What is a zombie process?

Generally, the parent process of the Fork sub-process has ended, and the sub-process cannot release resources, forming a zombie process.
The process has died, but does not release system resources, including memory and some system tables. If there are many such processes, it will cause system problems. If the process state shown by PS-el is Z, It is a zombie process.
S indicates the sleep state; D indicates the sleep state that cannot be interrupted; r indicates the running state; Z indicates the frozen state; t indicates the stopped or tracked state.

A zombie process means that the parent process has exited, and the dead process becomes a zombie process without being accepted by the process.
How to generate botnets:
When a process calls the exit command to end its own life, it is not actually destroyed, but it leaves a data structure called Zombie (the system calls exit, it is used to exit a process, but it is only limited to converting a normal process into a zombie process and cannot completely destroy it ). InLinuxIn the process status, a zombie process is a very special one. It has abandoned almost all the memory space and has no executableCodeAnd cannot be scheduled. It only keeps a location in the process list and records the exit status of the process.OthersIn addition, zombie processes no longer occupy any memory space. It requires its parent process to collect dead parts for it. If its parent process does not have the sigchld signal processing function installed, it calls wait or waitpid () to wait until the child process ends, if the signal is not explicitly ignored, it will remain in zombie state. If the parent process ends, the INIT process will automatically take over the child process and send a zombie to it, it can still be cleared. However, if the parent process is a loop and does not end, the child process will remain zombie, which is why many zombie processes sometimes exist in the system.
How to view botnets:
Using the command ps, we can see that the process marked as Z is a zombie process.
How to clear zombie processes:
1. Rewrite the parent process and send it to the dead after the child process dies. The specific method is to take over the sigchld signal. After a child process dies, it sends a sigchld signal to the parent process. After receiving the signal, the parent process executes the waitpid () function to collect the child process. This is based on the principle that even if the parent process does not call wait, the kernel will send sigchld messages to it, even though the default processing is ignored. If you want to respond to this message, you can set a processing function.
2. Kill the parent process. After the death of the parent process, the zombie process becomes an "orphan process". After it passes through to the INIT process on process 1, init will always be responsible for cleaning up the zombie process. All the zombie processes it generates will also disappear.