Skip to content

๐ŸงŸ Zombie Process Guide (BlackCairn)

A practical guide to identifying, understanding, and cleaning up zombie processes on your Linux systems and Docker containers.

๐Ÿง  What is a Zombie Process?

A zombie process is a process that has:

  • Finished execution
  • But still exists in the process table
  • Because its parent has not collected its exit status

Think of it as a process that has diedโ€ฆ but its paperwork hasnโ€™t been filed.

๐Ÿ” How to Identify Zombie Processes

Basic check

ps aux | grep Z

Cleaner output

ps -eo pid,ppid,state,cmd | awk '$3 ~ /Z/'

Example output

8763  2445  Z  [wget] <defunct>

๐Ÿงพ Understanding the Output

Column Meaning
PID Zombie process ID
PPID Parent process ID
Z Zombie state
CMD Original command

โš ๏ธ The parent (PPID) is the key. Zombies cannot be killed directly.

๐Ÿ•ต๏ธ Investigate the Parent Process

ps -fp <PPID>

Example:

ps -fp 2445

๐Ÿณ If Using Docker (BlackCairn Reality)

Find the container:

docker inspect --format '{{.Name}}' <container-id>

Then inspect it:

docker exec -it <container-name> ps -ef

๐Ÿงน How to Clean Up Zombies

โœ… Best Option: Restart the Parent

Docker

docker restart <container-name>

System service

sudo systemctl restart <service>

โš ๏ธ Alternative: Signal the Parent

kill -SIGCHLD <PPID>

May or may not work.

๐Ÿšซ Do NOT do this

kill -9 <zombie-pid>

Zombies are already dead. This does nothing.

๐Ÿงฎ Count Zombie Processes

ps -eo state | grep -c Z

โš ๏ธ When to Worry

Scenario Meaning
1โ€“2 zombies Normal, harmless
Growing count Parent process issue
Hundreds Broken service or container

๐Ÿ› ๏ธ Preventing Zombies (Docker Best Practice)

Add an init process to containers:

services:
  your-service:
    image: your-image
    init: true

This ensures child processes are properly reaped.

๐Ÿงช Common Causes

  • Healthchecks using wget or curl
  • Poorly written shell scripts
  • Node/Next.js apps spawning child processes
  • Containers without an init process

๐Ÿ”Ž BlackCairn Example (Real Case)

  • Zombie: [wget] <defunct>
  • Parent: next-server
  • Container: blackcairn-portal
  • Cause: Docker healthcheck using wget
  • Fix: Added init: true to Compose

๐Ÿงญ Quick Troubleshooting Flow

  1. Find zombie
  2. Identify PPID
  3. Check parent process
  4. Determine if Docker or system service
  5. Restart parent
  6. Add init: true if container-based
  7. Recheck

๐Ÿงน Maintenance Tip

Run occasionally:

ps -eo pid,ppid,state,cmd | awk '$3 ~ /Z/'

If empty โ†’ all clear

๐Ÿ“Œ Final Thoughts

Zombie processes are not dangerous on their own.

They are symptoms, not problems.

Fix the parent, and the undead disappear.

โš”๏ธ Motto

"You donโ€™t kill the zombieโ€ฆ you fix what refused to bury it."