Date: Mon, 7 Apr 2014 11:48:10 -0400 From: John Baldwin <jhb@freebsd.org> To: Karl Pielorz <kpielorz_lst@tdx.co.uk> Cc: freebsd-hackers@freebsd.org Subject: Re: Stuck CLOSED sockets / sshd / zombies... Message-ID: <201404071148.10157.jhb@freebsd.org> In-Reply-To: <2C5B099DE2229F0E8D82D8C8@Mail-PC.tdx.co.uk> References: <3FE645E9723756F22EF901AE@Mail-PC.tdx.co.uk> <201404041613.09808.jhb@freebsd.org> <2C5B099DE2229F0E8D82D8C8@Mail-PC.tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, April 07, 2014 7:12:03 am Karl Pielorz wrote: > > --On 04 April 2014 16:13 -0400 John Baldwin <jhb@freebsd.org> wrote: > > > Ugh, ok. Is this easy to reproduce? > > Ok, yes - I can reproduce this now. I scanned the new host I setup with our > security scanning software. > > This generated a number of sshd caught in 'urdlck' - and a large number of > sockets that end up as 'CLOSE_WAIT' I'm guessing given time these will > finally move to 'CLOSED' (it was scanned hours ago and there's still 50+ in > CLOSE_WAIT state). > > As I said originally this can't be the only cause - but it is a cause. > > So now I can reproduce it - what next? Ok, do you have a matching /usr/src on the boxes in question? If so, please do this: cd /usr/src/lib/libc make DEBUG_FLAGS=-g all install cd /usr/src/lib/libthr make DEBUG_FLAGS=-g all install cd /usr/src/secure/lib/libssh make DEBUG_FLAGS=-g all install cd /usr/src/secure/usr.sbin/sshd make DEBUG_FLAGS=-g all install sh /etc/rc.d/sshd restart Then re-run the scan to get a stuck sshd. Once that happens, please attach to the top-most stock sshd (the one in "urdlck") with gdb (gdb /usr/sbin/sshd <pid>) and run 'bt' and reply with the output. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404071148.10157.jhb>