Previous Page
PCLinuxOS Magazine
Article List
Next Page

How To Kill A Zombie

by Paul Arnote (parnote)

Believe it or not, this has nothing to do with the popular genre of movies, television shows and comic books. Nope. This isn't about "The Walking Dead," one of the most popular shows on television. And this certainly isn't about the movies "World War Z" or George Romero's "Night Of The Living Dead."

What we're talking about are zombie processes. Even with all that is good about Linux, it isn't perfect. No operating system is. No program is perfect. Programs crash. Operating systems crash – although in the Linux world, the latter is a relatively rare occurrence. Especially when programs crash, or when programs aren't written properly, zombie processes can be left behind.

Quite simply, the parent process either didn't clean up the child processes when it exited normally (because of bad programming), or didn't have the chance to clean up the child processes when it exited abnormally. As a result, a zombie process is left behind. A zombie process cannot be scheduled for further processing (the parent process that spawned it has left it abandoned), but it cannot be completely removed until it is determined that it is no longer needed. Without its parent process, there's no way to determine if the remaining process is needed. So, it's just left hanging out there, abandoned, and occupying a process ID that cannot be reused until it has been released.

It's by way of the process table that Linux is able to keep track of everything that is going on all at once. So, when you have a web browser, a word processor, a terminal window, and a graphics viewer running all at the same time that you're listening to music, plus all of the activity going on in the background that most of us don't see or even think about, Linux keeps track of it all by way of the process table.

When a child process exits, it sends a SIGCHILD signal to the parent to let the parent process know that one of its child processes has completed. When this happens, the parent process should call the wait() system call, which in turn will provide the parent process with the exit status of the child, which will then cause the child process to be removed from the process table.

You can see if you have any zombie processes on your system by issuing the top command in a terminal session, then looking at the second line down, all the way to the right. In the screenshot above, I have no zombie processes. If you have a LOT of zombie processes, it would probably be best to either kill the associated parent process, or simply restart a service (for those zombie processes that are associated with a service).

To remove any zombie processes that you may have on your system, you first have to get the process ID numbers (the far left column of numbers in the screenshot) of those zombie processes. There is a better way to get the process ID numbers of any zombie processes on your system. Open a terminal session and enter the following on the command line:

ps aux | awk '{ print $8 " " $2 }' | grep -w Z

It will produce an output something like this:

Z 5802 Z 4771 Z 8629

Now, everyone knows you can't kill a zombie. They are already dead. Just kidding. To kill a zombie (process), put a bullet in its head, like this:

kill -9 5802

Actually, kill -9 is not guaranteed to immediately remove a zombie process. Sometimes that bullet travels in "slow motion."

When the parent process is terminated, the init process (pid 1) adopts the zombie. init calls the wait() function periodically to 'reap' the dead processes resources. So, you may need to wait until the next wait() call for your zombie processes to meet the grim reaper.

Now you know the proper way to kill a zombie … er … zombie process.

Previous Page              Top              Next Page
Copyright (c) 2013, The PCLinuxOS Magazine. All Rights Reserved.