[Bug 3445] New: ssh -D leaks file descriptors until new connections fail
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Jun 12 07:53:27 AEST 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3445
Bug ID: 3445
Summary: ssh -D leaks file descriptors until new connections
fail
Product: Portable OpenSSH
Version: v9.0p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: hlein at korelogic.com
It seems that recent ssh's socks proxy leaks file descriptors / sockets
stuck in FIN_WAIT2 state. I first noticed this with 9.0p1 client
talking to 8.9p1 server, reproduced after upgrading the server to
9.0p1, currently testing client downgraded to 8.9p1 but it looks the
same.
I have an ssh -D listener that is used both by browsers to reach
internal webservers, and by ssh (via ProxyCommand=nc -X ...).
After some time (days?) new SOCKS-proxied TCP connections will start to
fail - the local listener will still respond to a SYN, but never passes
anything through.
Existing proxied connections will still pass traffic.
If the proxying SSH client was not backgrounded, it will start spitting
out:
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files
The client sits at 100% CPU, and when strace'ing it, I see a busy-loop
of poll and getpid. Makes me suspect the changes from select->poll in
~8.9 (https://marc.info/?l=openssh-unix-dev&m=164151015729522&w=4)
The client has accumulated a bunch of file descriptors:
# ls -l /proc/5338/fd/ | wc -l
1025
And a bunch of sockets in FIN_WAIT2:
# netstat -antp | awk '/5338/{print $6}' | sort | uniq -c
4 ESTABLISHED
1015 FIN_WAIT2
2 LISTEN
Meanwhile on the server:
# netstat -antp | awk '/27472/{print $6}' | sort | uniq -c
1015 CLOSE_WAIT
3 ESTABLISHED
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list