Showing posts with label ps. Show all posts
Showing posts with label ps. Show all posts

Tuesday, November 7, 2017

How to kill defunct or zombie process in linux?


"defunct" processes is also known as a "zombie" processes. A Zombie process is referred as dead process which is receding on your system though it’s completed executing. In one shot we can say it’s a dead processes which is still in RAM. This process will be in your process table and consuming your memory. Having more defunct process will consume your memory which intern slows your system. We have to kill the defunct process in order to free RAM and make system stable.

What is a zombie process?
When a process finishes execution, it will have an exit status to report to its parent process. Because of this last little bit of information, the process will remain in the operating system’s process table as a zombie process, indicating that it is not to be scheduled for further execution, but that it cannot be completely removed (and its process ID cannot be reused) until it has been determined that the exit status is no longer needed.

When a child exits, the parent process will receive a SIGCHLD signal to indicate that one of its children has finished executing; the parent process will typically call the wait() system call at this point. That call will provide the parent with the child’s exit status, and will cause the child to be reaped, or removed from the process table.

Why defunct process are created?
Ans : When ever a process ends all the memory used by that process are cleared and assigned to new process but due to programming errors/bugs some processes are still left in process table. These are created when there is no proper communication between parent process and child proces

How do I remove zombie processes from a system?
Well, first you can wait. It’s possible that the parent process is intentionally leaving the process in a zombie state to ensure that future children that it may create will not receive the same pid. Or perhaps the parent is occupied, and will reap the child process momentarily.
Secondly, you can send a SIGCHLD signal to the parent (“kill -s SIGCHLD <ppid>“). This will cause well-behaving parents to reap their zombie children.
Finally, you can kill the parent process of the zombie. At that point, all of the parent’s children will be adopted by the init process (pid 1), which periodically runs wait() to reap any zombie children. Then system need reboot to kill zombie process.

Interview questions & answers

1. How to find a defunct process?
Ans : Using ps command
#ps -ef | grep defunct


Run “ps aux” and look for a Z in the STAT column.

ps aux | awk '"[Zz]" ~ $8 { printf("%s, PID = %d\n", $8, $2); }'

2. How can I kill a defunct process?
Ans : Just use kill command
#kill defunct-pid

3. Still not able to kill?
Ans : Then use kill -9 to force kill that process
#kill -9 defunct-pid

4. Still have an issue in killing it?
Ans : Then try to kill it’s parent id and then defunct.

#kill parent-id-of-defunct-pid


#kill -9 parent-id-of-defunct-pid

5. Still having defunct?
Ans : If you still find defunct process eating up RAM then last and final solution is to reboot your machine(This is not preferred on production boxes).

6.What is orphan process?
Ans : An orphan process is said to be a process which runs through parent process is terminated, these process do not know what to do and when to terminate.

7. What is difference between orphan and defunct processes?
Ans : A defunct process is a dead process where there is no execution happening whereas orphan process is a live process which is still in execution state but don't have parent process

Wednesday, May 24, 2017

how to find number of threads in a process on linux ?

The proc pseudo file system, which resides in /proc directory, is the easiest way to see the thread count of any active process. The /proc directory exports in the form of readable text files a wealth of information related to existing processes and system hardware such as CPU, interrupts, memory, disk, etc.

cat /proc/<pid>/status
The proc pseudo file system, which resides in /proc directory, is the easiest way to see the thread count of any active process. The /proc directory exports in the form of readable text files a wealth of information related to existing processes and system hardware such as CPU, interrupts, memory, disk, etc.
Threads: <N>
For example Find the pid of the google chrome and find the each process using how many Threads. ps -ef | grep chrome
root      28168 20969  1 15:45 ?        00:00:17 /opt/google/chrome/chrome

Where 28168 is pid of google chrmoe.

