Stuck CLOSED sockets / sshd / zombies...
John Baldwin
jhb at freebsd.org
Mon Apr 7 15:57:33 UTC 2014
On Monday, April 07, 2014 7:12:03 am Karl Pielorz wrote:
>
> --On 04 April 2014 16:13 -0400 John Baldwin <jhb at freebsd.org> wrote:
>
> > Ugh, ok. Is this easy to reproduce?
>
> Ok, yes - I can reproduce this now. I scanned the new host I setup with our
> security scanning software.
>
> This generated a number of sshd caught in 'urdlck' - and a large number of
> sockets that end up as 'CLOSE_WAIT' I'm guessing given time these will
> finally move to 'CLOSED' (it was scanned hours ago and there's still 50+ in
> CLOSE_WAIT state).
>
> As I said originally this can't be the only cause - but it is a cause.
>
> So now I can reproduce it - what next?
Ok, do you have a matching /usr/src on the boxes in question? If so, please
do this:
cd /usr/src/lib/libc
make DEBUG_FLAGS=-g all install
cd /usr/src/lib/libthr
make DEBUG_FLAGS=-g all install
cd /usr/src/secure/lib/libssh
make DEBUG_FLAGS=-g all install
cd /usr/src/secure/usr.sbin/sshd
make DEBUG_FLAGS=-g all install
sh /etc/rc.d/sshd restart
Then re-run the scan to get a stuck sshd. Once that happens, please
attach to the top-most stock sshd (the one in "urdlck") with gdb
(gdb /usr/sbin/sshd <pid>) and run 'bt' and reply with the output.
--
John Baldwin
More information about the freebsd-hackers
mailing list