Tuesday, November 7, 2017

How to kill defunct or zombie process in linux?


"defunct" processes is also known as a "zombie" processes. A Zombie process is referred as dead process which is receding on your system though it’s completed executing. In one shot we can say it’s a dead processes which is still in RAM. This process will be in your process table and consuming your memory. Having more defunct process will consume your memory which intern slows your system. We have to kill the defunct process in order to free RAM and make system stable.

What is a zombie process?
When a process finishes execution, it will have an exit status to report to its parent process. Because of this last little bit of information, the process will remain in the operating system’s process table as a zombie process, indicating that it is not to be scheduled for further execution, but that it cannot be completely removed (and its process ID cannot be reused) until it has been determined that the exit status is no longer needed.

When a child exits, the parent process will receive a SIGCHLD signal to indicate that one of its children has finished executing; the parent process will typically call the wait() system call at this point. That call will provide the parent with the child’s exit status, and will cause the child to be reaped, or removed from the process table.

Why defunct process are created?
Ans : When ever a process ends all the memory used by that process are cleared and assigned to new process but due to programming errors/bugs some processes are still left in process table. These are created when there is no proper communication between parent process and child proces

How do I remove zombie processes from a system?
Well, first you can wait. It’s possible that the parent process is intentionally leaving the process in a zombie state to ensure that future children that it may create will not receive the same pid. Or perhaps the parent is occupied, and will reap the child process momentarily.
Secondly, you can send a SIGCHLD signal to the parent (“kill -s SIGCHLD <ppid>“). This will cause well-behaving parents to reap their zombie children.
Finally, you can kill the parent process of the zombie. At that point, all of the parent’s children will be adopted by the init process (pid 1), which periodically runs wait() to reap any zombie children. Then system need reboot to kill zombie process.

Interview questions & answers

1. How to find a defunct process?
Ans : Using ps command
#ps -ef | grep defunct


Run “ps aux” and look for a Z in the STAT column.

ps aux | awk '"[Zz]" ~ $8 { printf("%s, PID = %d\n", $8, $2); }'

2. How can I kill a defunct process?
Ans : Just use kill command
#kill defunct-pid

3. Still not able to kill?
Ans : Then use kill -9 to force kill that process
#kill -9 defunct-pid

4. Still have an issue in killing it?
Ans : Then try to kill it’s parent id and then defunct.

#kill parent-id-of-defunct-pid


#kill -9 parent-id-of-defunct-pid

5. Still having defunct?
Ans : If you still find defunct process eating up RAM then last and final solution is to reboot your machine(This is not preferred on production boxes).

6.What is orphan process?
Ans : An orphan process is said to be a process which runs through parent process is terminated, these process do not know what to do and when to terminate.

7. What is difference between orphan and defunct processes?
Ans : A defunct process is a dead process where there is no execution happening whereas orphan process is a live process which is still in execution state but don't have parent process

Monday, October 16, 2017

How to check which libraries are used by a program or process on Linux ?

Check shared library dependencies of a program executable

To find out what libraries a particular executable depends on, you can use ldd command. This command invokes dynamic linker to find out library dependencies of an executable.

ldd /path/to/program


[ram@linuxforfreshers.com]$ldd /usr/bin/ssh
            linux-vdso.so.1 =>  (0x00007ffe099dc000)
            libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f578f64a000)
            libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f578f26e000)
            libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f578f069000)
            libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f578ee50000)
            libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f578ec35000)
            libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f578e9ed000)
            libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f578e628000)
            libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f578e3ea000)
            /lib64/ld-linux-x86-64.so.2 (0x000055f5ccd53000)
            libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f578e11e000)
            libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f578deef000)
            libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f578dceb000)
            libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f578dadf000)
            libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007f578d8db000)
            libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f578d6bc000)

Note that it is NOT recommended to run ldd with any untrusted third-party executable because some versions of ldd may directly invoke the executable to identify its library dependencies, which can be security risk.
Instead, a safer way to show library dependencies of an unknown application binary is to use the following command.


