Linux Process

Processes states

S Interruptible sleep (waiting for an event to complete)
D Uninterruptible sleep (usually IO)
R Running or runnable (on run queue)
T Stopped, either by a job control signal or because it is being traced.
W paging (not valid since the 2.6.xx kernel)
X dead (should never be seen)
Z Defunct ("zombie") process, terminated but not reaped by its parent.

<< high-priority (not nice to other users)
N low-priority (nice to other users)
L has pages locked into memory (for real-time and custom IO)
s is a session leader
l is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ is in the foreground process group

You cannot kill "D" state processes, even with SIGKILL or kill -9. As the name implies, they are uninterruptible. You can only clear them by rebooting the server or waiting for the I/O to respond.

How to know where a process was started and how it was started?

Most reliable way is to look at the /proc, /proc/<pid>/ directory where it keeps information like:^[1]

1. cwd link to the current working directory
2. fd a dir with links to the open files (file descriptors)
3. cmdline read it to see what command line was used to start the process
4. environ the environment variables for that process
5. root a link to what the process considers it's root dir (it will be / unless chrooted)

pstree -sp <PID> also give clearer relationship in tree view

systemctl status <PID>

References