When a process terminates, its resources are deallocated by the operating system. However, its entry in the process table must remain there until the parent calls wait(), because the process table contains the process’s exit status. A process that has terminated, but whose parent has not yet called wait(), is known as a zombie process. All processes transition to this state when they terminate, but generally they exist as zombies only briefly. Once the parent calls wait(), the process identifier of the zombie process and its entry in the process table are released.
Now consider what would happen if a parent did not invoke wait() and instead terminated, thereby leaving its child processes as orphans. Linux and UNIX address this scenario by assigning the init process as the new parent to orphan processes. The init process periodically invokes wait(), thereby allowing the exit status of any orphaned process to be collected and releasing the orphan’s process identifier and process-table entry.
In other words,
An orphan process is a computer process whose
parent process has finished or terminated, though it (child process) remains running itself.
A zombie process or defunct process is a process that has completed execution but still has an entry in the process table as its parent process didn’t invoke an
wait() system call.
Are Zombie processes harmful to the System?
No. Since zombie process is not doing any work, not using any resources or affecting any other process, there is no harm in having a zombie process. But since the exit_status and other process information from the process table are stored in the RAM, having too many Zombie processes can sometimes be an issue.
Imagine it Like this :
“You are the owner of a construction company. You pay daily wages to all your workers depending upon how they work. A worker comes to the construction site every day, just sits there, you don’t have to pay him, he doesn’t do any work. He just comes every day and sits, that’s it !”
Such a worker is the living example of a zombie process. But, if you have a lot of zombie workers, your construction site will get crowded and it might get difficult for the people that are actually working.
So how to find Zombie Processes?
Fire up a terminal and type the following command –
ps aux | grep Z
You will now get details of all zombie processes in the processes table.
How to kill Zombie processes?
Normally we kill processes with the SIGKILL command but zombie processes are already dead. You Cannot kill something that is already dead. So what you do is you type this command –
kill -s SIGCHLD pid
Replace the pid with the id of the parent process so that the parent process will remove all the child processes that are dead and completed.
Imagine it Like this :
“You find a dead body in the middle of the road, you call the dead body’s family and they take that body away from the road.”
But a lot of programs are not programmed well enough to remove these child zombies because if they were, you wouldn’t have those zombies in the first place. So the only thing guaranteed to remove Child Zombies is killing the parent.
Source: Operating System Concepts by Abraham, Peter, Greg