僵尸进程概念
僵尸进程(Zombie process)通俗来说指那些虽然已经终止的进程,但仍然保留一些信息,等待其父进程为其收尸. 书面形式一点:一个进程结束了,但是他的父进程没有等待(调用wait / waitpid)他,那么他将变成一个僵尸进程。通过ps命令查看其带有defunct的标志。僵尸进程是一个早已死亡的进程,但在进程表 (processs table)中仍占了一个位置(slot)。
但是如果该进程的父进程已经先结束了,那么该进程就不会变成僵尸进程。因为每个进程结束的时候,系统都会扫描当前系统中所运行的所有进程,看看有没有哪 个进程是刚刚结束的这个进程的子进程,如果是的话,就由Init进程来接管他,成为他的父进程,从而保证每个进程都会有一个父进程。而Init进程会自动 wait其子进程,因此被Init接管的所有进程都不会变成僵尸进程
与ZOMBIE对应的进程状态还有RUNNING(正在运行或等待运行状态),UNINTERRUPTABLE(不可中断阻塞状态),INTERRUPTABLE(可中断阻塞状态),STOPPED(挂起状态)等。
关于僵尸进程的维基百科介绍:
On Unix and Unix-like computer operating systems, a zombie process or defunct process is a process that has completed execution (via the exit system call) but still has an entry in the process table: it is a process in the "Terminated state". This occurs for child processes, where the entry is still needed to allow the parent process to read its child's exit status: once the exit status is read via the wait system call, the zombie's entry is removed from the process table and it is said to be "reaped". A child process always first becomes a zombie before being removed from the resource table. In most cases, under normal system operation zombies are immediately waited on by their parent and then reaped by the system – processes that stay zombies for a long time are generally an error and cause a resource leak.
The term zombie process derives from the common definition of zombie — an undead person. In the term's metaphor, the child process has "died" but has not yet been "reaped". Also, unlike normal processes, the kill command has no effect on a zombie process.
Zombie processes should not be confused with orphan processes: an orphan process is a process that is still executing, but whose parent has died. These do not remain as zombie processes; instead, (like all orphaned processes) they are adopted by init (process ID 1), which waits on its children. The result is that a process that is both a zombie and an orphan will be reaped automatically.
僵尸进程查看
查看系统里面有那些僵尸进程,有很多方法,例如top命令,ps命令等
另外,使用ps和grep命令结合也能查看僵尸进程,当然有非常多的形式,如下所。
[root@mylnx01 ~]# ps aux | grep Zs | grep -v grep
oracle 2002 0.0 0.0 0 0 ? Zs 02:44 0:00 [sh] <defunct>
oracle 2013 0.0 0.0 0 0 ? Zs 02:46 0:00 [sh] <defunct>
[root@mylnx01 ~]#
[root@mylnx01 ~]# ps -ef | grep defunct
oracle 2002 4788 0 02:44 ? 00:00:00 [sh] <defunct>
oracle 2013 4788 0 02:46 ? 00:00:00 [sh] <defunct>
[root@mylnx01 ~]#
[root@mylnx01 ~]# ps -A -ostat,ppid,pid,cmd | grep -e '^[Zz]'
Zs 4788 2002 [sh] <defunct>
Zs 4788 2013 [sh] <defunct>
[root@mylnx01 ~]#
查看僵尸进程的个数命令
[root@mylnx01 ~]# ps -ef | grep defunct | grep -v grep | wc -l
2
僵尸进程查杀
僵尸进程的查杀有时候是一个头痛的问题,僵尸进程有时候很杀不掉,有时候还不能乱杀。
要杀掉僵尸进程,一般有两个方法:
1:找到该defunct僵尸进程的父进程,将该进程的父进程杀掉,则此defunct进程将自动消失
2:重启服务器。
查看僵尸进程并杀掉
ps -ef | grep defunct | grep -v grep | awk {print "kill -9 " $2,$3}
一般情况下,不建议莽撞的kill掉这些僵尸进程,还是检查一下具体原因后,根据具体情况再做查杀,如下所示。
[root@mylnx01 ~]# ps -ef | grep defunct
oracle 2002 4788 0 02:44 ? 00:00:00 [sh] <defunct>
oracle 2013 4788 0 02:46 ? 00:00:00 [sh] <defunct>
root 12348 10441 0 12:18 pts/11 00:00:00 grep defunct
[root@mylnx01 ~]# cat /proc/2002/stack
[<ffffffff8105b9f5>] do_exit+0x67d/0x696
[<ffffffff8105baae>] sys_exit_group+0x0/0x1b
[<ffffffff8105bac5>] sys_exit_group+0x17/0x1b
[<ffffffff81011db2>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff
[root@mylnx01 ~]# cat /proc/2013/stack
[<ffffffff8105b9f5>] do_exit+0x67d/0x696
[<ffffffff8105baae>] sys_exit_group+0x0/0x1b
[<ffffffff8105bac5>] sys_exit_group+0x17/0x1b
[<ffffffff81011db2>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff
[root@mylnx01 ~]# cat /proc/4788/stack
