Stuck CLOSED sockets / sshd / zombies...

Karl Pielorz kpielorz_lst at tdx.co.uk
Wed Apr 2 14:30:15 UTC 2014 

Hi All,

This issue started in -xen (subject: *Stuck sshd in urdlck), moved to 
-stable (subject: sshd with zombie process on FreeBSD 10.0-STABLE), and 
-net (subject: Server sockets staying in CLOSED for extended), but seems to 
have died a death in all of them.

It's affecting a number of people - predominately with sshd.

Does anyone know how I can troubleshoot this further, what the cause / fix 
is, or if it's already actually fixed?

"
# ps ax | grep 4344
ps axl | grep 4344
   0  4344   895   0  20  0 84868 6944 urdlck  Is - 0:00.01 sshd: unknown 
[priv] (sshd)
  22  4345  4344   0  20  0     0    0 -       Z  - 0:00.00 <defunct>
   0  4346  4344   0  21  0 84868 6952 sbwait  I  - 0:00.00 sshd: unknown 
[pam] (sshd)

#ps axd
...
  895  -  Is        0:00.05 |-- /usr/sbin/sshd
 3933  -  Is        0:00.01 | |-- sshd: unknown [priv] (sshd)
 3934  -  Z         0:00.00 | | |-- <defunct>
 3935  -  I         0:00.00 | | `-- sshd: unknown [pam] (sshd)
 4338  -  Is        0:00.01 | |-- sshd: unknown [priv] (sshd)
 4339  -  Z         0:00.00 | | |-- <defunct>
 4340  -  I         0:00.00 | | `-- sshd: unknown [pam] (sshd)
 4341  -  Is        0:00.01 | |-- sshd: unknown [priv] (sshd)
 4342  -  Z         0:00.00 | | |-- <defunct>
 4343  -  I         0:00.00 | | `-- sshd: unknown [pam] (sshd)
 4344  -  Is        0:00.01 | |-- sshd: unknown [priv] (sshd)
 4345  -  Z         0:00.00 | | |-- <defunct>
 4346  -  I         0:00.00 | | `-- sshd: unknown [pam] (sshd)
...

#netstat -a -n | grep CLOSED | wc -l
59

#netstat -a | grep 54544
tcp4       0      0 192.168.0.138.22      192.168.0.45.54544     CLOSED

#sockstat | grep 4343
root     sshd       4343  3  tcp4   192.168.0.138:22    192.168.0.45:54544
root     sshd       4343  6  stream (not connected)
root     sshd       4343  8  stream -> ??

#uname -a
FreeBSD host 10.0-STABLE FreeBSD 10.0-STABLE #0 r261289M: Thu Jan 30 
13:33:35 UTC 2014     x at domain.com:/usr/src/sys/amd64/compile/GENERIC  amd64
"

For a box that's doing nothing (apart from people ssh'ing in occasionally) 
-   there's obviously something wrong.

What would be next to try and figure out why this is happening? - as I'd 
dearly like to know what's causing it / a fix (or if it's already fixed in 
-STABLE, and at which revision)

Thanks,

-Karl

More information about the freebsd-hackers mailing list