From owner-freebsd-stable@FreeBSD.ORG Thu Mar 20 23:46:59 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C33528F4 for ; Thu, 20 Mar 2014 23:46:59 +0000 (UTC) Received: from mail.bsdinfo.com.br (mail.bsdinfo.com.br [67.212.89.78]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8C54E7B0 for ; Thu, 20 Mar 2014 23:46:59 +0000 (UTC) Received: from mail.bsdinfo.com.br (mail.bsdinfo.com.br [127.0.0.1]) by mail.bsdinfo.com.br (Postfix) with ESMTP id E3985139C8 for ; Thu, 20 Mar 2014 23:49:34 -0300 (BRT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bsdinfo.com.br; h=content-type:content-type:in-reply-to:references:subject :subject:to:mime-version:user-agent:from:from:date:date :message-id; s=dkim; t=1395370173; x=1396234174; bh=qJyGiimtLDVr OFxU52ekMTe+te/A9lURPkdWXpl2NBI=; b=jk9035ji9gVR+5YeZ0n3qTe0fBRp 1olWrTvtMySFI20ccAIqaEy2XiUXDQigDSQFHhY6rorCDrkMSMUcybggcP7u7DUH 8OKeTPfp8G47x7AJ+xARY/QN1NTGnkBmur80rxmuf4eq7542H8jTfRIIrU81HO5d LoGE09cvUTlxVOM= X-Virus-Scanned: amavisd-new at mail.bsdinfo.com.br Received: from mail.bsdinfo.com.br ([127.0.0.1]) by mail.bsdinfo.com.br (mail.bsdinfo.com.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 54_DzmkSEeLV for ; Thu, 20 Mar 2014 23:49:33 -0300 (BRT) Received: from MacBook-de-Gondim-2.local (unknown [186.193.54.69]) by mail.bsdinfo.com.br (Postfix) with ESMTPSA id DC735139C3 for ; Thu, 20 Mar 2014 23:49:32 -0300 (BRT) Message-ID: <532B7DEC.7010809@bsdinfo.com.br> Date: Thu, 20 Mar 2014 20:46:52 -0300 From: Marcelo Gondim User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: FreeBSD Stable Mailing List Subject: Re: sshd with zombie process on FreeBSD 10.0-STABLE - workaround References: <53016D97.5030909@bsdinfo.com.br> <5329D81E.7040709@bsdinfo.com.br> <201403201058.38555.jhb@freebsd.org> In-Reply-To: <201403201058.38555.jhb@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2014 23:46:59 -0000 Em 20/03/14 11:58, John Baldwin escreveu: > On Wednesday, March 19, 2014 1:47:10 pm Marcelo Gondim wrote: >> Em 19/03/14 13:01, Kevin Oberman escreveu: >>> On Wed, Mar 19, 2014 at 6:00 AM, Marcelo Gondim > wrote: >>>> Hi all, >>>> >>>> While the solution does not appear, did the script below and put it in >>>> crontab to automatically delete zombie sshd processes. >>>> >>>> the_walking_dead.sh: >>>> >>>> #!/bin/sh >>>> kill -9 `ps afx|grep sshd|grep unknown|awk '{print $1}'` >>>> >>>> >>>> Put this in /etc/crontab: >>>> >>>> 00 1 * * * root the_walking_dead.sh >>>> >>>> >>> If 'kill -9' works, the process is not really a zombie. It simply still > has >>> a socket open and is waiting for it to be closed before exiting. >>> >>> You might takes a look at network sockets with sockstat(1) and see if you >>> can get any indication of why these sockets are not being closed. It may > be >>> that the issue is not sshd but some other issue in the OS leaving sockets >>> open. >>> >> Hi Kevin, >> >> My ps -afx below: >> >> [...] >> 42139 - Is 0:00.01 sshd: unknown [priv] (sshd) >> 42140 - Z 0:00.01 >> 42141 - IW 0:00.00 sshd: unknown [pam] (sshd) >> 58445 - Is 0:00.01 sshd: unknown [priv] (sshd) >> 58446 - Z 0:00.02 >> 58447 - IW 0:00.00 sshd: unknown [pam] (sshd) >> 65635 - Is 0:00.01 sshd: vinicius [priv] (sshd) >> 65636 - Z 0:00.01 >> [...] >> >> # sockstat | grep 42140 >> # >> >> # sockstat | grep 58446 >> # >> >> # sockstat | grep 65636 >> # >> >> No associated socket with zombie process. > Do a pstree. I bet the zombies are children of the other processes that > are stuck on a socket as Kevin described. > # ps afx|grep sshd |grep unk 10948 - Is 0:00.02 sshd: unknown [priv] (sshd) 10955 - IW 0:00.00 sshd: unknown [pam] (sshd) <==== 11701 - Is 0:00.02 sshd: unknown [priv] (sshd) 11704 - IW 0:00.00 sshd: unknown [pam] (sshd) 25450 - Is 0:00.01 sshd: unknown [priv] (sshd) 25452 - IW 0:00.00 sshd: unknown [pam] (sshd) 41193 - Is 0:00.02 sshd: unknown [priv] (sshd) 41196 - IW 0:00.00 sshd: unknown [pam] (sshd) 42193 - Is 0:00.02 sshd: unknown [priv] (sshd) 42195 - IW 0:00.00 sshd: unknown [pam] (sshd) 80638 - Is 0:00.02 sshd: unknown [priv] (sshd) 80640 - IW 0:00.00 sshd: unknown [pam] (sshd) 81484 - Is 0:00.02 sshd: unknown [priv] (sshd) 81486 - IW 0:00.00 sshd: unknown [pam] (sshd) With proctstat I could see the socket as follows: # procstat -f 10955 PID COMM FD T V FLAGS REF OFFSET PRO NAME 10955 sshd text v r r------- - - - /usr/sbin/sshd 10955 sshd cwd v d r------- - - - / 10955 sshd root v d r------- - - - / 10955 sshd 0 v c rw------ 6 0 - /dev/null 10955 sshd 1 v c rw------ 6 0 - /dev/null 10955 sshd 2 v c rw------ 6 0 - /dev/null 10955 sshd 3 s - rw---n-- 2 0 TCP 186.xxx.xx.2:22 186.xxx.xx.8:57035 10955 sshd 5 p - rw------ 2 0 - - 10955 sshd 6 s - rw------ 2 0 UDS - 10955 sshd 7 p - rw------ 1 0 - - 10955 sshd 8 s - rw------ 2 0 UDS - I do not understand why these connections are remaining locked in FreeBSD 10.0 I'll try this sysctl: net.inet.tcp.delayed_ack=0