EricNelson Posted May 21, 2015 Share Posted May 21, 2015 The screenshot shows two almost identical controllers. I wasn't able to connect to the 192.168.135.26 controller through composer, but I could connect through putty, and I found that 90% of the CPU was being taken up by the Director and two '-sh' commands. Does anyone have an idea of what would cause this? Or what the -sh means?These are both HC250s with approximately the same amount of switches, contact sensors, and motion sensors connected. Thanks!Eric Link to comment Share on other sites More sharing options...
pstuart Posted May 21, 2015 Share Posted May 21, 2015 Is either port forwarded? Has the root password changed? Does it persist after reboot? Link to comment Share on other sites More sharing options...
EricNelson Posted May 21, 2015 Author Share Posted May 21, 2015 Excuse my ignorance, Is the port forwarding something that would be done on the router that it's connected to? Or something from the controller? I didn't set up the network, but it is possible that someone configured port forwarding on a router. The root password is still t0talc0ntr0l4!I've rebooted this device more than 10 times and also tried 'sysman restart'. It rarely shows up in the composer controller list, is never able to connect, and has the same CPU usage Thanks! Link to comment Share on other sites More sharing options...
rosenqui Posted May 21, 2015 Share Posted May 21, 2015 On Unix/Linux that normally means it's a login shell, i.e., a /bin/sh process running interactively. The shell changes its behaviour a bit when run interactively vs. executing a script. It only reads ~/.profile or ~/.login when interactive for example. Try running "ps -ef" and see what tty those processes are using. You can use "last" or "who" to see what the system reports for interactive sessions. On Linux you can get a lot of good info by looking around in /proc/<pid>, so /proc/8968 in the case of your screenshot. Link to comment Share on other sites More sharing options...
EricNelson Posted May 21, 2015 Author Share Posted May 21, 2015 So if the -sh is a login shell, why would 192.168.135.26 have two of them running at 30%? And the other controller (despite being logged into) not have the -sh process? running ps -ef :~# ps -ef PID USER VSZ STAT COMMAND 1 root 2000 S init 2 root 0 SW [kthreadd] 3 root 0 SW [ksoftirqd/0] 4 root 0 SW [watchdog/0] 5 root 0 SW [events/0] 6 root 0 SW [khelper] 10 root 0 SW [async/mgr] 138 root 0 SW [sync_supers] 140 root 0 SW [bdi-default] 142 root 0 SW [kblockd/0] 151 root 0 SW [omap2_mcspi] 162 root 0 SW [ksuspend_usbd] 166 root 0 SW [khubd] 175 root 0 SW [twl4030-irqchip] 176 root 0 SW [twl4030-irq] 208 root 0 SW [kmmcd] 226 root 0 SW [musb_hdrc] 234 root 0 SW [khungtaskd] 235 root 0 SW [kswapd0] 236 root 0 SW [aio/0] 237 root 0 SW< [kslowd000] 238 root 0 SW< [kslowd001] 239 root 0 SW [crypto/0] 245 root 0 SW [crypto] 246 root 0 SW [crypto_ret] 247 root 0 SW [dsi] 453 root 0 SW [mtdblockd] 536 root 0 SW [usbhid_resumer] 562 root 0 SW [mmcqd] 584 root 0 SWN [jffs2_gcd_mtd4] 589 root 0 SWN [jffs2_gcd_mtd10] 683 root 0 SW [jbd2/mmcblk0p1-] 684 root 0 SW [ext4-dio-unwrit] 688 root 0 SW [jbd2/mmcblk0p2-] 689 root 0 SW [ext4-dio-unwrit] 1059 root 0 SW [tps2533_work/0] 1097 root 1528 S /control4/bin/watchdogd 1406 root 1764 S /usr/sbin/atftpd --daemon --user root root /control4/ 1519 root 2000 S /bin/sh /control4/bin/sysmand-wrapper 1520 root 2000 S init 1529 root 6448 S /control4/bin/sysmand --from-init 1574 root 2000 S /bin/sh /control4/bin/net-watchdog 1689 root 25564 S upmand 1757 root 44548 S /sbin/syslogd -x -i /var/run/syslogd.pid 1831 root 2444 S /usr/sbin/dropbear -P /var/run/dropbear.pid 1832 root 2004 S -sh 1969 root 1868 S sleep 20 1970 root 2004 R ps -ef 8968 root 2004 R -sh28953 root 2004 R -sh29012 root 2000 S crond29018 root 1984 S lighttpd -f /etc/lighttpd.conf -m /lib/lighttpd29019 root 8508 S c4server29020 root 8716 S /control4/bin/c4perfd29034 root 13180 S < audioserver29035 root 11260 S ioserver29036 root 3020 S /control4/bin/sddpd29045 root 8756 S netusbserver29051 root 3472 S /usr/sbin/nmbd -D29063 root 5908 S /usr/sbin/smbd -D29073 root 8828 S upslaved29080 root 5908 S /usr/sbin/smbd -D29097 root 22648 S /control4/bin/rhapServer29103 root 11092 S zap -d29113 root 5600 S /usr/sbin/snmpd -c /etc/snmp/snmpd.conf.local -Ln -p29119 root 47240 S zserver2 -d29121 root 11096 S driverwizd29161 root 37420 S N /control4/bin/c4lookup29338 root 109m R director29390 root 6448 S /control4/bin/sysmand --from-init29461 root 3068 S /usr/sbin/ntpd -g -p /var/run/ntpd.pid29498 root 3068 S /usr/sbin/ntpd -g -p /var/run/ntpd.pid29787 root 2212 S /usr/sbin/dropbear -P /var/run/dropbear.pid~# running "/proc/8968" returns: -sh: /proc/8968: Permission denied Link to comment Share on other sites More sharing options...