[<ffffffff811de86e>] sys_semtimedop+0x68b/0x7e7
[<ffffffff81011db2>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff
[root@mylnx01 ~]#
[root@mylnx01 ~]# lsof -p 4788
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
oracle 4788 oracle cwd DIR 253,6 4096 7880901 /u01/app/oracle/product/10.2.0/db_1/dbs
oracle 4788 oracle rtd DIR 253,0 4096 2 /
oracle 4788 oracle txt REG 253,6 104559054 7884256 /u01/app/oracle/product/10.2.0/db_1/bin/oracle
oracle 4788 oracle DEL REG 0,4 3211268 /SYSVdf6790e8
oracle 4788 oracle mem REG 253,0 143600 8421721 /lib64/ld-2.5.so
oracle 4788 oracle mem REG 253,0 1722304 8421722 /lib64/libc-2.5.so
oracle 4788 oracle mem REG 253,0 615136 8421739 /lib64/libm-2.5.so
oracle 4788 oracle mem REG 253,0 23360 8421607 /lib64/libdl-2.5.so
oracle 4788 oracle mem REG 253,0 145824 8421724 /lib64/libpthread-2.5.so
oracle 4788 oracle mem REG 253,0 114352 8421738 /lib64/libnsl-2.5.so
oracle 4788 oracle mem REG 253,0 53880 8421403 /lib64/libnss_files-2.5.so
oracle 4788 oracle mem CHR 1,5 4603 /dev/zero
oracle 4788 oracle mem REG 253,0 3768 10426606 /usr/lib64/libaio.so.1.0.1
oracle 4788 oracle mem REG 253,6 1552 7893073 /u01/app/oracle/product/10.2.0/db_1/dbs/hc_epps.dat
oracle 4788 oracle mem REG 253,6 3796601 7888182 /u01/app/oracle/product/10.2.0/db_1/lib/libnnz10.so
oracle 4788 oracle mem REG 253,6 123345 7885115 /u01/app/oracle/product/10.2.0/db_1/lib/libdbcfg10.so
oracle 4788 oracle mem REG 253,6 64041 7887888 /u01/app/oracle/product/10.2.0/db_1/lib/libclsra10.so
oracle 4788 oracle mem REG 253,6 11385162 7883147 /u01/app/oracle/product/10.2.0/db_1/lib/libjox10.so
oracle 4788 oracle mem REG 253,6 516097 7887854 /u01/app/oracle/product/10.2.0/db_1/lib/libocrutl10.so
oracle 4788 oracle mem REG 253,6 691049 7887853 /u01/app/oracle/product/10.2.0/db_1/lib/libocrb10.so
oracle 4788 oracle mem REG 253,6 681761 7887852 /u01/app/oracle/product/10.2.0/db_1/lib/libocr10.so
oracle 4788 oracle mem REG 253,6 8545 7885226 /u01/app/oracle/product/10.2.0/db_1/lib/libskgxn2.so
oracle 4788 oracle mem REG 253,6 1772385 7887887 /u01/app/oracle/product/10.2.0/db_1/lib/libhasgen10.so
oracle 4788 oracle mem REG 253,6 177809 7884216 /u01/app/oracle/product/10.2.0/db_1/lib/libskgxp10.so
oracle 4788 oracle 0r CHR 1,3 4601 /dev/null
oracle 4788 oracle 1r CHR 1,3 4601 /dev/null
oracle 4788 oracle 2w REG 253,6 1447 7995467 /u01/app/oracle/admin/epps/bdump/epps_psp0_4788.trc
oracle 4788 oracle 3r CHR 1,3 4601 /dev/null
oracle 4788 oracle 4r CHR 1,3 4601 /dev/null
oracle 4788 oracle 5w REG 253,6 663 1638412 /u01/app/oracle/admin/epps/udump/epps_ora_4784.trc (deleted)
oracle 4788 oracle 6w REG 253,6 30440 7995465 /u01/app/oracle/admin/epps/bdump/alert_epps.log.20150904 (deleted)
oracle 4788 oracle 7u REG 253,6 0 6930433 /u01/app/oracle/product/10.2.0/db_1/dbs/lkinstepps (deleted)
oracle 4788 oracle 8w REG 253,6 30440 7995465 /u01/app/oracle/admin/epps/bdump/alert_epps.log.20150904 (deleted)
oracle 4788 oracle 9u REG 253,6 1552 7893073 /u01/app/oracle/product/10.2.0/db_1/dbs/hc_epps.dat
oracle 4788 oracle 10r CHR 1,5 4603 /dev/zero
oracle 4788 oracle 11r REG 253,6 849408 7887921 /u01/app/oracle/product/10.2.0/db_1/rdbms/mesg/oraus.msb
oracle 4788 oracle 12r CHR 1,5 4603 /dev/zero
oracle 4788 oracle 13u REG 253,6 1552 7893073 /u01/app/oracle/product/10.2.0/db_1/dbs/hc_epps.dat
oracle 4788 oracle 14uR REG 253,6 24 7893074 /u01/app/oracle/product/10.2.0/db_1/dbs/lkEPPS
oracle 4788 oracle 15r REG 253,6 849408 7887921 /u01/app/oracle/product/10.2.0/db_1/rdbms/mesg/oraus.msb
查看僵尸进程的父进程,发现是对应的是ORACLE里面PSPO进程,关于这个进程,我也没有把握是否可以KIll掉。所以选择重启服务器比较保险一点。
