What are Zombie processes and how get rid of them?

You may have seen zombie processes shambling around your processes list. A Zombie process is called as such because it’s already dead. You know... ZOMBIE.

What are Zombie processes and how get rid of them?
Image credit: Unknown. Please contact us if you are the owner.

Zombies are basically the leftover bits of dead processes that haven’t been cleaned up properly. A program that creates zombie processes isn’t programmed properly — programs aren’t supposed to let zombie processes stick around.

What is a Zombie Process

Also known as defunct or dead processes are processes that have completed their execution, but their entries are not removed from the process table.

Process States

See; Linux maintains a process table of all the processes running, along with their states. Let’s briefly overview the various process states:

Running (R): These processes are currently running or runnable.
Waiting (S/D): These are the processes that are waiting for an event or a resource. The wait can either be an interruptible sleep (S) or an uninterruptible sleep (D).
Stopped (T): We can stop a Linux process by sending an appropriate signal.
Zombie (Z): When a process finishes its task, it releases the system resources it was using and cleans up its memory. However, its entry from the process table is not removed, and its status is set as EXIT_ZOMBIE.

How do they get created

Whenever the process completes its execution, it exits and notifies its parent process that its child has died by sending the SIGCHLD signal.

At this time, The parent then executes the wait() system call to read the status of the child process and reads its exit code. This has the effect to clean up the entry of the child process from the process table, and hence, the process finishes.

However, if a parent process isn’t programmed to execute the wait() system call on the creation of the child process, proper cleanup doesn’t happen. In such cases, the parent process cannot monitor the state changes of the child processes, and eventually, it ignores the SIGCHLD signal. This in turn keeps the dead child process in the memory & process table.

Another case of interest is when a parent process is unable to handle or receive the SIGCHLD signal from the child process. Such cases also lead to zombie creation.

Are they Dangerous?

Zombie processes don’t use up any system resources. (Actually, each one uses a very tiny amount of system memory to store its process descriptor.) However, each zombie process retains its process ID (PID). Linux systems have a finite number of process IDs — 32767 by default on 32-bit systems. If zombies are accumulating at a very quick rate — for example, if improperly programmed server software is creating zombie processes under load — the entire pool of available PIDs will eventually become assigned to zombie processes, preventing other processes from launching.

A few zombie processes hanging around are no problem — although they do indicate a bug with their parent process on your system.

Identify Zombie Processes

We can identify the list of zombies using the ps command and some few -options well as as grep

$ ps axo stat,ppid,pid,comm | grep -w defunct

So; let's brake it down.

ps - report a snapshot of the current processes.
a - select all processes except both session leaders and processes not associated with a terminal.
x - this option causes ps to list all processes owned by you, or to list all processes when used together with the option.
o - format is a single argument in the form of a blank-separated or comma-separated list, This lists the (stat,ppid,pid,comm) of zombie processes.

we pipe (|) all that to grep which will search for lines containing defunct.

$ ps axo stat,ppid,pid,comm | grep -w defunct
Zs    344975  544046 monitoring_temp <defunct>
ZN   2403819 2412287 postqueue <defunct>

Here, 344975 is the Parent Process ID, of our defunct Process ID with 544046.

PID; is a unique number that identifies every process running in the kernel. It starts at 1, which is assigned to systemd (or init on older Linux distributions).

PPID stands for Parent Process Identifier, which means Parent Process is responsible for creating the current process (Child Process). Through Parent Process, the child process is created.

Killing the Parent Process

There are two ways this can be done.

Sending a SIGCHLD signal to the parent process using the kill command:

$ sudo kill -s SIGCHLD 344975

However, it isn’t really guaranteed that sending the SIGCHLD signal to the parent will kill a zombie process. It works only in cases where parent processes can handle the SIGCHLD signals.

Killing the Parent Process

If the previous method failed to clear the defunct process, we should consider killing its parent process as such:

$ sudo kill -9 344975

Zombie processes aren’t processes; they’re the remnants of dead processes that their parent process hasn’t correctly cleaned up. However, if you notice that a particular application or process is constantly spawning zombies, you should investigate further. Most likely, it’s just a poorly written program; in that case, maybe there’s an updated version that cleans up after its child processes properly.

Keep Us Caffeinated  ⦿ ⦿