objdump -p /path/to/program


[ram@linuxforfreshers.com]$objdump -p /usr/bin/ssh | grep NEEDED
  NEEDED               libselinux.so.1
  NEEDED               libcrypto.so.1.0.0
  NEEDED               libdl.so.2
  NEEDED               libz.so.1
  NEEDED               libresolv.so.2
  NEEDED               libgssapi_krb5.so.2
  NEEDED               libc.so.6

Check shared library dependencies of a running process

If you want to find out what shared libraries are loaded by a running process, you can use pldd command, which shows all shared objects loaded into a process at run-time.

sudo pmap <PID>

Method 2: Using lsof


 lsof -P -T -p Application_PID

Friday, September 8, 2017

How to install tcsh or csh shell on a Debian or Ubuntu Linux ?

Cshell is a shell (command interpreter) with C-like syntax.

csh is a command language interpreter incorporating a history mechanism , job control facilities , interactive file name and user name completion, and a C-like syntax. It is used both as an interactive login shell and a shell script command processor. tcsh is an enhanced but completely compatible version of the Berkeley UNIX C shell.

"tcsh" advantages

   - The ability to use multiline aliases and exec statements in a reliable and consistent way.                          (Hense "sh" scripts can be  re-written as tcsh scripts with aliases instead of functions.)
   - "tcsh" is the same on all machines.  For "csh" I typically  have to modify scripts for different machines.  [example: HP-UX  "set nonomatch" needs to be replaced by "set nonomatch = ()"] 
   - source code is freely available
   - PWD and other common environmental variables are always defined. With "csh" this depends on the machine.

In most cases csh / tcsh is installed by default. All you have to do is type shell name to start using it:

$ csh

$ tcsh

Install csh / tcsh

In case csh is not installed, type the following command at shell prompt as per your Linux distro / version.

Install it on Debian/Ubuntu/Mint Linux

$ sudo apt-get install csh

Install it on CentOS/RHEL

# yum install tcsh

Install it on Fedora Linux

$ sudo dnf install tcsh
Set csh as default login shell
To make csh as default login shell, type the following command:
$ which tcsh
$ which csh
Sample output:
Note down the /bin/csh or /bin/tcsh path. To change the shell simply type
$ chsh
$ chsh -s /bin/csh

Thursday, September 7, 2017

How do I display the list of loaded Linux Kernel modules or device drivers on Linux ?

You need to use lsmod program which show the status of loaded modules in the Linux Kernel. Linux kernel use a term modules for all hardware device drivers.Please note that lsmod is a trivial program which nicely formats the contents of the /proc/modules, showing what kernel modules are currently loaded.

List or display loaded modules

Method 1: less /proc/modules


ram@linuxforfreshers.com#less /proc/modules
uas 24576 0 - Live 0x0000000000000000
usb_storage 69632 1 uas, Live 0x0000000000000000
bridge 126976 0 - Live 0x0000000000000000
stp 16384 1 bridge, Live 0x0000000000000000
llc 16384 2 bridge,stp, Live 0x0000000000000000
xt_CHECKSUM 16384 3 - Live 0x0000000000000000
ipt_MASQUERADE 16384 9 - Live 0x0000000000000000
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE, Live 0x0000000000000000
ebtable_nat 16384 0 - Live 0x0000000000000000
ebtables 36864 1 ebtable_nat, Live 0x0000000000000000
nf_log_ipv4 16384 0 - Live 0x0000000000000000
nf_log_common 16384 1 nf_log_ipv4, Live 0x0000000000000000
xt_tcpudp 16384 13 - Live 0x0000000000000000
ip6table_mangle 16384 0 - Live 0x0000000000000000
iptable_nat 16384 1 - Live 0x0000000000000000
nf_conntrack_ipv4 16384 3 - Live 0x0000000000000000

