Zombie process. Not everyone has heard of this interesting yet scary word related to the Linux operating system. On a personal computer, zombie processes might not be a threat to a regular user, but when it comes to Linux servers, these processes must be identified and stopped.

Such processes can cause problems with your system's process table and in turn, tamper with the proper functioning of your machine. Therefore, in this article, we will discuss zombie processes in detail, along with a comprehensive guide on finding and killing zombie processes on a Linux machine.

What Are Zombie Processes?

But before all that, it is important that you know what zombie processes really are. These are nothing but dead and defunct processes that occupy space on the system process table. A process control block or PCB is a data structure that stores details associated with individual processes running on your system.

The process table consists of the process ID, a link to the PCB, and other useful information related to the process. Zombie processes have their own process IDs and memory management information. Since the Linux OS has a limited number of process IDs available, other processes can't use the PIDs until the zombie process stops.

Although one or two zombie processes won't cause any disruption or performance issues on your computer, a large number of such processes can harm your system's workflow by flooding the process table and the resources.

What Causes Zombie Processes on Linux?

To understand the underlying cause of a zombie process in detail, you'll have to learn how processes start and stop in Linux. The Linux operating system monitors all the running processes and daemons on a computer. The process table is a list of structures that contains all the processes that are currently running on your machine.

Each process entry in the process table consists of a link to the process control block of that specific process. The PCB stores the details associated with that particular process. These details include:

  1. Process state: The current state of the process
  2. Process number: A unique number used to identify the process
  3. Program counter: Contains information related to the next instruction
  4. Registers: List of all the CPU registers used by the process
  5. Open file list: Files used by the process
  6. CPU scheduling information: Contains information associated with the CPU time and resources allocated to the process
  7. Memory management information: Includes details on the amount of memory used by the process
  8. I/O information: List of input or output devices utilized by the process

Linux uses the following process states to describe all its processes.

  • R: Running process
  • S: Sleeping process
  • D: Uninterruptable sleeping process
  • T: Terminated process
  • Z: Zombie process

Whenever a process completes the task assigned, its process state is set as Zombie or Z. Every process has a parent process that calls a family of functions named wait() that waits for the state change of a process. For example, if the process state changes from Running to Zombie, the wait() method will be triggered.

The wait() method usually deletes the process control block related to that zombie process and then removes the entry of that process from the process table.

But sometimes, due to the poor development of a program, the parent process doesn't call the wait() function. And as a result, the system doesn't delete the PCB of the zombie process. The process table entry for that specific process remains intact as well.

This grants the zombie process an infinite lifespan. Since the system can't kill the process, the process entry is never deleted, and the PID never gets freed.

Learn More: Ways to Kill Unresponsive Programs in Linux

How to Find Zombie Processes?

The first step to removing zombie processes on your system is analyzing which process has the Zombie process state. While you won't be able to kill these processes directly as the system has already removed them from the memory, you can kill the parent process associated with them.

First, you need to check if your system's process table has a zombie process. You can do that easily using the top command. Simply open your terminal and type:

        top
    
top command linux zombie process

You will see an output similar to this one. Notice the count of zombie processes at the top of the terminal window. If the output is zero, then you've nothing to worry about.

You can list information related to these zombie processes by piping the ps command with egrep. Egrep is an extension of the grep command in Linux which treats all patterns as an extended regex string.

Related: The Beginner's Guide To Regular Expressions With Python

Type the following command to list all the zombie processes:

        ps aux | egrep "Z|defunct"
    

The aforementioned command will look for lines that contain either Z or defunct in the output generated by the ps command. The output consists of a list of the zombie processes running on your system.

list of zombie processes

Killing Zombie Processes Using the kill Command

Now that you know which zombie processes are currently eating away your system resources, it is time to kill these processes.

While the easiest way of killing zombie processes is by restarting your computer, sometimes this is not a feasible option, especially if you're administrating a server.

To kill zombie processes without shutting your server down, note down the process ID of any zombie process. From the previous section, we can see that the PID of the zombie process was 18614. Then, use this PID to find the ID of the parent process.

        ps -o ppid= -p 18614
    

Output:

        18613
    

Verify whether the parent process ID exists using the ps command.

        ps -e | grep 18613
    

Now that we've confirmed the existence of the parent process, it is time to kill it. Pass the -SIGKILL flag with the kill command as follows:

        sudo kill -SIGKILL 18613
    

Once you have killed the parent process, the system will delete the zombie process and remove it from the process table automatically.

Managing Processes Efficiently on Linux

Every system administrator must prioritize monitoring processes running on a Linux machine. Although zombie processes are not necessarily harmful to your system, they can cause performance issues if they exist in a large number.

If you're a beginner Linux user and have no idea how the Linux operating system manages processes, learning what are processes first is a good place to start.