Ubuntu
chkrootkit package

chkrootkit cron job went nuts, spawned 14 instances and consumed nearly 90% of my ram

Bug #828437 reported by Jeff Lane 
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chkrootkit (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Walked away for a while and returned to find my system almost unusable. Something was causing the DISK I/O to go through the roof, the system constantly waiting, making it, as I said, almost unusable.

On some investigation, top indicated that egrep was consuming 6.7 GB of actual memory (of 8 GB total system RAM). Looking at the output of 'ps axf' showed 14 instances of chkrootkit and egrep's

My system being DOS'd locally by chkrootkit... the irony is not lost on me.

No idea why this happened, or even where to start wtih it, but I thought I'd at least open a bug and report what I could... but I had to reboot the system the hard way before I could even do that.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: chkrootkit 0.49-4ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-10.46-generic 2.6.38.7
Uname: Linux 2.6.38-10-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Wed Aug 17 20:34:52 2011
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
ProcEnviron:
 LANGUAGE=en_US:en
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: chkrootkit
UpgradeStatus: Upgraded to natty on 2011-06-03 (75 days ago)

Revision history for this message
Jeff Lane  (bladernr) wrote :
Revision history for this message
Jeff Lane  (bladernr) wrote :

This is a batch mode output from top, showing the egrep process consuming 6.7GB of my RAM...

Revision history for this message
Jeff Lane  (bladernr) wrote :

this is a capture of ps axf before rebooting the system to make it usable again. Notice the 14 instances of egrep spawned by chkrootkit.

Revision history for this message
Jeff Lane  (bladernr) wrote :

Also, this might actually be an issue created by tiger, rather than chkrootkit itself...

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for taking the time to submit this bug. It does seem from the
ps forest output that tiger is the initial problem.

Is this easily reproducible with tiger? If so, if you run chkrootkit
without tiger, does it work fine?

(If so, we know where to start looking and we should retarget the bug)

Changed in chkrootkit (Ubuntu):
importance: Undecided → Medium
status: New → Incomplete
Revision history for this message
Jeff Lane  (bladernr) wrote :

Serge: at the moment, no. I can't manually reproduce it. However, I left the machine sitting over night and came back this morning to find that it was stuck yet again, this time, the egrep process was using 7.1GB of 8GB, but PS only showed 2 instances running...

I'm currently running tiger manually to see if it's tiger itself, or something related to running via CRON. after the manual run, I'll try running the commands from the cron scripts manually and see if that recreates the issue.

Revision history for this message
Jeff Lane  (bladernr) wrote :

forgot to reset to new when I added my update.

Changed in chkrootkit (Ubuntu):
status: Incomplete → New
Revision history for this message
Jeff Lane  (bladernr) wrote :

Over a year old, never addressed. Closing.
 I think it eventually went away so probably fixed.

Changed in chkrootkit (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.