/bin/kill -f WINPID; for a rogue cygwin process?

/bin/kill -f WINPID; for a rogue cygwin process?

[Tom Rodman]

There may not be enough info in this post, also it pertains to
an old cygwin release( 1.5.20s(0.155/4/2) 20060403 13:33:45 ).
I'm hoping it will be tolerated in cygwin-talk.

I have been trying to understand how to clean up rogue cygwin
processes that appear after days or weeks of uptime ( and many
cron jobs ) - defunct and "unknown" processes for example.
"pidtablecygcheck00" is a simple bash script that uses cygwin ps,
and /proc, and sysinternals: pslist and 'handle cygwin' - output;
it compares/joins their reports.  I show that script's output,
since it may help, but the script is not the point...

The question I have concerns the "/bin/kill -f" shown in the bash
session record on a windows 2003 server w/hostname "OurHost",
below my sig.  Windows pid 6588 was a bash.exe process, that did
not show up in 'ps -elW', so I thought I should cleanup:

  /tmp $ command ps -elW|grep 6588
  /tmp $
  --snip
  /tmp $ /bin/kill -f 6588
  kill: couldn't open pid 6340

Windows shown 6588, was still there, so I right clicked on 6588
in sysinternals procexp, and selected properties- at that point
things for the process seemed ordinary to my layman eyes, then I
closed procexp, and process 6588 had vanished!  (I have seen this
before.)

Any ideas/comments, especially about the 'kill: couldn't open pid 6340'?
6340?! ... OK 6340 shows up has the Windows PID for cygwin process 
7260, but I still need help unraveling this. (search this post for 6340)
  
Less importantly, why does '/proc/6588/' exist, when 
`command ps -elW|grep 6588` returns nothing?

--
thanks,
Tom

--v-v------------------C-U-T---H-E-R-E-------------------------v-v-- 
/tmp $ $bw/pidtablecygcheck00
check for cyg-classic-ps unknown processes

check for sysinternals handle id'd cyg processes not shown w/cyg-classic-ps
bash 6588 8 3 76 2500 0:00:00.046 26:18:49.342

check for cygpids not in pslist
 PID   PPID  PGID  WINPID  TTY  UID    STIME COMMAND
 7260  3080  6208  6340      3  15773  Oct 9 <defunct>

checking for Classic PS pids not in /proc:

checking for pids in /proc, not in list of Classic PS pids:

/tmp $ 
--snip
/tmp $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time
bash               6588   8   3   76   2500     0:00:00.046    26:31:31.542
/tmp $ 
--snip
/tmp $ command ps -elW|grep 6588
/tmp $ 
--snip
/tmp $ ls /proc/6588
cmdline  cwd@  exename  gid   pgid  root@  stat   status  winexename
ctty     exe@  fd/      maps  ppid  sid    statm  uid     winpid
--snip
/tmp $ ls -ld /proc/6588/fd
dr-xr-xr-x 2 staffuser1 xyz_staff 0 Oct  9 09:17 /proc/6588/fd/
--snip
/tmp $ /bin/kill -f 6588
kill: couldn't open pid 6340
/tmp $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time
bash               6588   8   3   76   2500     0:00:00.046    26:47:36.944
/tmp $ cd /proc/6588
/proc/6588 $ ll
total 0
dr-xr-xr-x 2 staffuser1 xyz_staff 0 Oct  9 09:17 fd/
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 winpid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 winexename
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 uid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 status
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 statm
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 stat
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 sid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 ppid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 pgid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 maps
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 gid
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 exename
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 ctty
-r--r--r-- 1 staffuser1 xyz_staff 0 Oct  10 12:09 cmdline
lrwxrwxrwx 1 staffuser1 xyz_staff 0 Oct  10 12:09 root -> <defunct>
lrwxrwxrwx 1 staffuser1 xyz_staff 0 Oct  10 12:09 exe -> <defunct>
lrwxrwxrwx 1 staffuser1 xyz_staff 0 Oct  10 12:09 cwd -> <defunct>
/proc/6588 $ cat uid
15773
/proc/6588 $ grep 15773 /etc/passwd  #grep shows uid is *me*, ie staffuser1
staffuser1:unused_by_nt/2000/xp:15773:16027:scmron tcm,U-DOMxx1\staffuser1,S-1-5-21-1390067357-1202660629-682003330-5773:/home/local/staffuser1:/bin/bash
/proc/6588 $ cd
~ $ 
--snip
~ $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time
bash               6588   8   3   76   2500     0:00:00.046    27:18:29.789
~ $ pslist 6588

PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Process information for OurHost:

process 6588 was not found on OurHost

~ $ : 'the act of looking at 6588 w/procexp (the properties) when I rdp-ed in'
~ $ : 'to OurHost as adm_usr1, resulted in the process disappearing!'

Re: /bin/kill -f WINPID; for a rogue cygwin process?

