I'm experiencing the same bug, karmic x64, tons of ssh zombies. Happens with interactive and non-interactive shells, and with ssh tunnels.
if i restarts the main sshd, it works for a little while, then starts leaving zombies behind.
My shell is tcsh (doesn't seem to matter though).
If i strace the main sshd while doing a "ssh server echo '$$'", i see:
28640 write(1, "28640\n", 6) = 6 <=== my echo 28640 rt_sigprocmask(SIG_SETMASK, NULL, ~[INT KILL ALRM TERM CHLD STOP RTMIN RT_1], 8) = 0 28640 rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM TERM CHLD STOP RTMIN RT_1], NULL, 8) = 0 28640 close(0) = 0 28640 close(1) = 0 28640 close(2) = 0 28640 rt_sigprocmask(SIG_SETMASK, NULL, ~[KILL ALRM TERM CHLD STOP RTMIN RT_1], 8) = 0 28640 rt_sigprocmask(SIG_SETMASK, ~[INT KILL ALRM TERM CHLD STOP RTMIN RT_1], NULL, 8) = 0 28640 exit_group(0) = ? <=== the shell exits properly 28639 <... select resumed> ) = 1 (in [11]) 28639 rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0 28639 rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0 28639 read(11, "28640\n", 16384) = 6 28639 select(14, [3 7 11 13], [3], NULL, NULL) = 3 (in [11 13], out [3]) 28639 rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0 28639 rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0 28639 read(11, "", 16384) = 0 28639 close(11) = 0 28639 read(13, "", 16384) = 0 28639 close(13) = 0 28639 write(3, "\315\300.\216\6\313\\\303\360\304\324*\355\332\222\373\266\275\255\275\t\261\",\325\205\3432\25\355\26\214"..., 48) = 48 28639 select(14, [3 7], [3], NULL, NULL) = 1 (out [3]) 28639 rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0 28639 rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0 28639 write(3, "\202T\314[\351\244\33\22\245\361\302NI=Yv\35\375\311h\25\275\272\255fbzH\365\244\247n", 32) = 32 28639 select(14, [3 7], [], NULL, NULL <== the forked sshd expects something from fd 3 or 7 but it never happens
I'm experiencing the same bug, karmic x64, tons of ssh zombies.
Happens with interactive and non-interactive shells, and with ssh tunnels.
if i restarts the main sshd, it works for a little while, then starts leaving zombies behind.
My shell is tcsh (doesn't seem to matter though).
If i strace the main sshd while doing a "ssh server echo '$$'", i see:
28640 write(1, "28640\n", 6) = 6 <=== my echo SIG_SETMASK, NULL, ~[INT KILL ALRM TERM CHLD STOP RTMIN RT_1], 8) = 0 SIG_SETMASK, ~[KILL ALRM TERM CHLD STOP RTMIN RT_1], NULL, 8) = 0 SIG_SETMASK, NULL, ~[KILL ALRM TERM CHLD STOP RTMIN RT_1], 8) = 0 SIG_SETMASK, ~[INT KILL ALRM TERM CHLD STOP RTMIN RT_1], NULL, 8) = 0 SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0 SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0 SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0 SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0 \216\6\ 313\\\303\ 360\304\ 324*\355\ 332\222\ 373\266\ 275\255\ 275\t\261\ ",\325\ 205\3432\ 25\355\ 26\214" ..., 48) = 48 SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0 SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0 314[\351\ 244\33\ 22\245\ 361\302NI= Yv\35\375\ 311h\25\ 275\272\ 255fbzH\ 365\244\ 247n", 32) = 32
28640 rt_sigprocmask(
28640 rt_sigprocmask(
28640 close(0) = 0
28640 close(1) = 0
28640 close(2) = 0
28640 rt_sigprocmask(
28640 rt_sigprocmask(
28640 exit_group(0) = ? <=== the shell exits properly
28639 <... select resumed> ) = 1 (in [11])
28639 rt_sigprocmask(
28639 rt_sigprocmask(
28639 read(11, "28640\n", 16384) = 6
28639 select(14, [3 7 11 13], [3], NULL, NULL) = 3 (in [11 13], out [3])
28639 rt_sigprocmask(
28639 rt_sigprocmask(
28639 read(11, "", 16384) = 0
28639 close(11) = 0
28639 read(13, "", 16384) = 0
28639 close(13) = 0
28639 write(3, "\315\300.
28639 select(14, [3 7], [3], NULL, NULL) = 1 (out [3])
28639 rt_sigprocmask(
28639 rt_sigprocmask(
28639 write(3, "\202T\
28639 select(14, [3 7], [], NULL, NULL <== the forked sshd expects something from fd 3 or 7 but it never happens