Weighing in here: One of July's most informative videos on the entire KZbin platform. it's a pity that Dave doesn't have more followers, his work is really good.

We had a guy back in college (in the 80s) accidentally code a fork bomb in C. His was due to lack of error checking. He had a loop that was supposed to wait for a message, fork and have the child process exec another program passing it that message. What he failed to do was 1. check for an error condition on the exec causing the child process to loop back instead of exiting with the other process. It tried to call another program that he hadn't written yet so that failed. and 2) check for an error on the socket receiving the message. Once 2 processes were trying to listen on the socket, one would fail because the socket was in use. But he ignored that and forked anyway. There were a bunch of us in the computer lab trying to pull an all-nighter on a project, but this guy brought down the VAX and nobody had admin rights to fix it so we just all went home.

For extra fun, make the program exit after forking itself and not start a second copy. It won't take down your system, but you'll end up with an "unkillable" task that runs around memory, possibly upsetting the scheduler.

I always love it when you see people talking about issues like this, you always get the people telling you not to make video's about it. But they don't understand that anyone with a little time can find the information on issues like this and how to deploy it. It's just sad that people think that if you don't talk about it people can't figure it out on there own. The more that we talk about issues like this the more our systems can be programed to keep them from being hit by bad actors on the net.

Back when Sun Microsystems made big machines, we had some code that the Sun reps swore would scale but our experience suggested otherwise. It took some work to get a sanitized version of the data to test with (the real data was TS SCI) but we eventually got an unclassified test case. It stalled every machine we tried it on when that machine was running Solaris Trusted Zones, but on the older system running Trusted Solaris it completed just fine, even on really old hardware with little ram and small, slow drives. Eventually someone swore it had to work, we just had not thrown enough hardware at it yet and offered a run on an E15000 (which is essentially an entire data center). At about 20 minutes error messages began to appear and the console began to lag. After 30 minutes it was unresponsive and most of the cores were maxed out. The cores were all swapping memory to disk. At about 8 hours the disk arrays began to fill up. At 12 hours it halted. All disks full, all memory allocated. The same program took about 45 seconds on a Sparc 5! Implementation details matter a lot!

I did something like this back in the early 2000's in programming class in High School. I was bored with the programming assignments, they were very easy, and the teacher told me to write whatever I wanted. I told her to run it on the isolated test machine in the lab. She was impressed but not happy. lol.

Brings back memories. Back in the early ‘70s I wrote a simple CP/M batch file to test disk drive reliability. It copied one entire 8” floppy disk to another, then deleted the original and repeated the process endlessly - or until the computer crashed, which many did. It earned me the nickname Mad Bomber :-)

Watching Dave's videos is like watching your old friend to tell you wonderful stories about his life.

As a kid I didn't have access to any programming language that could compile into a real .exe. So, I experimented if I could just change the extension of a .bat file to .exe and run it. The result - MSDOS 7 would just restart. The first line of the batch file was - @echo off. I then found out that it was enough for a text file to have a @ at the beginning, save it as .exe and it would restart the PC if run from the prompt.

I remember an IBM engineer telling me about this concept in the 90's when I was an admin for their RS6000 platform. I wrote a shell script on one of the test servers that recursively forked copies of itself as background processes. It had the same effect as this, but your version is so much simpler and is more elegant. I love it!

On modern Linux, systemd places each session into a separate cgroup, and the kernel is now pretty good with preventing processes from different cgroups starving each other from resources. However, WSL is not a full modern Linux system based on systemd. It is just the kernel and bash, and none of the other user-level system management glue code (e.g. systemd's out-of-memory kill daemon) that make up bare-metal installed Linux distributions. So there is still a lot of infrastructure missing in WSL2 compared to a native install, and therefore you can't really learn how e.g. Ubuntu 22.04 behaves in such situations from playing with it in WSL2.

Dave, I want to let you know your videos are not only interesting but the part that I love the most is the fact you take the time to explain how things work. It truly sets apart your videos from others, and why things are the way they are. Thanks!

Alt-Sysreq-K to kill everything on the current TTY. As a kernel-level interrupt it *usually* works (unless you have a USB keyboard and the USB system has crashed). If you can invoke loginctl, on an (e)logind system, you can kill the session that way.

Back when I was a student around 2000, I remember writing something similar in a Windows NT command line to see if I could cause a BSOD. Instead, the PC just locked up, requiring forcing power off/on as I couldn't bring up task manager, log out, etc. The batch file is short also, e.g. named "c.bat" containing these 3 lines: :rep start c.bat goto rep This basically launches endless new instances of itself. From Windows XP onwards this just bricks the current user session as it's possible to press ALT+CTRL+DEL and log out, which I remember was not possible in Windows NT.

Ah, it has a name. I accidentally froze my pc twice this way during labs that wanted us to make a recursive program that run recursion using fork.

I remember in college our campus HP-UX machine would go down about once a semester and you’d think, “Guess the OS class is writing their shells this week.”

WOW !!! I am 68 and have been building My own water cooled PC's for many years now. 1982ish I purchased a Commodore 128. 1988 I took a train to NYC and underneath GCS or somewhere, I bought a Amiga 500 with the side adapter that was a one meg HD and space for more sticks of RAM. I have never heard of fork bombs in all this time, and ya learn something new every day. Clear Skies Mike

I recall seeing functionally a similar idea on the Original Star Trek episode “Wolf in the Fold”. Filling the computer's processes and all forms of storage with the digits of Pi, instead of infinite clones, an single program with no known limits on its needs. Different method, yielding a shared result, an over demand for system resources.

What's interesting is that the Windows version of this doesn't have the same impact on Windows 10 Mobile, it still creates many "CMD.exe" processes but the system suspends all the processes after a few seconds. Update: It does cause all running apps to slow down and restart, but doesn't crash the system straight away, it takes a very long time for it to cause enough processes to halt everything

FWIW, ulimit doesn't exactly get along with Systemd. The Systemd documentation explains this better than I can off the top of my head, but the TL;DR is that they implemented new tools as part of the cgroups build-out. They didn't remove ulimit, it just no longer rules in quite the same way. (Something you find out when a vendor wonders why their program's start script no longer works as intended.)

Nice vid Dave it really makes me ponder what other quirks are still out there in modern OSes which can throw the system a curve.

I do believe that windows has an automatic "nice" system where processes that are not in the foreground are deprioretized over others. This is to prevent lockups on heavily abused systems and the like. Windows task scheduler is magic I would say.

I love this channel, Dave’s content and presenting style are so informative and entertaining, thank you Dave!

As someone who's been running servers shared by my multiple clients for over 15 years, I'm glad you've covered this. My first experience was a learning curve to say the least.

This reminds me of when I first figured out how to make a web page open a popup of itself infinitely. You could only save it if you were REALLY quick with the task manager! Remember when pop ups were a thing? LOL!

In computer engineering, I used to spend extra hours learning from online manuals. The system I was using was an Ultrix running a 1 MIPS cpu. I discovered the 'fork' command, read how to use it and decided that I should promptly write come C code. Wrote it, compiled it and executed it. About 1 second later I had the realization of what I'd actually done. Never knew until today what it was called but, I wrote a fork bomb in 1987. Whoops. Lucky it was Sunday night so I went home. Monday morning back at school, the first thing my friend said to me was: "What the f..k did you do to the VAX?" Long story short - system administrator had to reboot the system and all went back to normal. My code worked very similarly with an end result being one in the same. Thanks for the video Dave. Brought back memories.

Good vid, brother Dave. Thanks. Again, glad I found this site.

Thanks for sharing your knowledge Dave!

This reminds me of a stupid simple DoS attack I sort of figured out when I was doing Unix/Solaris training for the Army. I would create a banner that would call to a banner that called to the banner that called to it. Running the first banner would hard-lock the system instantly. I crashed the Solaris server that was managing our Unix network for our tests. I had no idea what would happen, but I did it anyways. Almost got removed from the training cycle and recycled to another group for it.

Love these episodes. Dave the great geek entertainer! 😊

Really enjoy your method of presenting, thank you sir !😊

As always, entertaining and informative. You always touch on some of the deep information that most people glaze over. Thanks.

Great explanation Dave. I would guess that if this function included some kind of disk i/o action (like maybe "touch" a random filename) it would saturate the disk i/o channels or run the filesystem out of entries? I have conducted a lot of new product testing in the past, and alpha test third party products which use some kind of device driver or driver update/install - esp on Unix systems but also on Windows - fairly frequently had issues where something unintentionally recursed and ate all the i/o or memory, usually only under specific sets of circumstances. I had forgotten about the shared page replicate-on-write thing too, so thanks for the reminder on that - made me realise how much I miss dabbling in OS internals!

I remember at Uni when the second years were due to submit assignments demonstrating their understanding of forking programs. As a first year, the lecturers all sternly warned us that not being able to submit our program because the submission server was fork bombed meant a late penalty. Then it was second year and guess who managed to do just that 😅

Dave I like all of your videos are educational and entertaining. So, please keep up the great work and thanks for being there.

I like how you explained what was going on in detail then immediately related it to something far beyond my scope of knowledge.

For doing something helpful, I once created a program which calculated prime numbers. First process just counted from 2 upwards and sent the value to a pipe. Last process just printed the value from the pipe. Intermediate processes forwarded the first number read, and then filtered out everything divisible by it. After a few hundred results the process table was full. Not a real bomb, it could be killed with SIGPIPE.

I remember Windows XP being particularly susceptible to a similar kind of DoS attack, the handle bomb. For readers that don't do much Win32 API apps, you might have never heard of handles before. They are basically the same as pointers, but across separate memory spaces, usually between the kernel and userland. For instance, if you've seen the HWND type somewhere, that H stands for Handle. It's a reference to a window object that's owned by the OS and not by your own code. So how do you make a handle bomb? You hold down Win+E for a few seconds... Yep! That's it! It's a shortcut that will open a new Windows Explorer window, which creates a whole bunch of handles along the way. The funny thing is, Windows XP used to process that shortcut as fast as it could, flooding the screen with tons of new windows until the entire handle table would get filled. At that point, funny stuff would happen. Some processes would just hang or crash. Others would have missing UI elements here and there or turned completely blank. Most of the time, you couldn't even open the start menu anymore. Fun stuff! I remember getting Windows Vista to crash that way as well, but it took a lot longer. I wonder if it still works today...

I watched this last year and saw your video again and remembered I needed to sub. Thanks for this informative video that taught me quite a bit.

Excellent video and clear explanations!! Many thanks!

Magic SysRq notwithstanding, you may be able to get back into Linux as root via the console. It does have special considerations for uid 0 in the resource allocation. Windows' task scheduling is a little different to Linux (it's more real-time-ish), which may be the reason you could break out - especially if Task Manager had a higher priority than your fork bombs. On that note, process scheduling algorithms would be a fun video series!

You can gracefully shutdown Linux using the magical sys request key route if you configured it, alt + sysreq, reisub; alt + sysreq, reiso depending on your configuration.

I really appreciate your way of presenting information, I have been interested in IT skills since I was young but am self taught and struggle to know where to begin in regards to practical knowledge. This video was both entertaining and informative, I really appreciate you making it. I hope I can find a teacher who presents information in a similar manner to yours so I can figure it out easier myself. Liked and subbed! :)

Great videos! Really enjoy your channel.

I had fun with this as a system programming student, back in the day. Some steps (in the wrong order) to reproduce this in a home (but still POSIX) environment that recovers itself: - Write the thing direct in C - create a signal handler on SIGALARM. Signal handler should exit the program. 30 seconds is a good time - once it's created, do the fork bomb thing. fork() is the key function here. - machine gets hung up with processes - when alarm goes off, it just all miraculously recovers. - if you have another terminal window, or run screen, watch uptime.

while(1){fork();} ? I remember that being explained in my OS course in University. Had every student's attention.

One of the best computing channels on yt! Thanks Dave!

Awesome information. Thank you!

Cool! Reminds me something OS/2 fans would do on Windows machines to show how OS/2 could better handle bad processes; I forget the actual code now, but it required using DEBUG to clear interrupts (CLI) and then starting a infinite loop. Windows would lock up hard, but OS/2 would keep chugging away and you could easily kill the locked up process. Cheers!

