Re: System hits kern.maxproc, crashes
This is reproducible on demand with:
> for n in $(seq 1 6164) ; do ssh nonexist@10.0.0.1 ; done
Since PasswordAuthentication is disabled, an invalid user means the ssh
client gets disconnected without prompting for a password, repeatedly.
In fewer than 6164 iterations it becomes impossible for anyone to log in.
With this method, only one connection is opened at a time (so the
MaxStartups limit is unrelated to this issue). I had also turned off
the UseDNS option.
My existing ssh session doesn't get killed. I'm still able to spawn one
process at a time (as root) from the shell, but trying to pipe it
through another (like grep) fails with "bash: fork: Resource temporarily
unavailable".
The ~6000 invisible sshd child processes do not exist as /proc/<pid>, or
in the output of 'ps', and 'netstat -an' doesn't show any related
sockets left open.
By accident I noticed that killing off a totally unrelated process
(nginx) cleans up the issue and I can start over again opening another
~6000 connections before it recurs.
I'm a bit confused whether this is something going wrong in the kernel,
in linprocfs and/or eglibc. I doubt sshd could be to blame, and that it
is merely exposing some underlying problem.
This is on the 9.0.1-amd64_9.0-4 kernel, up-to-date Wheezy.
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Reply to: