From owner-freebsd-stable@FreeBSD.ORG Thu Mar 20 18:39:09 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BA01D65C for ; Thu, 20 Mar 2014 18:39:09 +0000 (UTC) Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9180FDF6 for ; Thu, 20 Mar 2014 18:39:09 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id 600B0B94C; Thu, 20 Mar 2014 14:39:08 -0400 (EDT) From: John Baldwin To: freebsd-stable@freebsd.org Subject: Re: sshd with zombie process on FreeBSD 10.0-STABLE - workaround Date: Thu, 20 Mar 2014 10:58:38 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.4-CBSD-20130906; KDE/4.5.5; amd64; ; ) References: <53016D97.5030909@bsdinfo.com.br> <5329D81E.7040709@bsdinfo.com.br> In-Reply-To: <5329D81E.7040709@bsdinfo.com.br> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201403201058.38555.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Thu, 20 Mar 2014 14:39:08 -0400 (EDT) Cc: Marcelo Gondim X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 18:39:09 -0000 On Wednesday, March 19, 2014 1:47:10 pm Marcelo Gondim wrote: > Em 19/03/14 13:01, Kevin Oberman escreveu: > > On Wed, Mar 19, 2014 at 6:00 AM, Marcelo Gondim wrote: > > > >> Hi all, > >> > >> While the solution does not appear, did the script below and put it in > >> crontab to automatically delete zombie sshd processes. > >> > >> the_walking_dead.sh: > >> > >> #!/bin/sh > >> kill -9 `ps afx|grep sshd|grep unknown|awk '{print $1}'` > >> > >> > >> Put this in /etc/crontab: > >> > >> 00 1 * * * root the_walking_dead.sh > >> > >> > > If 'kill -9' works, the process is not really a zombie. It simply still has > > a socket open and is waiting for it to be closed before exiting. > > > > You might takes a look at network sockets with sockstat(1) and see if you > > can get any indication of why these sockets are not being closed. It may be > > that the issue is not sshd but some other issue in the OS leaving sockets > > open. > > > Hi Kevin, > > My ps -afx below: > > [...] > 42139 - Is 0:00.01 sshd: unknown [priv] (sshd) > 42140 - Z 0:00.01 > 42141 - IW 0:00.00 sshd: unknown [pam] (sshd) > 58445 - Is 0:00.01 sshd: unknown [priv] (sshd) > 58446 - Z 0:00.02 > 58447 - IW 0:00.00 sshd: unknown [pam] (sshd) > 65635 - Is 0:00.01 sshd: vinicius [priv] (sshd) > 65636 - Z 0:00.01 > [...] > > # sockstat | grep 42140 > # > > # sockstat | grep 58446 > # > > # sockstat | grep 65636 > # > > No associated socket with zombie process. Do a pstree. I bet the zombies are children of the other processes that are stuck on a socket as Kevin described. -- John Baldwin