Perhaps one way to recover a Linux system is by using SysRq (usually mapped as Print Screen): Alt-SysRq-R, Alt-SysRq-E, Alt-SysRq-K, Alt-SysRq-S, Alt-SysRq-U, Alt-SysRq-B. This effectively tries to do a safe reboot. unRaw (take control of keyboard back from X11, tErminate (send SIGTERM to all processes, allowing them to terminate gracefully), kIll (send SIGILL to all processes, forcing them to terminate immediately), Sync (flush data to disk), Unmount (remount all filesystems read-only), reBoot. I've seen these key sequences not allow me to reboot an old K6-2 350 that had an infamous Diamond Stealth 3D 4000 (S3 Virge GX2-based AGP card) though... Said system had a serious XFree86 3.x, 4.0x bug involving that S3 chipset that would cause the Moire2 xscreensaver module to hard lock the machine. Even, xdaliclock would hard lock my machine with that video card. I doubt SysRq would have any effect on WSL though, but who knows.

Funnily enough, pulled the same stunt as many of the other readers here. As a junior dev in the early 90s, on a Friday afternoon I wrote an endless loop in C with a fork and sleep. In my infinite wisdom (read: ignorance) I chose to run it with "nohup myprogram &" on the production Data General AViiON. When the system chose to terminate my interactive shell and I couldn't get back in, how my stomach sank. Especially when the admin couldn't terminate them and had to force a hard shutdown. Luckily no data loss. Some joking and ribbing at my expense by a couple of colleagues helped ease the tension - but I sure had my doubts that I would still be employed come Monday (I was :))

Thank you for your work and for teaching us about it. Really liked your Task Manager video, that was really cool. It's one of those absolutely essential parts of Windows that makes it actually usable for daily work.

Now to use this encoded into dial tones to see if robo-callers properly sanitize the input of the system.

Last time I was playing with fork bombs (on my own PC, of course) Linux killed the thing in a matter of seconds. If I remember correctly it was running in a sandbox (playing with dangerous code was on the menu, but nuking my system wasn't) and the system dumped the whole sandbox when it started taking too many resources, which killed the interpreter.

Both entertaining and informative, you are! Thanks

What a great explanation! The lighting makes your hair look pretty magical.

I remember back in tech school using Win NT and setting up domains and networks and one of my class mates decided to send a NET message with infinite loop to all PC's on the network and took down the campus network and supposedly reached out to other campuses in the state. Lucky for him, the message was not offensive but he did get a warning.

Using GNV on VMS, the fork bomb just reports a pipe error: exceeded byte count quota. VMS has always been paranoid about a process having unbounded access to system resources, with default limits appropriate for a 11/780 with .5 MB of memory. I could probably up BYTLM on the account to make it fail with a PRCLM exceeded error instead. I remember the time in college the admins sysgen'ed our RSX 11-M to include type-ahead support in the terminal driver. I held down the arrow key for several seconds and crashed the system as all the system pool got consumed.

Hey Dave, thanks for being you and please keep up the good work.

Nice one Dave....I enjoyed it 😜

Interesting, it seems Apple has lowered the default ulimit on MacOS 13 (Ventura). It's now 5333 out of the box on my machine and running the fork bomb will not lock up the machine. In fact your video just keeps playing and i can still launch apps. Running killall bash eventually stops the fork bomb altogether

Windows doesn't have a real fork, so the likes of cygwin, msys2, git bash, strawberry perl, etc are using an emulated fork (vfork()) which is going to be slower than a true fork(), which is part of how Windows can manage to remain responsive.

I couldn’t imagine a better and more informative weekend than time with you and a couple of beers.

A nice explanation, Dave!!!. Thanks for help an informatic amateur like me. 👏

Hi Dave, I would love for you to have a look at the state of modern Linux Desktop Environments: GNOME (both Vanilla and Ubuntu), KDE Plasma, Cinnamon, etc.

Loving that your simplified analogy of the fork bomb is describing nuclear fusion. 😂

You got a sub from me. Very informative, and interesting all the way through. Cool video!

Great stuff on explaining how it works!

