Linux Commands

How to Find and Kill a Zombie Process on Linux

A process is called a Zombie or “dead” process when its execution gets completed, but it can still enter into the process table. Ideally, such processes should be removed from the process table after their execution is finished. However, due to some reason, the parent process didn’t remove it properly.

Such “defunct” processes are seen to occur mainly for the child processes. The parent process reads the exit status of its child process. It’s done via the wait() system call. Once it’s done, the zombie process gets eliminated. This is called reaping the zombie process.

To have a better understanding of the zombie process formation and elimination, follow the diagram given below.

How Zombie Process State Works

Before going into the zombie process state, let’s briefly overview the process states in Linux.

Linux keeps track of vulnerabilities and the applications running on your computer by maintaining a process table. In the Linux kernel memory, a process table is comprised of a list of structures. Each process of the process table has its entry in the list that is occupied by some information about the process. They hold a pointer to the PCB (process control block), a process ID, and some other data.

The Linux PCB contains process state, process number, process counter, registers, open file list, CPU scheduling information, memory management information, and input-output status information. There can be 5 process states, and those are R, S, D, T, and Z. R is a running process, S denotes a sleeping process, D denotes an uninterruptable sleep state, T is a terminated or stopped process, and Z is a zombie process.

So, how does a zombie process state work? In the zombie process state, the parent calls one wait() function during the child process creation. Then it waits for the state change to take place in the child process. In case the state change where the child process has stopped, its exit status code is read.

After that, the child process’s PCB is destroyed, and the entry is cleared. It happens very quickly, and the zombie process doesn’t last long.

What Causes a Zombie Process to Form in Linux

So, what’s the cause behind the formation of a zombie process in Linux? A not-so-perfect parent process can’t call the wait() function at the time of child process creation. So, in the child process, nothing watches for state changes; as a result, the SIGCHLD signal gets ignored. A second reason could be, another application affected the parent process execution due to malicious intent or simply poor coding.

By any means, if the parent process is unable to view child process state changes, the system housekeeping doesn’t happen. Then PCB and the entry are not cleared while the child process ends. As an effect of this, the zombie state is not cleared from the PCB.

Facts about Zombie Processes

Some interesting facts about zombie processes include:

All the system memory and other resources allocated to a zombie process are deallocated while it ends using the exit() system call.

But its entry in the table remains available.

If the parent process isn’t running, the zombie process’s presence signifies an operating system bug. This might not cause a serious issue if there are some zombie processes. But under heavier loads, the presence of zombie processes can create a shortage of process table entries. We’ll explore the danger of zombie processes in this article’s next section.

The parent process reads the exit status of a zombie process using the wait() function. Then the zombie process is eliminated from the system. After its removal, the process table entry and the process ID can be reused.

If the wait() is not used by the parent, the zombie remains in the process table. It creates a resource leak.

Sending SIGCHLD signal to a parent process with the kill command, you can remove a zombie process from the system.

If the zombie process remains in the process table even after sending the SIGCHLD signal, the parent process must be terminated if acceptable.

Are Zombie Processes Dangerous?

Zombie processes use a little bit of memory, but usually, they don’t pose a danger. The process table entry is small, but you can’t use its process ID until the zombie process is released. On a 64-bit OS, it’s not going to create a problem because the PCB is larger than the entry of the process table.

A huge number of zombie processes could affect the free memory available for other processes. If you face too many zombies, there’s some serious issue with the operating system bug or the parent application. In that case, the remaining process IDs get monopolized by the zombies. If there remain no process IDs, other processes are unable to run.

How to Find and Kill a Zombie Process

To kill the zombie process, at first, find it out. Use the code given below to identify zombie processes.

$ ps aux | egrep "Z|defunct"

Z used in the STAT column and/or [defunct] used in the last output column would identify a zombie process.

Actually, you can’t kill zombie processes as they are already dead. All you can do is, notifying its parent process so that it can again try to read the status of the child process, which has now become a zombie process, and eventually, the dead process gets cleaned from the process table. Use the following command to find out the parent process ID.

$ ps -o ppid= <Child PID>

Once you get the parent process ID of the zombie, send a SIGCHLD to the parent process.

$ kill -s SIGCHLD <Parent PID>

In case this doesn’t work in removing the zombie process from the process table, you need to restart or kill its parent process. To kill the zombie’s parent process, use the following code.

$ kill -9 <Parent PID>

Side Note: Once you kill a parent process, its child processes get affected. So it’s recommended to go through a quick double-check. It’ll help you to be safe.

If there’s a huge surge in the existing zombie processes, resulting in or heading towards a system outage, you have to do a system reboot. Alternatively, suppose a small number of zombie processes are not using much memory or system resources. In that case, it’s wise to reboot or kill its parent process in the upcoming scheduled system maintenance.


In this article, you have learned how to find and kill a zombie process on Linux. Now you know what a zombie process is, how to identify a zombie process on Linux and get it removed from the process table. We have also explored the process states in brief and how a zombie process state works.

So the conclusion is, zombies are not dangerous as far as they have been cleaned and maintained in a timely fashion. Hope you find this write-up useful, and it provides answers to your questions related to the zombie processes on Linux.

About the author

Suparna Ganguly

I'm an Engineer by degree and a Writer by choice. I like to learn and explore a good range of topics including Linux, programming, open-source, games, and computers. My content write-ups in LinuxHint can be your source of knowledge, guide, and values.