0

I have a 40 vcore machine. something happened and it has been running 20 at 100% forever. Htop shows a large number of ./kswapd0 processes. I tried techniques like

echo vm.swappiness=0 | sudo tee -a /etc/sysctl.conf

but nothing helped. Can someone guide thru how to kill off these forever running processes?

bhomass
  • 101
  • It's not clear if you ran `sysctl -p` to apply the changes you made. How much free memory do you have and how much swapping is taking place ? Perhaps this is normal for the resources available ? – user620588 Mar 19 '21 at 08:25
  • You say there are `./kswapd0`. Really with `./`? If that's the case, it's probably a rogue process in disguise like a bitcoin miner. On Linux most kernel threads have a PPID of 2 (which is `kthreadd`) rather than any other value. What's the PPID of your kswapd0 ? If it's not 2, you should have a look at https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server – A.B Mar 19 '21 at 18:20
  • the ppid is anything but 2. I have disabled all but my own account on the system. I followed your link for compromised server, but I am not a ubuntu hack. Don't know how to clean up my system. is there a step by step guide to follow to kill off all these rogue processes? – bhomass May 10 '21 at 18:05

0 Answers0