Dave, a big bow on your videos. Your (and your colleagues') work makes our everyday easier. 1. I have learned fork bomb (on purpose) on during my Computer Science studies. It was one of the very first tasks on Operating Systems curriculum, we did it on Linux. Later on, we tried the same on Windows NT 4.0 or Windows 2000 (I don't remember which NT version was then, the computers were upgraded during my studies). 2. I have just tested the shell fork bomb on MacBook Pro with M1 Pro, running macOS 12 Monterey - system did not even slow down and it was so easy to stop it as just to close the tab of Terminal application. 3. I also did `ps -ax | grep zsh` on this MacBook and saw an interesting result: 1768 ttys001 0:00.01 login -pfl michalj /bin/bash -c exec -la zsh /bin/zsh 1773 ttys001 0:00.08 -zsh 12133 ttys001 0:00.00 grep zsh 33340 ttys002 0:00.08 login -pfl michalj /bin/bash -c exec -la zsh /bin/zsh 33789 ttys002 0:00.05 -zsh (`michalj` is my logon name) - this suggests that `login` process starts Bash, which in turn starts `zsh` shell.

Is this what Jeff Goldblum used in Independence Day?

Good one Dave Thanks Mate

Thanks for the information.

I seriously want to meander up to your place on a Friday early afternoon with a cold 6-pack and sit and learn software development from you. As a 44yo electromechanical engineer that, after 18 years, has reached his limit at his current employer. I took a C++ course last semester and now really fallen in love with programming. So much that I am considering changing careers to EE + software. Finding a place where you can learn the in's and out's though and not be an "Intern" or "Junior" is a challenge, if it even exists.

I've been working in IT for 28 years... first time ever seeing this. Never stop learning, eh? Thank you for posting this!

Thank You! It was interesting and great!

sometimes, you're beyond me, but this time, wow. You always make things clear enough to us who have never programmed. As a pedestrian I always appreciate when you show locations and perform actions within the code. I'm always pleased to hear from you. Thanks

This reminds me of something similar but not quite the same I did by accident on a Decsystem 10 back in the late 70's/early 80s at UTK. A friend of mine a Kent O. and I were playing around and I noticed you can use the console assign command (not sure of the exact command now, maybe "assign" or "assgn") to assign/attach (maybe it Was "attach") a Device to your login session. While this was primarily for assigning a printer or tape drive to a job or session so you could exclusively output to it, I found the neither command nor OS discriminated; any valid (open) device could be assigned. For fun I tried 'assign'ing a nearby (unused) terminal (TTY). It worked. Grin. I tried on that someone was already logged in on and got an error saying the device wasn't available (or something like that). As I said, playing with my friend who was on another TTY and found that yes, after assigning it, I could output to the TTY. In fact I could (forgot the command), mirror everything on my screen to the assigned TTY. Well that was all fun, but Kent wanted to login himself. But he couldn't while I had it assigned. Grin. He eventually figured out he could hit Cntrl-C to "break" the assignment and get a login prompt. The fun then was me running the assign command again before he could log in. LOL. This continued for half a minute or so before I thought, of the easy fix. It took me about 30 seconds to write a simple script to loop the assign command for that TTY. I ran it. I don't know how many times he hit Cntrl-C, but my script would reassign the TTY Long before he could log in. So after a min or so he gave up. My script is still running. I didn't realize, but once he stopped breaking it, the script kept reassigning the TTY; and apparently on that system there was a pool of assigned devices; not a very big pool either...my script started getting errors "?assign limit exceeded-no available space" or something to that effect. Suddenly all around the computer lab I hear "Hey my terminal's locked up!" "Mine too!" "What's going on?" I sheepishly tried to keep my cool. I realized I didn't know or remember the "deassign" command. But I thought, if I log out, all my resources should be returned to the OP pools, including all these device assigns. Fortunately that worked. Kent & I had a good laugh over that later.

You could also in theory limit the CPU time of any given user so it only ruins them.

Heh, I made one without knowing what it was called when I was 10 in elementary school. The only thing I didn't know back then was the fact that all PCs were actually thin clients running from one desktop. Crashed not only my own, but also the 3 other workstations my classmates were using. The IT-teacher was NOT happy with me...

