Solved

Unknown process takes over

Posted on 2004-03-30
13
303 Views
Last Modified: 2010-04-20
My system is taken over by a process a couple times a day for 3 minutes or so.  When its happening, I look at the system monitor and i see some cpu usage with enormous amounts of memory usage.

I checked for viruses, nothing.  I really can't do much while its happening, so i just sit it out.  Its really annoying.  

Is there anyway to tell what is happening, and possibly prevent it, or at least schedule it?

I'm using RedHat 9.0 and KDE.  
0
Comment
Question by:omom
  • 5
  • 2
  • 2
  • +2
13 Comments
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
Comment Utility
Run a terminal window with top that you display on your screen. When this happens again, you should be able to see which process is the one hogging your CPU - that is, if the X display is still getting updated during this slowdown. One other thing you can try is log in remotely and then check the top output. Chances are that even though your system seems to come to a stop, it's mainly the GUI that gets locked out. A remote network connection may still work.
Upgrade to a 2.6.x kernel - they have an improved scheduler, and your X session should not get that unresponsive anymore.
0
 
LVL 9

Accepted Solution

by:
Alf666 earned 65 total points
Comment Utility
When top runs, type in the letter 'M' to sort by memory usage. You should be able to find the memory eating process easier if it does not use much CPU.

lsof -n | grep process_name | grep REG | grep -v lib

This should give you the executable file on your disk.

There's a slight chance it's launched by a cron or an at job.

Most likely, you'll find the crontabs in /var/spool/cron/tabs. DO NOT EDIT BY HAND !

Use crontab -e -u <user_name>

Where <user_name> is the file that contains the offending executable.
0
 
LVL 17

Expert Comment

by:owensleftfoot
Comment Utility
At a guess I would think XFS - the xwindows font server to be the problem. The only other thing I can think of which causes behaviour like this is the anacron job which updates the locate database and logrotate.
0
 

Author Comment

by:omom
Comment Utility
So the process "X" is the culprit i guess, what does this mean?

 08:00:45  up  1:09,  3 users,  load average: 1.51, 0.76, 0.42
101 processes: 100 sleeping, 1 running, 0 zombie, 0 stopped
CPU states:   1.1% user   5.3% system   0.1% nice   0.0% iowait  93.2% idle
Mem:  1030932k av,  575716k used,  455216k free,       0k shrd,   84404k buff
                    378948k actv,   11268k in_d,   16260k in_c
Swap: 1309288k av,     812k used, 1308476k free                  183264k cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
 1095 root      15   0  116M  51M  8156 S     2.3  5.1   9:56   0 X
 1270 root      15   0 51444  49M 22204 S     0.0  4.8   0:56   0 netscape-bin
 2266 root      15   0 21564  21M 15952 S     0.0  2.0   0:01   0 kdeinit
 1307 root      15   0 15040  14M  9048 S     0.0  1.4   0:02   0 evolution-mail
 1259 root      15   0 14060  13M 11192 S     0.0  1.3   0:01   0 kdeinit
 2302 root      15   0 13700  13M 11112 S     0.5  1.3   0:00   0 kdeinit
 1257 root      15   0 13540  13M 10876 S     0.0  1.3   0:01   0 kdeinit
0
 
LVL 9

Expert Comment

by:Alf666
Comment Utility
Your memory is fine. Swap is unused (or nearly. Maybe an old sitting process).

X is not the culprit :-)
X is your X-windows server. He is responsible for everything graphics your display on your box. You do not want to kill that :-)

I notice you still use an old netscape version which could easily be replaced by a more recent version of Mozilla.

This does not solve your problem though as nothing bad appears in what you're showing me there.

Your top shows that the system has been a bit loaded for the last minute, but that's it.

We'd need the same stuff, but at the moment when your box is very loaded (when you have your problem).
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
Comment Utility
You may want to change the interval that top uses to display it's data to 1 second. To do that, use the "s" key and then type 1 <Enter>

This way, you get more current data.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Assisted Solution

by:djluff
djluff earned 60 total points
Comment Utility
I'd say it's updatedb. This is run in redhat from /etc/cron.daily/slocate.cron. For permanently online machines, this is set to run in the middle of the night. But for machines that are shut-down over night, it runs when it can while the machine's up.

The next time it is happening check 'top' or do a 'ps -ax| grep updat' and you should see 'updatedb' running. There's an excellent utility for spotting problem processes called wmtop available from www.dockapps.org. It displays the top three CPU using processors in a dock app.

If it is updatedb, or something else run from cron.daily, look in /etc/crontab and change the time that the /etc/cron.daily command is run to a time when the machine is up and running, but idle - like lunchtime.

It causes a lot of thrashing because it checks every file on the system. There's a new schedular in the 2.6 kernel that is supposed to help with things like this.
0
 

Author Comment

by:omom
Comment Utility
you may be right about updatedb.  In 'top' I did a <shift>-P to arrange by CPU use, and it was at the top.  I'll try the other things you suggest.  
0
 

Author Comment

by:omom
Comment Utility
none of my cron.* directories contain updatedb.

cron.daily directory contains:
00-logwatch  logrotate rpm         tetex.cron 0anacron makewhatis.cron  slocate.cron  tmpwatch

cron.weekly:
0anacron  makewhatis.cron

cron.montly:
0anacron  

cron.hourly is empty

here is crontab:

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
0
 
LVL 17

Expert Comment

by:owensleftfoot
Comment Utility
makewhatis.cron & slocate.cron are probably to blame.
0
 

Author Comment

by:omom
Comment Utility
So the format for the crontab file is:
minute hour day month weekday command
which means the its running cron.daily every day at 0402 (4:02 am)?

I'm usually not up at that hour. Does the 'job' get 'queued' when computer is not on?
 
0
 
LVL 1

Expert Comment

by:djluff
Comment Utility
Sorry, updatedb is run from the slocate script, which is run from cron.daily. If the PC isn't on when the cron.daily job's scheduled (4:02am), the job will be run at some stage after you next boot.

So you can either leave your PC on all night, or change the time. My home PC is on permanently, so I leave it set to 4:02am and don't have the problem. But my work PC is off all night, so I've got it configured to run at 12:45
(45 12 * * * ...). When it cuts in I know it's time to go to lunch!
0
 

Author Comment

by:omom
Comment Utility
ok, i'm going to try the lunch time schedule and see how that goes:

01 * * * * root run-parts /etc/cron.hourly
30 11 * * * root run-parts /etc/cron.daily
50 11 * * 0 root run-parts /etc/cron.weekly
10 12 1 * * root run-parts /etc/cron.monthly
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now