stable as containers are created and destroyed

What version of containerd are you using?

containerd github.com/containerd/containerd/v2 2.0.5

Any other relevant information

runc version:

runc version 1.2.6

Operating system version:

Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

Show configuration if it is related to CRI plugin.

No response