Just found this channel. Pure quality!

on NT task manager always runs with a higher priority and cpu affinity. Probably it is enforced by the kernel itself, outside if win32 api. In other os's there is no such thing by default. On linux systemd-oom tries do that but only kicks in when system is low on memory. But earch bash/zsh has very low memory usage. So it does nothing to them.

0:12 - does this version work? wow, it does. TIL you can override the builtin : command with a user-defined function! Still, curious why you have that version there, and then later (2:16 et al) use A instead of : ... anything in particular behind the switch? oh, perhaps because that works in zsh, but not bash (ref 9:58)? As for solving it (5:30), I don't feel like trying to be sure, but I wonder if a bit of fg and ctrl-z and/or ctrl-c might at least help. But, it might not. Maybe sometime when I'm feeling more adventurous, I'll set up a vm or something and try it there, but... anyway... fuser -k on the tty that launched things might help ... IF you can fork an fuser process, of course. Usually builtins are the way to go in resource-constrained situations like this, though, because one often can't fork and/or exec new processes... Also depends, of course, on whether or not you have another active shell, etc. etc. Hmm, 2:41 makes me wonder if ctrl-S might also possibly be helpful? If you freeze the output long enough, maybe it'll stop trying to fork, because it's waiting to write to its output buffer, which fills up?!?? Something to try. Oh yeah, and re 5:40 - yeah, if you had htop already running, if you can find the right bash, enter tree view (t), tag it (c) then (k)ill, and you might be able to get rid of it. Not sure.

This was so interesting that I subscribed to your channel.

That was really informative, thank you!

So if I am, for example, not doing anything at all in Windows, sitting idle not doing any work, can I perform this fork bomb thing without any loss of anything on my computer? The context is that I've saved any and all data beforehand so as to not suffer any data loss.

The alt+sysrq key combo might save you in linux. alt+sysrq, then k will kill all the running processes on the console. the e key will kill all except for init.

Interesting, thank you for the explanation.

I guess we need to test it on OpenBSD. It has a lot of mitigations, but I can´t remember seeing a process count limit either in sysctl or login.conf (from the top of my head).

Hi Dave, while everything you stated is true, I wanted to re-test this on Mac OS 12.4 since there are security changes in this release. After about 2 minutes of running a fork bomb via Terminal, the XProtect Service killed every instance of zsh as it seems to identify a fork bomb as malware activity.

Dave's such a badass. I love throwing on random videos and learning new stuff. It was interesting to learn that a rabbit is a type of fork bomb. I'm familiar with the concept of a rabbit and how it replicates to consume system resources but had no idea its what its technical term was.

thank you Dave , love the rainman

A question! Two of my desktops were shut off and left off for quite awhile. Now they are black screen and say no vga, no hdmi no something else. Anything I can do what’s wrong?

I once recovered a production machine running Solaris which had a fork bomb set off by sending SIGSTOP to all the working processes before actually killing them with SIGKILL. I still don't really understand how my "ps aux | grep ..." managed to run (it took many tries before it worked), but eventually I managed to freeze all the forking processes and only then tried to killed them off. Directly using SIGTERM or SIGKILL just freed up slots in the process table that were immediately filled by new forked processes, but freezing them with SIGSTOP prevented more forking and I managed to get them all frozen before terminating them. At least this is what I believe happened. Maybe Solaris had some magic sauce that did the real fix while I was messing about thinking what I was doing actually helped.

Good subject. Very interesting 👍

I am really enjoying your videos. a look at the deep dark (well maybe not so deep or dark) secrets of MS stuff. I actually used MS dos when a 10 Meg hard drive was $300.00 in 1980. Thanks for your videos

Who is writing the ducky script?

I just tried this in Mint on a PC i.e. not WSL. Got those messages and just clicked the green cross at the top right of terminal and all back to normal. What an anticlimax.

great episode Dave! (y)

Interesting , Thank You. You're channel is very interesting even though I understand very little

Given that a “fork bomb” rapidity reproduces itself, could it essentially be considered a type of virus, even if it only replicates processes and not files? Either way, it’s interesting to me that such a simple line of code can bring even the most powerful system to its knees.