What Are Zombie Processes
A zombie (defunct) process is a process that has completed execution but still has an entry in the process table. This occurs when the parent process has not yet read the childs exit status via the wait() system call. While zombies consume minimal resources, they occupy process table entries and indicate problematic parent processes.
Detecting Zombie Processes
# Find all zombies
ps aux | awk "\$8 ~ /Z/"
# Count zombies
ps aux | awk "\$8 ~ /Z/" | wc -l
# Show zombie details with parent PID
ps -eo pid,ppid,stat,cmd | grep -E "Z[+sl]*\s"Understanding the Process Tree
# Show process tree highlighting zombies
ps axjf | grep -E "defunct|PPID"
# Find parent of a zombie
ps -o ppid= -p
# Get parent process details
ps -p -o pid,ppid,cmd Safe Cleanup Methods
- Send SIGCHLD to parent:
kill -SIGCHLD <parent_pid> - Terminate parent gracefully:
kill <parent_pid> - Force kill parent (last resort):
kill -9 <parent_pid>
Prevention Strategies
- Ensure parent processes implement proper signal handlers
- Use double-fork technique for daemon processes
- Monitor zombie count with alerting thresholds
Automated Detection with dargslan-zombie-kill
pip install dargslan-zombie-kill
dargslan-zombie-kill
dargslan-zombie-kill --stats
dargslan-zombie-kill --kill-parent 12345
