Where are these requests / connections coming from? Are they not legitimate clients? If not, you’d need wire-logs to see what’s going on?
Looks like Fly is removing these on a case-by-case basis. The word at the time was that Fly apps using release_command were the ones turning into zombies: Interrupt app startup - #10 by eli