/bin/kill -f WINPID; for a rogue cygwin process?

Tom Rodman cygzw@trodman.com
Sat Dec 8 01:59:00 GMT 2007


There may not be enough info in this post, also it pertains to
an old cygwin release( 1.5.20s(0.155/4/2) 20060403 13:33:45 ).
I'm hoping it will be tolerated in cygwin-talk.

I have been trying to understand how to clean up rogue cygwin
processes that appear after days or weeks of uptime ( and many
cron jobs ) - defunct and "unknown" processes for example.
"pidtablecygcheck00" is a simple bash script that uses cygwin ps,
and /proc, and sysinternals: pslist and 'handle cygwin' - output;
it compares/joins their reports.  I show that script's output,
since it may help, but the script is not the point...

The question I have concerns the "/bin/kill -f" shown in the bash
session record on a windows 2003 server w/hostname "OurHost",
below my sig.  Windows pid 6588 was a bash.exe process, that did
not show up in 'ps -elW', so I thought I should cleanup:

  /tmp $ command ps -elW|grep 6588
  /tmp $
  --snip
  /tmp $ /bin/kill -f 6588
  kill: couldn't open pid 6340

Windows shown 6588, was still there, so I right clicked on 6588
in sysinternals procexp, and selected properties- at that point
things for the process seemed ordinary to my layman eyes, then I
closed procexp, and process 6588 had vanished!  (I have seen this
before.)

Any ideas/comments, especially about the 'kill: couldn't open pid 6340'?
6340?! ... OK 6340 shows up has the Windows PID for cygwin process 
7260, but I still need help unraveling this. (search this post for 6340)
  
Less importantly, why does '/proc/6588/' exist, when 
`command ps -elW|grep 6588` returns nothing?

--
thanks,
Tom

--v-v------------------C-U-T---H-E-R-E-------------------------v-v-- 
/tmp $ $bw/pidtablecygcheck00
check for cyg-classic-ps unknown processes

check for sysinternals handle id'd cyg processes not shown w/cyg-classic-ps
bash 6588 8 3 76 2500 0:00:00.046 26:18:49.342

check for cygpids not in pslist
 PID   PPID  PGID  WINPID  TTY  UID    STIME COMMAND
 7260  3080  6208  6340      3  15773  Oct 9 <defunct>

checking for Classic PS pids not in /proc:

checking for pids in /proc, not in list of Classic PS pids:

/tmp $ 
--snip
/tmp $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time
bash               6588   8   3   76   2500     0:00:00.046    26:31:31.542
/tmp $ 
--snip
/tmp $ command ps -elW|grep 6588
/tmp $ 
--snip
/tmp $ ls /proc/6588
cmdline  cwd@  exename  gid   pgid  root@  stat   status  winexename
ctty     exe@  fd/      maps  ppid  sid    statm  uid     winpid
--snip
/tmp $ ls -ld /proc/6588/fd
dr-xr-xr-x 2 staffuser1 xyz_staff 0 Oct  9 09:17 /proc/6588/fd/
--snip
/tmp $ /bin/kill -f 6588
kill: couldn't open pid 6340
/tmp $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time
bash               6588   8   3   76   2500     0:00:00.046    26:47:36.944
/tmp $ cd /proc/6588
/proc/6588 $ ll
total 0
dr-xr-xr-x 2 staffuser1 xyz_staff 0 Oct  9 09:17 fd/
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 winpid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 winexename
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 uid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 status
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 statm
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 stat
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 sid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 ppid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 pgid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 maps
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 gid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 exename
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 ctty
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 cmdline
lrwxrwxrwx 1 staffuser1 xyz_staff 0 Oct  10 12:09 root -> <defunct>
lrwxrwxrwx 1 staffuser1 xyz_staff 0 Oct  10 12:09 exe -> <defunct>
lrwxrwxrwx 1 staffuser1 xyz_staff 0 Oct  10 12:09 cwd -> <defunct>
/proc/6588 $ cat uid
15773
/proc/6588 $ grep 15773 /etc/passwd  #grep shows uid is *me*, ie staffuser1
staffuser1:unused_by_nt/2000/xp:15773:16027:scmron tcm,U-DOMxx1\staffuser1,S-1-5-21-1390067357-1202660629-682003330-5773:/home/local/staffuser1:/bin/bash
/proc/6588 $ cd
~ $ 
--snip
~ $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time
bash               6588   8   3   76   2500     0:00:00.046    27:18:29.789
~ $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

process 6588 was not found on OurHost

~ $ : 'the act of looking at 6588 w/procexp (the properties) when I rdp-ed in'
~ $ : 'to OurHost as adm_usr1, resulted in the process disappearing!'



More information about the Cygwin-talk mailing list