From owner-freebsd-stable@FreeBSD.ORG  Wed Mar 19 16:56:34 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9C65ADE1
 for <freebsd-stable@freebsd.org>; Wed, 19 Mar 2014 16:56:34 +0000 (UTC)
Received: from mail-ob0-f179.google.com (mail-ob0-f179.google.com
 [209.85.214.179])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5EF4BFAE
 for <freebsd-stable@freebsd.org>; Wed, 19 Mar 2014 16:56:33 +0000 (UTC)
Received: by mail-ob0-f179.google.com with SMTP id va2so8364001obc.38
 for <freebsd-stable@freebsd.org>; Wed, 19 Mar 2014 09:56:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=MdQWs2VMfROSJMaG4le50o2u1zFz26a8hdozTipeiDY=;
 b=HdYe+6S32wSN5uz3i34clw16gQ0gqlYOU8JOqG6v03uVMZMWll25Oy2wTgt9VgAWQa
 piEyIcE8VaPdEDNGUnPK7UtjLFRjmgO8jiZRIct8e+HBPFSHy4SmxsTjES76E1GB0sPU
 xVHlMBZnXVXoLB+BrvYpXVfxR7t77UxeQiltIYajSHB5F07p2yZ7m9PfZb4hDp0JVecX
 WucypHFbr0mXYM6CjlEeCu3lxOpjyhcxEJSIw+8xfacZgIZaKZKekfe3vuc7YYx3c5SV
 WW15J7m1re3l+hyXAZWvtw0RG3X4gUkn8CGQGQCPZwztpP7CGGs2+HPeVRogIWKB1oZ3
 DgwQ==
X-Gm-Message-State: ALoCoQmkr2B3JmQKDg8YQeTXuUWg4fdyV0GAljcwpU804PUXrwja0CHrbLNigTq2VnbjUcOtTQTO
MIME-Version: 1.0
X-Received: by 10.60.233.202 with SMTP id ty10mr33475367oec.25.1395248186644; 
 Wed, 19 Mar 2014 09:56:26 -0700 (PDT)
Sender: nimrod@nimrod.is-a-geek.net
Received: by 10.60.156.101 with HTTP; Wed, 19 Mar 2014 09:56:26 -0700 (PDT)
X-Originating-IP: [12.5.170.98]
In-Reply-To: <CAN6yY1uucfkdXxkCF30w1Q9vffRpDLxM90Sz1XVbdn5W69vQMg@mail.gmail.com>
References: <53016D97.5030909@bsdinfo.com.br> <53066B59.5000709@yandex.ru>
 <531A6C66.2010101@bsdinfo.com.br>
 <CAPJF9wnVOYjTXB0A1wyzwvCj-Tvx_u2uYLW72-wDuz-QZpwT4w@mail.gmail.com>
 <53298445.90706@bsdinfo.com.br> <532994EA.9090300@bsdinfo.com.br>
 <CAN6yY1uucfkdXxkCF30w1Q9vffRpDLxM90Sz1XVbdn5W69vQMg@mail.gmail.com>
Date: Wed, 19 Mar 2014 11:56:26 -0500
X-Google-Sender-Auth: aqMDyrxPFmoM1gdYT7xOigHegyg
Message-ID: <CAMgUhpoCx3pfzg4ZPb+UOfJit3trir68FBjq5yDSJohPPsp24Q@mail.gmail.com>
Subject: Re: sshd with zombie process on FreeBSD 10.0-STABLE - workaround
From: Nimrod Levy <n1mr0d@nimrod.is-a-geek.net>
To: Kevin Oberman <rkoberman@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
Cc: Marcelo Gondim <gondim@bsdinfo.com.br>,
 FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2014 16:56:34 -0000

I recently ran into a very similar sounding issue on a juniper router
(JunOS is based on FreeBSD) that ended up being a timing issue when the
devices were sending ACKs.  Basically, the client tries to close the
session with a FIN, but the server (or in my case, a router) was delaying
sending ACKs and disregarded the FIN.  When the client subsequently
received an SSH packet, an RST was sent out from the client and the
connection was closed.  The socket on the server remained open and we saw a
similar stuck process.

One workaround was to set
sysctl -w net.inet.tcp.delayed_ack=0



On Wed, Mar 19, 2014 at 11:01 AM, Kevin Oberman <rkoberman@gmail.com> wrote:

> On Wed, Mar 19, 2014 at 6:00 AM, Marcelo Gondim <gondim@bsdinfo.com.br
> >wrote:
>
> > Hi all,
> >
> > While the solution does not appear, did the script below and put it in
> > crontab to automatically delete zombie sshd processes.
> >
> > the_walking_dead.sh:
> >
> > #!/bin/sh
> > kill -9 `ps afx|grep sshd|grep unknown|awk '{print $1}'`
> >
> >
> > Put this in /etc/crontab:
> >
> > 00 1 * * *    root    the_walking_dead.sh
> >
> >
> If 'kill -9' works, the process is not really a zombie. It simply still has
> a socket open and is waiting for it to be closed before exiting.
>
> You might takes a look at network sockets with sockstat(1) and see if you
> can get any indication of why these sockets are not being closed. It may be
> that the issue is not sshd but some other issue in the OS leaving sockets
> open.
>
> --
> R. Kevin Oberman, Network Engineer, Retired
> E-mail: rkoberman@gmail.com
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>