What is a zombie?

A zombie process is simply a process that has exited but its parent has not yet read the processes exit code. Since the process has exited it does not have any open files or uses any memory in fact the only resources it is using is a entry in the task list. So in most Linux systems will mean that it is using around 4k-8k of memory.

Until the parent process reads the exit code the zombie will exist. Typically this points to a software bug in the parent process or an issue that caused the child (which is now the zombie) to exit unexpectedly. Which would also point to a bug or issue in the program. In either case the parent process should have actually dealt with the error an acted on it to read the exit status of the process which will clean up the zombie process and allow it to exit.

Why is there any issue?

Since the program isn't really using any resources it really doesn't cause any issues. However if you have a lot of zombie's being generated inside a system due to a bug in the software it will cause an issue because it is still running as a process and sooner or later you will hit the limit of the maximum number of processes permitted to run in the system. If this limit is reached you will not be able to start any more processes. This means you won't be able to run commands from the command line any more.

Why does kill now work on the zombie process?

Kill simply does not work on a zombie process since it is in fact already "dead"

How to kill it?

Since the issue really exists in the parent process the solution is to remove the parent process either by killing it or shutting it down. This will cause the child "zombie" processes to get a new parent process which will be the parent of the parent.

If you are working in a complex system you may need to kill several parent process in order to eliminate the zombies until the zombies get a parent process that will read the exit code from the processes which will cause the zombie process to be remove.

Hint: if you use the command "ps axfu" the "f" in the argument list will print the output as a tree which will make finding the parent somewhat simpler.

This is a short guide to get ssh to work on debian. So this should also work with some other linux varients like ubuntu. It can be a very useful tool to be able to access your home directory from a 2nd linux machine or from your raspberry pi. I have been using it so that you can run your normal powerful code editors which the raspberry pi does not have enough resources to run them fast enough.

To Install / Setup

sudo apt-get install sshfs 

sudo addgroup $USER fuse

Note: You don't need to add your self to the fuse ground. But it is required if you want to be able to mount / umount the filesystem without root permissions.

To Use

mkdir Raspberry

sshfs <username>@<ip address>:/home/<username>/Raspberry  -o uid=1001,gid=1002 Raspberry

Note: in the above you should change the uid and gid to your user id and group id. You can look thoose up in the /etc/passwd and /etc/group files on the machine that you are mounting the remote filesystem on.

To unmount

fusermount -u /home/james/Raspberry/

Another useful tip is that it will also work with ssh key authentication so that you do not even require a password or so that you can have it configured to automount on boot using the crontab.

If you are tired of typing your password all the time and want to be able to sudo without using a password you can modify the sudo configuration so that you can always execute a command as root without a password.

Method 1 - For a single user

Edit the /etc/sudoers configuration file.

Add a line like this replacing the <username> with the correct user of course

<username> ALL=(ALL) NOPASSWORD: ALL

Method 2 - For multiple users

Create a new group on the system eg sudo or sudoers nu using the following command

groupadd <groupname>

Then add the usernames you want it to work for by using the following command

addgroup <usernames> <groupname>

Edit the /etc/sudoers configuration file and add the group to not use a password.

%<groupname> ALL=(ALL) NOPASSWORD: ALL

The above should work on debian and should only be used for trusted users as you have just given them root access without a password so some care should be taken!

Here is a few methods for killing tasks for a specific user in linux which may be required during account deletion or because somebody has managed to be an idiot and locked himself out with a fork bomb or some such.

The simple method is to use the utility called 'slay' which for debian / unbuntu and most other distrobutions is avilable if its not install you can install it using 'apt-get install slay'

It is very simple to use. Just running the command slay <username> and it will kill all of that users processes.

The other method to use when slay is not avilable is a combination of ps and kill. You can use the following command

kill -TERM `ps h --User nobody -o pid`

Understanding the above can other advantages as well because you can switch out the --User for --Group and kill processes by group id as well as for a specific user.

The gnu debugger (gdb) is probably the best tool for looking into core files. It also isn't overly complex to use to get some basic starting information. So this is a quick guide to getting some debug information eg variable's and stack traces from a core dump which is formed when an application crashes in linux.

If an application crashes and doesn't produce a core file it is probably because of the limit settings you can check and enable core dumps by using the following "ulimit -c" if it outputs a 0 it will not produce a core. You can use "ulimit -c unlimited" to make the core dump file size unlimited. Be aware though that if you have a lot of crashes it can use a significant amount of disk space.

Let start with finding out what made a core file in the first place. In order to debug it at all you need to know exactly what program crashed. You can determin this using the following command.

cat core |strings |grep -E '^_='
_=./willcore.exe

In this case the "./willcore.exe" made the core dump. Another way to find out what core'd is to use gdb. The example is below

gdb --core core

Core was generated by `./willcore.exe'.
Program terminated with signal 11, Segmentation fault.
#0  0x080483d4 in ?? ()
(gdb)

Something to notice at this point is that is shows where the last execution point was. In this case it was running at memory location 0x080483d4. However since there are no debugging symbols loaded in gdb yet it shows ?? because it cannot translate the raw address to a function.

You can get gdb to load the executable and debugging symbols (assuming they are compiled into the executable) using the "file" command. I have also added the "bt" command to produce a back trace so show the execution stack.

(gdb) file ./willcore.exe
Reading symbols from /home/james/CVS-Root/linux/misc/willcore.exe...done.
(gdb) bt
#0  0x080483d4 in main (argc=1, argv=0xbf877ef4) at willcore.c:8

In the example above the symbols now resolve and will show a lot more information. If they do not show after loading the executable into gdb it will be a problem with debugging symbols. You will need to go and compile the program with debugging switched on eg the "-ggdb" flag in gcc and g++.

Now that things are loaded you can move between stack frame's using "frame <number>" where number is the part beside the # in the stack output and you can also print and inspect other parts of memory as well as list the source code from the program assuming the source still exists in the original location that it was compiled from.

(gdb) p argc
$1 = 1
(gdb) p argv[0]
$2 = 0xbf87988c "./willcore.exe"
(gdb) p argv[1]
$3 = 0x0
(gdb) list
1
2
3       #include <stdio.h>
4
5       int main(int argc, char **argv) {
6               char *tmp = 0;
7
8               *tmp = '0';
9
10
(gdb) p tmp
$4 = 0x0

Note: the above example shows how to produce a core file by dereferencing a null pointer in c which in its self can be useful to fore a core dump which is what I used for this tutorial.

As a final example the following will dump all the stacks from all threads that were running in a process at the time it crashed. Though in the sample program there only is one thread. In a large application this could provide several pages of output.

(gdb) thread apply all bt

Thread 1 (Thread 12519):
#0  0x080483d4 in main (argc=1, argv=0xbf877ef4) at willcore.c:8
(gdb)