rosenqui Posted May 21, 2015 Share Posted May 21, 2015 Don't try to run /proc/8968, it's the root directory of a virtual file system that gives you a bunch of info about PID 8968. Run "ls -l /proc/8968" and you'll see folders like "fd" which shows you all of the open file descriptors, /proc/8968/net/tcp which you can read (via "cat /proc/8968/net/tcp") to see PID 8968's current TCP connections, etc. More info on goodies found under /proc is here: http://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html The shell could be running a script that's looping, or it could be stuck trying to clean up a disconnected ssh connection. Running "cat -v /proc/8968/cmdline" might tell you a bit more, but most likely you'll just see "-sh^@" Link to comment Share on other sites More sharing options...
EricNelson Posted May 21, 2015 Author Share Posted May 21, 2015 Running "ls -l /proc/8968" : ~# ls -l /proc/8968-r-------- 1 root root 0 Sep 20 23:52 auxv--w------- 1 root root 0 Sep 20 23:52 clear_refs-r--r--r-- 1 root root 0 Sep 12 01:34 cmdline-rw-r--r-- 1 root root 0 Sep 20 23:52 comm-rw-r--r-- 1 root root 0 Sep 20 23:52 coredump_filterlrwxrwxrwx 1 root root 0 Sep 20 23:52 cwd -> /-r-------- 1 root root 0 Sep 20 23:52 environlrwxrwxrwx 1 root root 0 Sep 12 01:34 exe -> /bin/busyboxdr-x------ 2 root root 0 Sep 12 01:31 fddr-x------ 2 root root 0 Sep 20 23:52 fdinfo-r-------- 1 root root 0 Sep 20 23:52 limits-r--r--r-- 1 root root 0 Sep 20 23:52 maps-rw------- 1 root root 0 Sep 20 23:52 mem-r--r--r-- 1 root root 0 Sep 20 23:52 mountinfo-r--r--r-- 1 root root 0 Sep 20 23:52 mounts-r-------- 1 root root 0 Sep 20 23:52 mountstatsdr-xr-xr-x 3 root root 0 Sep 20 23:52 net-rw-r--r-- 1 root root 0 Sep 20 23:52 oom_adj-r--r--r-- 1 root root 0 Sep 20 23:52 oom_score-r-------- 1 root root 0 Sep 20 23:52 pagemap-r-------- 1 root root 0 Sep 20 23:52 personalitylrwxrwxrwx 1 root root 0 Sep 20 23:52 root -> /-r--r--r-- 1 root root 0 Sep 20 23:52 smaps-r--r--r-- 1 root root 0 Sep 12 01:34 stat-r--r--r-- 1 root root 0 Sep 20 23:52 statm-r--r--r-- 1 root root 0 Sep 20 23:52 statusdr-xr-xr-x 3 root root 0 Sep 20 23:52 task-r--r--r-- 1 root root 0 Sep 20 23:52 wchan~#So September 20th was a bad day for this controller haha? Also September 12th is my birthday, am I being haunted by C4 Demons? Daemons?But seriously all of this information is cool to see. But how would I identify a script that is looping? How would I stop it?Thanks!ps: Running "cat -v /proc/8968/cmdline" gave me -sh^@ (or similar) Link to comment Share on other sites More sharing options...
EricNelson Posted May 21, 2015 Author Share Posted May 21, 2015 I fixed my problem by killing everything that got in my way. I ran:'kill -sigkill 8968' 'kill -sigkill 28953' ...for the '-sh' and then finally for the director with a pid of 29338 'kill -sigkill 29338'Eventually the director restarted (the -sh process didn't restart) and then the controller appeared on the composer list normally, and now everything works. Thanks for the help everyone! Link to comment Share on other sites More sharing options...
msgreenf Posted May 21, 2015 Share Posted May 21, 2015 I would recommend not sshing into the controller and killing process if you don't know what you are doing Sent from my XT1060 using Tapatalk Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.