[Igor Peshansky]

On Fri, 7 Dec 2007, Tom Rodman wrote:

> There may not be enough info in this post, also it pertains to
> an old cygwin release( 1.5.20s(0.155/4/2) 20060403 13:33:45 ).
> I'm hoping it will be tolerated in cygwin-talk.
>
> I have been trying to understand how to clean up rogue cygwin
> processes that appear after days or weeks of uptime ( and many
> cron jobs ) - defunct and "unknown" processes for example.
> "pidtablecygcheck00" is a simple bash script that uses cygwin ps,
> and /proc, and sysinternals: pslist and 'handle cygwin' - output;
> it compares/joins their reports.  I show that script's output,
> since it may help, but the script is not the point...
>
> The question I have concerns the "/bin/kill -f" shown in the bash
> session record on a windows 2003 server w/hostname "OurHost",
> below my sig.  Windows pid 6588 was a bash.exe process, that did
> not show up in 'ps -elW', so I thought I should cleanup:
>
>   /tmp $ command ps -elW|grep 6588
>   /tmp $
>   --snip
>   /tmp $ /bin/kill -f 6588
>   kill: couldn't open pid 6340
>
> Windows shown 6588, was still there, so I right clicked on 6588
> in sysinternals procexp, and selected properties- at that point
> things for the process seemed ordinary to my layman eyes, then I
> closed procexp, and process 6588 had vanished!  (I have seen this
> before.)
>
> Any ideas/comments, especially about the 'kill: couldn't open pid 6340'?
> 6340?! ... OK 6340 shows up has the Windows PID for cygwin process
> 7260, but I still need help unraveling this. (search this post for 6340)
>
> Less importantly, why does '/proc/6588/' exist, when
> `command ps -elW|grep 6588` returns nothing?

FWIW, I've seen Process Explorer itself occasionally hold on to process
handles and memory...  When I quit Process Explorer, the process count
went down and the memory was released.  Could that be the explanation
here?
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_	    pechtcha@cs.nyu.edu | igor@watson.ibm.com
ZZZzz /,`.-'`'    -.  ;-;;,_		Igor Peshansky, Ph.D. (name changed!)
     |,4-  ) )-,_. ,\ (  `'-'		old name: Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"That which is hateful to you, do not do to your neighbor.  That is the whole
Torah; the rest is commentary.  Go and study it." -- Rabbi Hillel

Re: /bin/kill -f WINPID; for a rogue cygwin process?

[Tom Rodman]

On Mon 12/10/07 14:07 EST The Cygwin-Talk Maiming List wrote:
> On Fri, 7 Dec 2007, Tom Rodman wrote:
--snip
> > I have been trying to understand how to clean up rogue cygwin
> > processes that appear after days or weeks of uptime ( and many
> > cron jobs ) - defunct and "unknown" processes for example.
> > "pidtablecygcheck00" is a simple bash script that uses cygwin ps,
> > and /proc, and sysinternals: pslist and 'handle cygwin' - output;
> > it compares/joins their reports.  I show that script's output,
> > since it may help, but the script is not the point...
> >
> > The question I have concerns the "/bin/kill -f" shown in the bash
> > session record on a windows 2003 server w/hostname "OurHost",
> > below my sig.  Windows pid 6588 was a bash.exe process, that did
> > not show up in 'ps -elW', so I thought I should cleanup:
> >
> >   /tmp $ command ps -elW|grep 6588
> >   /tmp $
> >   --snip
> >   /tmp $ /bin/kill -f 6588
> >   kill: couldn't open pid 6340

My hunch- once a cygwin process no longer shows up in `ps -elW`,
one should use a non-cygwin approach to kill it.  Over the last
several years I've been using cygwin '/bin/kill -f' in an ssh
session to kill both windows and non windows processes ( that the
user in the ssh session owns ) with good results.  I plan to stop
this approach and use sysinternals 'pskill' unless I'm dealing w/a
normal cygwin process.

> > Windows shown 6588, was still there, so I right clicked on 6588
> > in sysinternals procexp, and selected properties- at that point
> > things for the process seemed ordinary to my layman eyes, then I
> > closed procexp, and process 6588 had vanished!  (I have seen this
> > before.)

> > Any ideas/comments, especially about the 'kill: couldn't open pid 6340'?
> > 6340?! ... OK 6340 shows up has the Windows PID for cygwin process
> > 7260, but I still need help unraveling this. (search this post for 6340)

somewhat related?:  
  http://cygwin.com/ml/cygwin/2003-10/msg00169.html
  http://www.cygwin.com/ml/cygwin/2000-06/msg00156.html

> > Less importantly, why does '/proc/6588/' exist, when
> > `command ps -elW|grep 6588` returns nothing?
> 
> FWIW, I've seen Process Explorer itself occasionally hold on to process
> handles and memory...  When I quit Process Explorer, the process count
> went down and the memory was released.  Could that be the explanation
> here?

Thanks Igor, but the 6588 bash.exe process was there for (hours?)
prior to me right clicking on it w/Process Explorer; I started
(the only instance of) Process Explorer just prior to right
clicking the process.

The fact that the process vanished was interesting, but my main question
is why did 'kill' want to open pid 6340?

--
thanks,
Tom

RE: /bin/kill -f WINPID; for a rogue cygwin process?

[Dave Korn]

On 11 December 2007 19:45, Tom Rodman wrote:


> The fact that the process vanished was interesting, but my main question
> is why did 'kill' want to open pid 6340?

  Couple of data points:

a)  Windows PID != Cygwin PID.  (Although they are generally the same, it isn't
an absolute).

b)  Cygwin sometimes keeps a dummy cygwin PID and process details hanging around
after the real win32 process has died; for example, if a parent process is going
to wait4() on the defunct child.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....