Method 2: lsmod


ram@linuxforfreshers.com# lsmod  | tail -10
hid_generic            16384  0
usbhid                 49152  0
psmouse               126976  0
hid                   118784  2 hid_generic,usbhid
pata_acpi              16384  0
floppy                 73728  0
fjes                   28672  0
e1000e                233472  0
ptp                    20480  1 e1000e
pps_core               20480  1 ptp

Finding more info about any module or driver

Using Modinfo

Syntax: modinfo driver-Name-Here


ram@linuxforfreshers.com#modinfo e1000e
filename:       /lib/modules/4.4.0-59-generic/kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko
version:        3.2.6-k
license:        GPL
description:    Intel(R) PRO/1000 Network Driver
author:         Intel Corporation, <linux.nics@intel.com>
srcversion:     8D9E9AFD67E40CA48E61582
alias:          pci:v00008086d000015D6sv*sd*bc*sc*i*
alias:          pci:v00008086d000015E3sv*sd*bc*sc*i*
alias:          pci:v00008086d000015D8sv*sd*bc*sc*i*
alias:          pci:v00008086d000015D7sv*sd*bc*sc*i*
alias:          pci:v00008086d000015B9sv*sd*bc*sc*i*
alias:          pci:v00008086d000015B8sv*sd*bc*sc*i*
alias:          pci:v00008086d000015B7sv*sd*bc*sc*i*
alias:          pci:v00008086d00001570sv*sd*bc*sc*i*
alias:          pci:v00008086d0000156Fsv*sd*bc*sc*i*
alias:          pci:v00008086d000015A3sv*sd*bc*sc*i*
alias:          pci:v00008086d000015A2sv*sd*bc*sc*i*
alias:          pci:v00008086d000015A1sv*sd*bc*sc*i*
alias:          pci:v00008086d000015A0sv*sd*bc*sc*i*
alias:          pci:v00008086d00001559sv*sd*bc*sc*i*
alias:          pci:v00008086d0000155Asv*sd*bc*sc*i*
alias:          pci:v00008086d0000153Bsv*sd*bc*sc*i*
alias:          pci:v00008086d0000153Asv*sd*bc*sc*i*
alias:          pci:v00008086d00001503sv*sd*bc*sc*i*
alias:          pci:v00008086d00001502sv*sd*bc*sc*i*
alias:          pci:v00008086d000010F0sv*sd*bc*sc*i*
alias:          pci:v00008086d000010EFsv*sd*bc*sc*i*
alias:          pci:v00008086d000010EBsv*sd*bc*sc*i*
alias:          pci:v00008086d000010EAsv*sd*bc*sc*i*
alias:          pci:v00008086d00001525sv*sd*bc*sc*i*
alias:          pci:v00008086d000010DFsv*sd*bc*sc*i*
alias:          pci:v00008086d000010DEsv*sd*bc*sc*i*
alias:          pci:v00008086d000010CEsv*sd*bc*sc*i*
alias:          pci:v00008086d000010CDsv*sd*bc*sc*i*
alias:          pci:v00008086d000010CCsv*sd*bc*sc*i*
alias:          pci:v00008086d000010CBsv*sd*bc*sc*i*
alias:          pci:v00008086d000010F5sv*sd*bc*sc*i*
alias:          pci:v00008086d000010BFsv*sd*bc*sc*i*
alias:          pci:v00008086d000010E5sv*sd*bc*sc*i*
alias:          pci:v00008086d0000294Csv*sd*bc*sc*i*
alias:          pci:v00008086d000010BDsv*sd*bc*sc*i*
alias:          pci:v00008086d000010C3sv*sd*bc*sc*i*
alias:          pci:v00008086d000010C2sv*sd*bc*sc*i*
alias:          pci:v00008086d000010C0sv*sd*bc*sc*i*
alias:          pci:v00008086d00001501sv*sd*bc*sc*i*
alias:          pci:v00008086d00001049sv*sd*bc*sc*i*
alias:          pci:v00008086d0000104Dsv*sd*bc*sc*i*
alias:          pci:v00008086d0000104Bsv*sd*bc*sc*i*
alias:          pci:v00008086d0000104Asv*sd*bc*sc*i*
