Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Unknown process takes over

Posted on 2004-03-30
Medium Priority
Last Modified: 2010-04-20
My system is taken over by a process a couple times a day for 3 minutes or so.  When its happening, I look at the system monitor and i see some cpu usage with enormous amounts of memory usage.

I checked for viruses, nothing.  I really can't do much while its happening, so i just sit it out.  Its really annoying.  

Is there anyway to tell what is happening, and possibly prevent it, or at least schedule it?

I'm using RedHat 9.0 and KDE.  
Question by:omom
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +2
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10715441
Run a terminal window with top that you display on your screen. When this happens again, you should be able to see which process is the one hogging your CPU - that is, if the X display is still getting updated during this slowdown. One other thing you can try is log in remotely and then check the top output. Chances are that even though your system seems to come to a stop, it's mainly the GUI that gets locked out. A remote network connection may still work.
Upgrade to a 2.6.x kernel - they have an improved scheduler, and your X session should not get that unresponsive anymore.

Accepted Solution

Alf666 earned 260 total points
ID: 10715573
When top runs, type in the letter 'M' to sort by memory usage. You should be able to find the memory eating process easier if it does not use much CPU.

lsof -n | grep process_name | grep REG | grep -v lib

This should give you the executable file on your disk.

There's a slight chance it's launched by a cron or an at job.

Most likely, you'll find the crontabs in /var/spool/cron/tabs. DO NOT EDIT BY HAND !

Use crontab -e -u <user_name>

Where <user_name> is the file that contains the offending executable.
LVL 17

Expert Comment

ID: 10718852
At a guess I would think XFS - the xwindows font server to be the problem. The only other thing I can think of which causes behaviour like this is the anacron job which updates the locate database and logrotate.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 10732601
So the process "X" is the culprit i guess, what does this mean?

 08:00:45  up  1:09,  3 users,  load average: 1.51, 0.76, 0.42
101 processes: 100 sleeping, 1 running, 0 zombie, 0 stopped
CPU states:   1.1% user   5.3% system   0.1% nice   0.0% iowait  93.2% idle
Mem:  1030932k av,  575716k used,  455216k free,       0k shrd,   84404k buff
                    378948k actv,   11268k in_d,   16260k in_c
Swap: 1309288k av,     812k used, 1308476k free                  183264k cached

 1095 root      15   0  116M  51M  8156 S     2.3  5.1   9:56   0 X
 1270 root      15   0 51444  49M 22204 S     0.0  4.8   0:56   0 netscape-bin
 2266 root      15   0 21564  21M 15952 S     0.0  2.0   0:01   0 kdeinit
 1307 root      15   0 15040  14M  9048 S     0.0  1.4   0:02   0 evolution-mail
 1259 root      15   0 14060  13M 11192 S     0.0  1.3   0:01   0 kdeinit
 2302 root      15   0 13700  13M 11112 S     0.5  1.3   0:00   0 kdeinit
 1257 root      15   0 13540  13M 10876 S     0.0  1.3   0:01   0 kdeinit

Expert Comment

ID: 10733753
Your memory is fine. Swap is unused (or nearly. Maybe an old sitting process).

X is not the culprit :-)
X is your X-windows server. He is responsible for everything graphics your display on your box. You do not want to kill that :-)

I notice you still use an old netscape version which could easily be replaced by a more recent version of Mozilla.

This does not solve your problem though as nothing bad appears in what you're showing me there.

Your top shows that the system has been a bit loaded for the last minute, but that's it.

We'd need the same stuff, but at the moment when your box is very loaded (when you have your problem).
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10733866
You may want to change the interval that top uses to display it's data to 1 second. To do that, use the "s" key and then type 1 <Enter>

This way, you get more current data.

Assisted Solution

djluff earned 240 total points
ID: 10899130
I'd say it's updatedb. This is run in redhat from /etc/cron.daily/slocate.cron. For permanently online machines, this is set to run in the middle of the night. But for machines that are shut-down over night, it runs when it can while the machine's up.

The next time it is happening check 'top' or do a 'ps -ax| grep updat' and you should see 'updatedb' running. There's an excellent utility for spotting problem processes called wmtop available from www.dockapps.org. It displays the top three CPU using processors in a dock app.

If it is updatedb, or something else run from cron.daily, look in /etc/crontab and change the time that the /etc/cron.daily command is run to a time when the machine is up and running, but idle - like lunchtime.

It causes a lot of thrashing because it checks every file on the system. There's a new schedular in the 2.6 kernel that is supposed to help with things like this.

Author Comment

ID: 10902823
you may be right about updatedb.  In 'top' I did a <shift>-P to arrange by CPU use, and it was at the top.  I'll try the other things you suggest.  

Author Comment

ID: 10904061
none of my cron.* directories contain updatedb.

cron.daily directory contains:
00-logwatch  logrotate rpm         tetex.cron 0anacron makewhatis.cron  slocate.cron  tmpwatch

0anacron  makewhatis.cron


cron.hourly is empty

here is crontab:


# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
LVL 17

Expert Comment

ID: 10904478
makewhatis.cron & slocate.cron are probably to blame.

Author Comment

ID: 10905326
So the format for the crontab file is:
minute hour day month weekday command
which means the its running cron.daily every day at 0402 (4:02 am)?

I'm usually not up at that hour. Does the 'job' get 'queued' when computer is not on?

Expert Comment

ID: 10905703
Sorry, updatedb is run from the slocate script, which is run from cron.daily. If the PC isn't on when the cron.daily job's scheduled (4:02am), the job will be run at some stage after you next boot.

So you can either leave your PC on all night, or change the time. My home PC is on permanently, so I leave it set to 4:02am and don't have the problem. But my work PC is off all night, so I've got it configured to run at 12:45
(45 12 * * * ...). When it cuts in I know it's time to go to lunch!

Author Comment

ID: 10906314
ok, i'm going to try the lunch time schedule and see how that goes:

01 * * * * root run-parts /etc/cron.hourly
30 11 * * * root run-parts /etc/cron.daily
50 11 * * 0 root run-parts /etc/cron.weekly
10 12 1 * * root run-parts /etc/cron.monthly

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question