Can we kill the zombie process?

Prashant Lakhera
3 min readJun 23, 2023

🔄 Your Linux processes can be in different states, and depending on the state of the process, you can manage it or not. A specific kind of state for processes is zombie.

🧟‍♂️ What is a Zombie process?

Zombie is a leftover bit of a dead process that hasn’t been cleaned up properly. A zombie is a process that has completed execution through the exit system call, but it’s still in the process table. So from the point of view of the child process that has entered the zombie state, it is done. But from the point of view of the parent, who is responsible for removing the zombie from the process table, it is still there.

🤔 How was the zombie process created?

After the child uses the exit system call, the parent receives a SIGCHLD signal. That triggers the parent to issue the wait system call, which should clean up all zombies . Once the parent has read the exit status via the wait system call, the zombie can be reaped .

Zombies occur naturally, and in most cases, they disappear naturally as well. The switch between the exit system call from the zombie process and the wait system call by the parent, is normally very fast. If you are monitoring what’s happening in ps or top command, you may see a zombie popping up for a second and then disappearing immediately.

👎 Is Zombie always bad?

Zombies do not use any system resources. They do use a PID though, and the maximum number of PIDs is limited.

So if you have too many zombies, you risk running out of PIDs. And that is bad . But if you only have a limited amount of zombie processes, it is best just to do nothing.

How to kill a zombie process?

⚔️ In order to demonstrate a zombie, here is a small code

Compile the code

🔨 $ gcc zombie.c -o zombie

▶️ Execute it

$ ./zombie &

Check the output of ps and you will see a zombie process

$ ps aux|grep -i zombie
plakhera+ 3859 0.0 0.0 4212 356 pts/0 S 23:37 0:00 ./zombie
plakhera+ 3860 0.0 0.0 0 0 pts/0 Z 23:37 0:00 [zombie] <defunct>

🤷 Start with killing the zombie process and then send the SIGCHLD to the parent PID. So kill -s to specify SIGCHLD signal followed by the parent PID may help. But as you can see that didn’t help .

$ kill -s SIGCHLD 3859
$ kill -9 3860
$ ps aux|grep -i zombie
plakhera+ 3859 0.0 0.0 4212 356 pts/0 S 23:37 0:00 ./zombie
plakhera+ 3860 0.0 0.0 0 0 pts/0 Z 23:37 0:00 [zombie] <defunct>

💀Kill the parent process

$ kill -9 3859
[1]+ Killed ./zombie
$ ps aux|grep -i zombie
plakhera+ 4274 0.0 0.0 112812 992 pts/0 S+ 23:40 0:00 grep - color=auto -i zombie

NOTE: Killing the parent process is not always an option. If you do manage to kill the parent process, the zombie will become a child of init, and init does occasionally issue the wait system call. So once the zombie has become a child of init, chances that it’s getting reaped are increasing. The ultimate solution to get rid of all your zombies is to reboot your server, which is again not always an option.

GitHub Code: https://github.com/100daysofdevops/100DaysofDevOpsInterview/tree/main/zombie

If you’re interested in expanding your knowledge of DevOps and exploring related concepts, we invite you to join our vibrant community:
https://www.linkedin.com/groups/14272707/

--

--

Prashant Lakhera

AWS Community Builder, Ex-Redhat, Author, Blogger, YouTuber, RHCA, RHCDS, RHCE, Docker Certified,4XAWS, CCNA, MCP, Certified Jenkins, Terraform Certified, 1XGCP