In the Linux operating system, you will sometimes come across programs called dead processes or Zombie  process, these types of programs have become like this due to weaknesses or poorly written structural code. Today, in this article, we will discuss how these types of programs are created and how to remove them from our computers.

Processing steps in Linux

In the Linux OS, the program will be automatically monitored by the operating system, so that any program or Daemon that you are running is monitored and located inside the processing desk. That part of the program structure is stored in the memory kernel, and the system can save them by numbering, also in this list all input values ​​store some information from the processes.

But there is not much information inside the numbers in the storage processing table, the information inside these numbers includes the IDs of the processes, several dates and times of the processes, and finally the PCB related to those processes.

At the moment of processing, all tasks are the responsibility of PCBs. At the time of each processing, they are updated and when the processes are destroyed, they are destroyed with them, so PCBs carry very important information from different processes.

Linux PCBs have more than 700 commands and there is a lot of information in them, one of their structures is task_struct.h.

We have collected all the contents that you encounter in PCB :

• Process State: The status of the processes is specified for the user in this section.
• Process Number: This is to identify and differentiate each process from the other by the operating system.
• Program Counter: This command will create an order list for your processes, and in this section, it will be specified that after closing the process, a new process will start.
• Registers: In this list, you will see the processors registered by this process, also this list may include accumulators, index registers, and stack pointers.
• Open File List: Files associated with this process.
• CPU Scheduling Information: This option determines how much CPU and for how long the processor has, as well as the CPU priority, and all information about your CPU will be recorded on the PCB.
• Memory Management Information: This will give you information and descriptions of the memory that this process uses, for example, the full start and end of each process, as well as the poets of the memory screens.
• I / O Status Information: Any input or output device that has used the processing.

One of the things to we have to pay extra attention to is the Process State, which can be one of the following:

• R: This letter indicates a process is running or ready to run, if the process is running it means it is running and using CPU resources, if it is ready to run it means This process is in the activation queue and will start as soon as the processor is empty.

  S: This letter indicates a process that is in standby mode, for example, this process needs this particular output or input to complete, or it is ready to use resources in standby mode.

  D: This indicates that the processing is absolute in standby mode, unlike the standby mode this state can not be affected by the user or continued, the processing needs all the necessary items to run.

  T: This indicates that the processing has stopped completely because it has received the SIGSTOP signal, in which case the processing will only respond to the SIGKILL and SIGCONT signals, which may, respectively, cause the process to destroy or continue processing.

  Z: A dead process. When a process is completed, it will be free by itself,it will free up the amount of memory it has, but these events still remain on the process desk and PCB and can be seen.

When the process is dead, the older processes, known as the Parent process, use another feature and create a new process, then wait for a change in the new process. It comes, waits, and monitors the new process to see if the new process has stopped, run, or been deleted by one of the signals.

If the new processing conditions change in a way that means it is gone, its exit code is Read. The newly created PCB will then be destroyed and its values ​​will be cleared from the processing table, ideally, It will happen in a moment, and dead processing will not be on the processing table for long.

What is the cause of Zombie Process

In most cases, this type of processing is due to poor programming, for example, when older processes run the wait () command for the newly created process, the SIGCHLD command, which is used to announce changes in New processing is ignored.

In some cases, another program may interfere with the SIGCHLD code, this may be due to malware or code programming weakness. In any case, when there is no monitoring of newly created processes, processing Do not announce their changes, and this will not remove dead processes, so these processes will never be removed from the PCB.

Dead processes use very little memory, and usually do not pose any problems for normal use of the operating system. Using these processes does not take up much space on the processing desk, but the problem will arise where the processing is dead. It will not be removed from the processing desk, making it impossible for any other process to run. However, on a 64-bit operating system, this will not be a problem, as the PCB will be larger than the process table.

Many dead processes can simultaneously occupy the free RAM space available for other processes. If there are many dead processes in your system, there may be a problem with your older processes or with the operating system.

Destroy Zombie Process

Enter the following commands in order, on your process table:

top

Now in the Task section, you can see all your processes in order.

We can list them using the ps command and shape them into columns using egrep.

As we said, dead processes will be shown with the letter z, and we will also add the defunct command. Enter the following command:

ps aux | egrep "Z|defunct"

Dead processes are displayed as a list. Also in the last column of dead processes information, you can see what program or process caused them.

To remove the dead processes we have to proceed through the process they created, enter the following command:

ps -o ppid= -p 0000

In the red field, you have to enter your desired PID.

At the bottom, the terminal will show you the main process that caused the dead process.

Now let’s use the PS command again to see the main process:

ps -e | grep 0000

This time in the red section we will put the main processing number that the terminal gave a little earlier.

We will use the SIGKILL command to delete mother processes:

kill -SIGKILL 0000