How to Find and Kill a Zombie Process on Linux


A procedure is known as a Zombie or “dead” procedure when its execution will get finished, however it might nonetheless input into the method desk. Ideally, such processes will have to be got rid of from the method desk after their execution is done. However, because of some explanation why, the mother or father procedure didn’t take away it correctly.

Such “defunct” processes are observed to happen principally for the kid processes. The mother or father procedure reads the go out standing of its kid procedure. It’s achieved by way of the wait() machine name. Once it’s achieved, the zombie procedure will get eradicated. This is known as reaping the zombie procedure.

To have a greater working out of the zombie procedure formation and removing, practice the diagram given underneath.

How Zombie Process State Works

Before going into the zombie procedure state, let’s in short assessment the method states in Linux.

Linux assists in keeping monitor of vulnerabilities and the packages operating for your pc by way of keeping up a procedure desk. In the Linux kernel reminiscence, a procedure desk is made out of an inventory of buildings. Each means of the method desk has its access within the record this is occupied by way of some details about the method. They dangle a pointer to the PCB (procedure keep watch over block), a procedure ID, and a few different information.

The Linux PCB comprises procedure state, procedure quantity, procedure counter, registers, open document record, CPU scheduling data, reminiscence control data, and input-output standing data. There will also be 5 procedure states, and the ones are R, S, D, T, and Z. R is a operating procedure, S denotes a napping procedure, D denotes an uninterruptable sleep state, T is a terminated or stopped procedure, and Z is a zombie procedure.

So, how does a zombie procedure state paintings? In the zombie procedure state, the mother or father calls one wait() serve as throughout the kid procedure introduction. Then it waits for the state exchange to happen within the kid procedure. In case the state exchange the place the kid procedure has stopped, its go out standing code is learn.

After that, the kid procedure’s PCB is destroyed, and the access is cleared. It occurs in no time, and the zombie procedure doesn’t closing lengthy.

What Causes a Zombie Process to Form in Linux

So, what’s the motive at the back of the formation of a zombie procedure in Linux? A not-so-perfect mother or father procedure can’t name the wait() serve as on the time of kid procedure introduction. So, within the kid procedure, not anything watches for state adjustments; because of this, the SIGCHLD sign will get overlooked. A 2nd explanation why may well be, every other utility affected the mother or father procedure execution because of malicious intent or just deficient coding.

By any manner, if the mother or father procedure is not able to view kid procedure state adjustments, the machine home tasks doesn’t occur. Then PCB and the access aren’t cleared whilst the kid procedure ends. As an impact of this, the zombie state isn’t cleared from the PCB.

Facts about Zombie Processes

Some fascinating details about zombie processes come with:

All the machine reminiscence and different sources allotted to a zombie procedure are deallocated whilst it ends the use of the go out() machine name.

But its access within the desk stays to be had.

If the mother or father procedure isn’t operating, the zombie procedure’s presence indicates an running machine malicious program. This may no longer motive a significant factor if there are some zombie processes. But beneath heavier a lot, the presence of zombie processes can create a scarcity of procedure desk entries. We’ll discover the risk of zombie processes on this article’s subsequent segment.

The mother or father procedure reads the go out standing of a zombie procedure the use of the wait() serve as. Then the zombie procedure is eradicated from the machine. After its elimination, the method desk access and the method ID will also be reused.

If the wait() isn’t utilized by the mother or father, the zombie stays within the procedure desk. It creates a useful resource leak.

Sending SIGCHLD sign to a mother or father procedure with the kill command, you’ll be able to take away a zombie procedure from the machine.

If the zombie procedure stays within the procedure desk even after sending the SIGCHLD sign, the mother or father procedure will have to be terminated if appropriate.

Are Zombie Processes Dangerous?

Zombie processes use somewhat little bit of reminiscence, however typically, they don’t pose a risk. The procedure desk access is small, however you’ll be able to’t use its procedure ID till the zombie procedure is launched. On a 64-bit OS, it’s no longer going to create an issue for the reason that PCB is greater than the access of the method desk.

An enormous choice of zombie processes may impact the loose reminiscence to be had for different processes. If you face too many zombies, there’s some severe factor with the running machine malicious program or the mother or father utility. In that case, the rest procedure IDs get monopolized by way of the zombies. If there stay no procedure IDs, different processes are not able to run.

How to Find and Kill a Zombie Process

To kill the zombie procedure, to start with, to find it out. Use the code given underneath to spot zombie processes.

$ playstation aux | egrep “Z|defunct”

Z used within the STAT column and/or [defunct] used within the closing output column would establish a zombie procedure.

Actually, you’ll be able to’t kill zombie processes as they’re already useless. All you’ll be able to do is, notifying its mother or father procedure in order that it might once more attempt to learn the standing of the kid procedure, which has now turn out to be a zombie procedure, and in the end, the useless procedure will get wiped clean from the method desk. Use the next command to determine the mother or father procedure ID.

$ playstation -o ppid=

Once you get the mother or father procedure ID of the zombie, ship a SIGCHLD to the mother or father procedure.

$ kill -s SIGCHLD

In case this doesn’t paintings in disposing of the zombie procedure from the method desk, you want to restart or kill its mother or father procedure. To kill the zombie’s mother or father procedure, use the next code.

Side Note: Once you kill a mother or father procedure, its kid processes get affected. So it’s really useful to head thru a snappy double-check. It’ll mean you can to be protected.

If there’s an enormous surge within the present zombie processes, leading to or heading in opposition to a machine outage, it’s important to do a machine reboot. Alternatively, think a small choice of zombie processes aren’t the use of a lot reminiscence or machine sources. In that case, it’s sensible to reboot or kill its mother or father procedure within the upcoming scheduled machine upkeep.


In this newsletter, you’ve got realized find out how to to find and kill a zombie procedure on Linux. Now you recognize what a zombie procedure is, find out how to establish a zombie procedure on Linux and get it got rid of from the method desk. We have additionally explored the method states in short and the way a zombie procedure state works.

So the realization is, zombies aren’t unhealthy so far as they’ve been wiped clean and maintained in a well timed type. Hope you to find this write-up helpful, and it supplies solutions on your questions associated with the zombie processes on Linux.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More