Or pidof chrome

Example : cat /proc/28168/status
Name: chrome
State:   S (sleeping)
Tgid:    28168
Ngid:    0
Pid:      28168
PPid:    20969
TracerPid:       0
Uid:      1000    1000    1000    1000
Gid:      1000    1000    1000    1000
FDSize: 256
Groups:            4 24 27 30 46 108 124 128 1000
NStgid: 28168  12008  1
NSpid:  28168  12008  1
NSpgid:            3938    0          0
NSsid:  3938    0          0
VmPeak:          1087572 kB
VmSize:           1028908 kB
VmLck:                   0 kB
VmPin:        0 kB
VmHWM:          311332 kB
VmRSS:              212288 kB
VmData:            606664 kB
VmStk:      136 kB
VmExe:              109204 kB
VmLib:    45784 kB
VmPTE:                1676 kB
VmPMD:               620 kB
VmSwap:             8520 kB
HugetlbPages:        0 kB
Threads:          15
SigQ:    0/15451
SigPnd:            0000000000000000
ShdPnd:           0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000001002
SigCgt: 00000001c0014efd
CapInh:            0000000000000000
CapPrm:          0000000000000000
CapEff:            0000000000000000
CapBnd:           0000003fffffffff
CapAmb:         0000000000000000
Seccomp:         2
Cpus_allowed: 3
Cpus_allowed_list:      0-1
Mems_allowed:          00000000,00000001
Mems_allowed_list:   0
voluntary_ctxt_switches:        32357
nonvoluntary_ctxt_switches:  18926

Or cat /proc/28168/status | grep Threads
Threads:          15

Method 2: Using ls command

ls /proc/<pid>/task | wc -l

This is because, for every thread created within a process, there is a corresponding directory created in /proc/<pid>/task, named with its thread ID. Thus the total number of directories in /proc/<pid>/task represents the number of threads in the process.

Example: ls /proc/28168/task/ | wc -l

Method 3: Using ps command

ps huH p <PID_OF_U_PROCESS> | wc -l
Example : ps huH p 28168 | wc -l
Method 4:

Syntax: ps -eT | grep <PID_of_process> | wc -l

Example : ps -eT | grep 28168 | wc -l

how to find which process is using highest memory(RAM) in linux ?

If you are running out of RAM on your Linux system, you will want to find the culprit in order to solve the problem, either by reconfiguring the RAM-hungry application or by stopping it.

Method 1:

ps aux | awk '{print $2, $4, $11}' | sort -k2rn | head -n 20
Example : ps aux | awk '{print $2, $4, $11}' | sort -k2rn | head -n 20
1551 12.7 /opt/google/chrome/chrome
21268 11.1 /opt/google/chrome/chrome
2068 7.1 /opt/google/chrome/chrome
21416 6.4 /opt/google/chrome/chrome
28168 6.2 /opt/google/chrome/chrome
21564 5.8 /opt/google/chrome/chrome
26696 5.5 /opt/google/chrome/chrome
20802 5.2 /opt/google/chrome/chrome
14806 4.9 /opt/google/chrome/chrome
2223 4.8 /opt/google/chrome/chrome
4134 4.5 compiz
17267 3.7 /opt/google/chrome/chrome
21231 3.1 /opt/google/chrome/chrome
28135 2.4 /opt/google/chrome/chrome
21025 2.2 /opt/google/chrome/chrome
4369 2.0 /usr/lib/x86_64-linux-gnu/zeitgeist-fts
17330 1.5 /opt/google/chrome/chrome
21126 1.4 /opt/google/chrome/chrome
1324 1.1 /usr/lib/policykit-1/polkitd
3932 1.0 /usr/lib/x86_64-linux-gnu/hud/hud-service

Method 2:
Show the processes memory in megabytes and the process path.

ps aux | awk '{print $6/1024 " MB\t\t" $11}' | sort -n
Method 3:

ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head

Example: ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head
  PID  PPID CMD                         %MEM %CPU
26696 20969 /opt/google/chrome/chrome - 21.6  1.8
 1551 20969 /opt/google/chrome/chrome -  9.2  0.5
21268 20969 /opt/google/chrome/chrome -  9.0  1.4
 2068 20969 /opt/google/chrome/chrome -  6.2  3.7
28168 20969 /opt/google/chrome/chrome -  5.0  1.1
20802  3680 /opt/google/chrome/chrome    4.8  3.9
21564 20969 /opt/google/chrome/chrome -  4.2  0.9
 2223 20969 /opt/google/chrome/chrome -  4.0  5.1
 4134  3938 compiz                       3.8  2.3

Where    pid is Process Id
                Ppid is Parent Process Pid
               %mem is Memory usage
                %cpu is CPU usage