Tuesday, November 7, 2017

How to kill defunct or zombie process in linux?


"defunct" processes is also known as a "zombie" processes. A Zombie process is referred as dead process which is receding on your system though it’s completed executing. In one shot we can say it’s a dead processes which is still in RAM. This process will be in your process table and consuming your memory. Having more defunct process will consume your memory which intern slows your system. We have to kill the defunct process in order to free RAM and make system stable.

What is a zombie process?
When a process finishes execution, it will have an exit status to report to its parent process. Because of this last little bit of information, the process will remain in the operating system’s process table as a zombie process, indicating that it is not to be scheduled for further execution, but that it cannot be completely removed (and its process ID cannot be reused) until it has been determined that the exit status is no longer needed.

When a child exits, the parent process will receive a SIGCHLD signal to indicate that one of its children has finished executing; the parent process will typically call the wait() system call at this point. That call will provide the parent with the child’s exit status, and will cause the child to be reaped, or removed from the process table.

Why defunct process are created?
Ans : When ever a process ends all the memory used by that process are cleared and assigned to new process but due to programming errors/bugs some processes are still left in process table. These are created when there is no proper communication between parent process and child proces

How do I remove zombie processes from a system?
Well, first you can wait. It’s possible that the parent process is intentionally leaving the process in a zombie state to ensure that future children that it may create will not receive the same pid. Or perhaps the parent is occupied, and will reap the child process momentarily.
Secondly, you can send a SIGCHLD signal to the parent (“kill -s SIGCHLD <ppid>“). This will cause well-behaving parents to reap their zombie children.
Finally, you can kill the parent process of the zombie. At that point, all of the parent’s children will be adopted by the init process (pid 1), which periodically runs wait() to reap any zombie children. Then system need reboot to kill zombie process.

Interview questions & answers

1. How to find a defunct process?
Ans : Using ps command
#ps -ef | grep defunct


Run “ps aux” and look for a Z in the STAT column.

ps aux | awk '"[Zz]" ~ $8 { printf("%s, PID = %d\n", $8, $2); }'

2. How can I kill a defunct process?
Ans : Just use kill command
#kill defunct-pid

3. Still not able to kill?
Ans : Then use kill -9 to force kill that process
#kill -9 defunct-pid

4. Still have an issue in killing it?
Ans : Then try to kill it’s parent id and then defunct.

#kill parent-id-of-defunct-pid


#kill -9 parent-id-of-defunct-pid

5. Still having defunct?
Ans : If you still find defunct process eating up RAM then last and final solution is to reboot your machine(This is not preferred on production boxes).

6.What is orphan process?
Ans : An orphan process is said to be a process which runs through parent process is terminated, these process do not know what to do and when to terminate.

7. What is difference between orphan and defunct processes?
Ans : A defunct process is a dead process where there is no execution happening whereas orphan process is a live process which is still in execution state but don't have parent process

No comments:

Post a Comment