40

Virtual Shotguns?

jldugger
  • 14,122
  • 19
  • 73
  • 129

7 Answers7

21

Zombie process (actually now they're called <defunct>) isn't really a process. It's only entry in the process table, so the parent process can do wait() syscall.

You shouldn't worry about them. They do not occupy any resources, they will disappear either when their parent calls wait() on when the parent itself dies.

vartec
  • 6,137
  • 2
  • 32
  • 49
  • They *still* keep some resources, and take a slot in the processes table. Better to *wait()* them and see them disappear forever... – Déjà vu Jun 14 '20 at 15:40
18

Oh, god! No no no. Don't use kill -9.

It doesn't give the process a chance to cleanly:

  1. shut down socket connections

  2. clean up temp files

  3. inform its children that it is going away

  4. reset its terminal characteristics and so on and so on and so on.

Generally, send 15, and wait a second or two, and if that doesn't work, send 2, and if that doesn't work, send 1. If that doesn't, REMOVE THE BINARY because the program is badly behaved!

Don't use kill -9. Don't bring out the combine harvester just to tidy up the flower pot.

Giacomo1968
  • 3,522
  • 25
  • 38
Severe_admin
  • 338
  • 1
  • 5
  • 13
    kill -9 won't kill zombies. You have to kill their parent, look at pstree. – LapTop006 May 27 '09 at 08:51
  • 3
    @LapTop006: In that case they're more like vampires; kill the head vampire to stop the invasion. – amphetamachine Feb 22 '11 at 04:08
  • 2
    This answer is wrong in just about every way. The process is complete; it has already shut down its connections, cleaned up temp files, etc. etc. There is no actual process anymore, just an entry in the process table. Do not remove the child binary - it is not behaving badly. It just means that the parent hasn't held a proper funeral for its child yet. – Ken Williams Apr 17 '18 at 02:47
14

There is already an accepted answer, however: you CAN kill the zombie process. Attach with the debugger to the parent process and call waitpid function. E.g.: - let's assume that the parent has PID=100, the zombie process has PID=200

$ gdb -p 100
(gdb) call waitpid(200, 0, 0)
(gdb) quit
ondra
  • 424
  • 4
  • 10
11

It's a process that has been completely deallocated but still exists in the process table. Contrast this with an orphan process, whose parent has died but is still executing.

Here's some advice on getting rid of them.

nedm
  • 5,610
  • 5
  • 30
  • 52
9

A zombie process has no resources allocated to it whatsoever, other than the entry in the process tree. This happens when a process completes, however the parent process has not yet reaped it, (i.e., waited on it).

You can try and force the parent to do this if you want by sending it a SIGCHLD (kill -20), to the parent, but there's no guarantee that the parent will honor it.

You'll often see them for short periods of time (for example while viewing the process tree using top) - this is normal; In the time slice between the time that a child process completes, and the parent polls for it - the child process will appear as a zombie.

If you see zombie processes that continually exist however - which is not normal - there is still no need to be concerned - again as there is not resource allocated to a dead process - it generally means that the application is poorly written by crappy developers.

The only time that you should be concerned from zombie processes, is when you see lots and lots of them, for example if the same crappy application mentioned above is placed under load.

We have alot of crappy developers where I work, and so I have the privilege of dealing with such issues and learning all sorts of useless stuff while doing so. In fact - my team often resorts to using the crappy shell scripts written by out crappy developers in interviews - if the candidate can pick that the script is indeed crapy, and tell us why it's crappy, he has a good foot in the door.

Xerxes
  • 4,133
  • 3
  • 26
  • 33
1

As for the virtual shotgun...

$ shoot <pid>
#!/bin/sh
victim=`ps -e -o pid,ppid | egrep "^\s*$1\b" | awk '{print $2}'`
victim\_name=`ps -e -o pid,cmd | egrep "^\s*${victim}\b" | head -n 1 | awk '{print $2}'`
#kill ${victim}
echo "Killed ${victim_name}."

And remember: always shoot them in the head.

drybjed
  • 544
  • 2
  • 7
  • I'm sorry but for the record, this script has a typo "victim_name" and is going to kill the parent of the PID given on $1 , in any case considers if PID is the only zombie or if he has some siblings, it just kills the father and with it all the family will perish. – Marc Riera Jul 05 '17 at 11:03
0

A zombie process is a process that has finished executing, but is still listed in the process table.

kill -9 [parent process_name] will put it down, with extreme prejudice.

Alan
  • 530
  • 1
  • 5
  • 11
  • kill -9 will not kill a zombie process - that's one reason they're called zombies. A zombie "process" will not go away until its return code is reaped by a parent process. – Mei Jul 06 '09 at 23:36
  • 4
    No, kill -9 on *THE PARENT* will kill the parent, making init it's parent, which *WILL* reap the child's return code. – Alan Jul 15 '09 at 00:03