Problem Statement
Explain the different process states in Linux (running, sleeping, stopped, zombie). How do you identify and handle zombie processes?
Explanation
Linux processes exist in several states visible in ps or top output. Running (R) means the process is executing or ready to execute on CPU. Sleeping includes interruptible sleep (S) where process waits for events like I/O and can be interrupted by signals, and uninterruptible sleep (D) where process waits for I/O and cannot be interrupted, often indicating disk or network issues.
Stopped (T) means the process is suspended, typically by Ctrl+Z or a STOP signal. Continue with fg, bg, or CONT signal. Zombie (Z) means the process has finished but hasn't been reaped by its parent - the process table entry remains until the parent calls wait() to collect the exit status. Zombies consume minimal resources (just the process table entry) but indicate parent process issues.
Identify zombies with ps aux | grep Z or ps -eo pid,ppid,state,cmd | grep '^[^ ]* [^ ]* Z'. Zombies can't be killed directly since they're already dead. The solution is to kill the parent process, forcing the zombie to be inherited by init/systemd which will reap it. Find parent: ps -o ppid= -p ZOMBIE_PID, then kill PPID.
Persistent zombies indicate bugs in parent process not properly handling child termination. Well-written programs call wait() or use signal handlers (SIGCHLD) to reap children. In production, monitor for zombie accumulation as it indicates application issues. Understanding process states helps troubleshoot application behavior, hung processes, and resource issues.
Practice Sets
This question appears in the following practice sets:
