Halloween on Linux: how to kill zombie processes

halloween stamp

The day of the dead is coming and that is why we want to do this little tutorial from LxA to talk about the zombie processes and how we can kill them. The first thing to say is what the zombie process is, and that is that as you know, the Linux kernel has a subsystem to manage the processes and works with the scheduler to create, vary the priority, send or remove the CPU processing flow and kill processes. . Well, this part of the kernel, like the rest of Unix-like systems, distinguishes between various states of processes ...

So we can find that a process it can be in the sleeping (S) state, that is, asleep. Also processes in a running state (R) which are those that are currently running or running, processes waiting (D) that are stopped waiting to be attended, gestpt (T) or suspended, and also the zombies (Z) or deceased. . A zombie or dead process is one that has already been successfully terminated, but has certain system resources hijacked since Linux is still saving it in the process table. You already know that when a process ends, it should not stay in this state, but completes and the kernel frees the resources so that other processes can use them, basically it frees the occupied RAM ...

Well, since it is not interesting to have this type of zombie processes, although they are not as frequent, we can search for and eliminate them as indicated here. The first thing is to find if there are zombie processes in our distro and for that we can help ourselves tools like top or like ps. For example, one of these two options:

ps -el | grep 'Z'

ps aux | grep defunct

And once detected, we can kill him directly with:

kill -HUP `ps -A -ostat,ppid,pid,cmd | grep -e ‘^[Zz]’ | awk ‘{print $2}’`

Although another alternative is to find the parent processes, since to kill a zombie process You have to kill the parent processes that sustain it, as you may have deduced:

ps -eo pid,ppid | grep <PID>

kill -9 <PPID>

You will have to replace by the ID of the zombie process that you have found and to kill it with kill, use the ID of the parent process replacing in the example, obviously.

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

A comment, leave yours

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   made balls said

    Good site!
    They always get us out of trouble.

    Where says:
    Although another alternative is to find the parent processes, since to kill a zombie process you have to kill the parent processes that support it, as you may have deduced:

    1 | ps -eo pid, ppid | grep
    3 | kill -9

    You will have to substitute for the ID of the zombie process that you have found and to kill it with kill, use the ID of the parent process substituting in the example, obviously.

    you can add the script:

    $ cat killppid.sh
    #! / Bin / bash
    kill -9 $ (ps -eo pid, ppid | awk '$ 1 ==' $ {1} '{print $ 2}')

    Of course, it is not a task that a normal user performs all the time.
    It would only be useful for the administrator, but it is dangerous to run it as root, because it can kill any process on the system.

    In man kill it has this note:

    NOTES Your shell (command line interpreter) may have a built-in kill command. You may
    need to run the command described here as / bin / kill to solve the conflict.

    Bash has that command, this is the part of man bash about it:

    kill [-s sigspec | -n signum | -sigspec] [pid | jobspec] ...
    kill -l | -L [sigspec | exit_status]
    Send the signal named by sigspec or signum to the processes named by pid or job
    spec. sigspec is either a case-insensitive signal name such as SIGKILL (with or
    without the SIG prefix) or a signal number; signum is a signal number. If
    sigspec is not present, then SIGTERM is assumed. An argument of -l lists the
    signal names. If any arguments are supplied when -l is given, the names of the
    signals corresponding to the arguments are listed, and the return status is 0.
    The exit_status argument to -l is a number specifying either a signal number or
    the exit status of a process terminated by a signal. The -L option is equivalent
    lent to -l. kill returns true if at least one signal was successfully sent, or
    false if an error occurs or an invalid option is encountered.

    At the beginning they explain how bash protects the processes, to avoid some problems, but it is not clear to me how I could make a safe script to run as root.
    The only thing I can think of is to protect it like this:

    $ cat killppid.sh
    #! / Bin / bash
    if [$ USER == "root"]
    then echo Don't run $ 0 as root !!! it is dangerous!

    kill -9 $ (ps -eo pid, ppid | awk '$ 1 ==' $ {1} '{print $ 2}')


    Use bash's kill, not / bin / kill

    How can you see I am not very well versed in bash.
    Do you know how to write a secure script that runs as the user of the child process, even if it runs as root?
    something equivalent to what would be done manually like this:

    $ su;
    $ kill -9 $ (ps -eo pid, ppid | awk '$ 1 ==' $ {1} '{print $ 2}')

bool (true)