[Bug 3445] New: ssh -D leaks file descriptors until new connections fail

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Jun 12 07:53:27 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3445

            Bug ID: 3445
           Summary: ssh -D leaks file descriptors until new connections
                    fail
           Product: Portable OpenSSH
           Version: v9.0p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: hlein at korelogic.com

It seems that recent ssh's socks proxy leaks file descriptors / sockets
stuck in FIN_WAIT2 state. I first noticed this with 9.0p1 client
talking to 8.9p1 server, reproduced after upgrading the server to
9.0p1, currently testing client downgraded to 8.9p1 but it looks the
same.

I have an ssh -D listener that is used both by browsers to reach
internal webservers, and by ssh (via ProxyCommand=nc -X ...).

After some time (days?) new SOCKS-proxied TCP connections will start to
fail - the local listener will still respond to a SYN, but never passes
anything through.

Existing proxied connections will still pass traffic.

If the proxying SSH client was not backgrounded, it will start spitting
out:
accept: Too many open files
accept: Too many open files
accept: Too many open files
accept: Too many open files

The client sits at 100% CPU, and when strace'ing it, I see a busy-loop
of poll and getpid. Makes me suspect the changes from select->poll in
~8.9 (https://marc.info/?l=openssh-unix-dev&m=164151015729522&w=4)

The client has accumulated a bunch of file descriptors:
# ls -l /proc/5338/fd/ | wc -l
1025

And a bunch of sockets in FIN_WAIT2:
# netstat -antp | awk '/5338/{print $6}' | sort | uniq -c
      4 ESTABLISHED
   1015 FIN_WAIT2
      2 LISTEN

Meanwhile on the server:
 # netstat -antp | awk '/27472/{print $6}' | sort | uniq -c
   1015 CLOSE_WAIT
      3 ESTABLISHED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list