It’s a story as old as the era, since the advent of C and Unix, and (later) Linux, we’ve had _ zombies _. Specifically, some processes are marked as _ zombie processes _. Misunderstood by some, ignored by others, and immune to the efforts of many of us to kill these processes, without much success. Why is that?
What is a process in Linux?
It all starts when a program in Linux is executed, and when it is executed, its running instance is called a process. You can use the ps command to view all the processes in your Linux environment.
$ ps -ax
PID TTY STAT TIME COMMAND
1 ? Ss 0:01 /usr/lib/systemd/systemd rhgb --switched-root --sys
2 ? S 0:00 [kthreadd]
3 ? I< 0:00 [rcu_gp]
4 ? I< 0:00 [rcu_par_gp]
Copy the codeSometimes one process starts another, making the first process the parent of the second. The pstree command is a great tool that allows you to see the “pedigree” of processes on your system.
$PSTREe-PsN School exercises (1) - ┬ - School Exercises - School Exercises - School Exercises - School Exercises - School Exercises - School Exercises - School Exercises ├ ─ systemd - userdbd (1139) ─ ┬ ─ systemd - userwor (12707) │ ├ ─ systemd - userwor (12714) │ └ ─ systemd - userwor (12715). ├ ─ auditd (1140) ─ ─ ─ {auditd} (1141) ├ ─ dbus - broker - lau (1164) ─ ─ ─ dbus - broker (1165) ├ ─ avahi daemon (1166) - ─ ─ ─ avahi daemon (1196) - ├ ─ bluetoothd (1167).Copy the codeEach process is assigned a number in the system. Process ID1 is assigned to the first process executed during startup, and every subsequent process after PID1 is its descendant. The PID1 process is just _init_, and in most new versions of Linux, it’s just a symbolic link to a systemd program.
Run the kill command to end a process
You can kill processes in Linux using the kill command. Despite its name, the kill command and a set of other commands such as pkill and killall were written/designed to send SIGNALS to one or more processes. When not specified, the default SIGNAL it sends is the SIGTERM SIGNAL to terminate the process.
When a parent dies or is killed and its child does not follow its parent’s death, we call that process _ orphan process _.
Zombie processes, on the other hand, cannot be killed. Why, you may ask? Well, because they’re dead
Each child process, when terminated, becomes a zombie and is then deleted by the parent process. When a process exits its existence and frees the resources it uses, its name remains in the operating system’s process table. At this point, the parent’s job is to remove its name from the process table. When it fails, we have the zombie process, which is no longer a real process but just an entry on the operating system’s process schedule.
That’s why trying to kill a defunct (zombie) process, even with the -9 (SIGKILL) option, won’t work because there’s nothing to kill.
Therefore, to kill a zombie process, such as removing its name from the process list (process table), you must kill its parent. For example, if PID 5878 is a zombie process and its parent is PID 4809, then to kill the zombie process (5878), the parent process (4809) must be killed.
$ sudo kill -9 4809 #4809 is the parent, not the zombie
Copy the codeMy final warning to zombies: be very careful when killing the parent, if a process’s parent is PID 1 and you clean it up, you’ll reboot yourself!