alias:          pci:v00008086d000010C4sv*sd*bc*sc*i*
alias:          pci:v00008086d000010C5sv*sd*bc*sc*i*
alias:          pci:v00008086d0000104Csv*sd*bc*sc*i*
alias:          pci:v00008086d000010BBsv*sd*bc*sc*i*
alias:          pci:v00008086d00001098sv*sd*bc*sc*i*
alias:          pci:v00008086d000010BAsv*sd*bc*sc*i*
alias:          pci:v00008086d00001096sv*sd*bc*sc*i*
alias:          pci:v00008086d0000150Csv*sd*bc*sc*i*
alias:          pci:v00008086d000010F6sv*sd*bc*sc*i*
alias:          pci:v00008086d000010D3sv*sd*bc*sc*i*
alias:          pci:v00008086d0000109Asv*sd*bc*sc*i*
alias:          pci:v00008086d0000108Csv*sd*bc*sc*i*
alias:          pci:v00008086d0000108Bsv*sd*bc*sc*i*
alias:          pci:v00008086d0000107Fsv*sd*bc*sc*i*
alias:          pci:v00008086d0000107Esv*sd*bc*sc*i*
alias:          pci:v00008086d0000107Dsv*sd*bc*sc*i*
alias:          pci:v00008086d000010B9sv*sd*bc*sc*i*
alias:          pci:v00008086d000010D5sv*sd*bc*sc*i*
alias:          pci:v00008086d000010DAsv*sd*bc*sc*i*
alias:          pci:v00008086d000010D9sv*sd*bc*sc*i*
alias:          pci:v00008086d00001060sv*sd*bc*sc*i*
alias:          pci:v00008086d000010A5sv*sd*bc*sc*i*
alias:          pci:v00008086d000010BCsv*sd*bc*sc*i*
alias:          pci:v00008086d000010A4sv*sd*bc*sc*i*
alias:          pci:v00008086d0000105Fsv*sd*bc*sc*i*
alias:          pci:v00008086d0000105Esv*sd*bc*sc*i*
depends:        ptp
intree:         Y
vermagic:       4.4.0-59-generic SMP mod_unload modversions
parm:           debug:Debug level (0=none,...,16=all) (int)
parm:           copybreak:Maximum size of packet that is copied to a new buffer on receive (uint)
parm:           TxIntDelay:Transmit Interrupt Delay (array of int)
parm:           TxAbsIntDelay:Transmit Absolute Interrupt Delay (array of int)
parm:           RxIntDelay:Receive Interrupt Delay (array of int)
parm:           RxAbsIntDelay:Receive Absolute Interrupt Delay (array of int)
parm:           InterruptThrottleRate:Interrupt Throttling Rate (array of int)
parm:           IntMode:Interrupt Mode (array of int)
parm:           SmartPowerDownEnable:Enable PHY smart power down (array of int)
parm:           KumeranLockLoss:Enable Kumeran lock loss workaround (array of int)
parm:           WriteProtectNVM:Write-protect NVM [WARNING: disabling this can lead to corrupted NVM] (array of int)
parm:           CrcStripping:Enable CRC Stripping, disable if your BMC needs the CRC (array of int)

Method 3:

Using following command to find list of installed drivers.

ls -l /lib/modules/$(uname -r)/kernel/drivers/


ram@linuxforfreshers.com#ls  /lib/modules/$(uname -r)/kernel/drivers/ | tail -10

What is the standard directory for driver files are stored?

Using following command u can get standard Directory for Driver files are stored.

echo "Kernel drivers dir: \"/lib/modules/$(uname -r)/kernel/drivers/\" \ for Linux kernel version \"$(uname -r)\" "


ram@linuxforfreshers.com#echo "Kernel drivers dir: \"/lib/modules/$(uname -r)/kernel/drivers/\" \ for Linux kernel version \"$(uname -r)\" "
Kernel drivers dir: "/lib/modules/4.4.0-59-generic/kernel/drivers/" \ for Linux kernel version "4.4.0-59-generic"