I am encountering an issue with my Docker setup where the kdevtmpfsi process is consuming 100% CPU. Here’s my setup:
I am using a multi-container setup defined in Docker Compose with services for PHP (using PHP 8.2), Nginx, MySQL, and RabbitMQ.
The api_php container is built from the php:8.2-fpm base image and configured with various extensions and Composer.
Other containers like api_mysql, api_nginx, and api_rabbitmq are running fine.
Here’s the problem:
When the api_php container is enabled and running, the kdevtmpfsi process consumes 100% of the CPU.
If I stop or disable the api_php container, the CPU usage immediately drops to normal.
Here’s a snippet of my api_php Dockerfile and Docker Compose configuration:
Dockerfile (PHP)
# Use the official PHP image with PHP 8.2 as the base image
FROM php:8.2-fpm
# Install PHP extensions and dependencies
RUN apt-get update &&
apt-get install -y
libicu-dev
cron
vim
supervisor
git
zip
unzip
imagemagick
libmagickwand-dev
zlib1g-dev
libpng-dev &&
pecl install imagick &&
docker-php-ext-enable imagick &&
docker-php-ext-install pdo_mysql sockets intl gd
# Install Composer
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&
php composer-setup.php --install-dir=/usr/local/bin --filename=composer &&
php -r "unlink('composer-setup.php');"
# Set the environment variables for libsodium
ENV LIBSODIUM_CFLAGS="-I/usr/include/libsodium"
ENV LIBSODIUM_LIBS="-lsodium"
ENV ZLIB_CFLAGS="-I/usr/local/include"
ENV ZLIB_LIBS="-L/usr/local/lib -lz"
ENV PNG_CFLAGS="-I/usr/local/include"
ENV PNG_LIBS="-L/usr/local/lib -lpng"
ENV MAGICKWAND_CONFIG_PATH /usr/bin/MagickWand-config
# Set the working directory in the container
WORKDIR /var/www/html
# Copy the remaining application files to the container
COPY . .
# Expose port 9000 for PHP-FPM
EXPOSE 9000
# Start PHP-FPM
CMD ["php-fpm"]
Docker Compose (relevant portion)
version: '3'
services:
api_nginx:
container_name: "api_nginx"
restart: unless-stopped
image: api_nginx
build:
context: ./docker/nginx
dockerfile: Dockerfile
ports:
- 8081:80
volumes:
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./public:/var/www/html/public
depends_on:
- api_php
networks:
- api_network
api_php:
container_name: "api_php"
restart: unless-stopped
image: "api_php"
build:
context: ./docker/php
dockerfile: Dockerfile
ports:
- "9001:9000"
volumes:
- ./docker/supervisord:/etc/supervisor/conf.d
- .:/var/www/html
command: sh -c "composer install --no-dev --optimize-autoloader && /usr/bin/supervisord"
networks:
- api_network
api_mysql:
container_name: "api_mysql"
restart: unless-stopped
image: api_mysql
build:
context: ./docker/mysql
dockerfile: Dockerfile
command: --default-authentication-plugin=mysql_native_password
env_file:
- docker/mysql/.env
volumes:
- ./docker/mysql/data:/var/lib/mysql
ports:
- 33061:3306
environment:
MYSQL_LOG_BIN_TRUST_FUNCTION_CREATORS: "1"
networks:
- api_network
api_rabbitmq:
container_name: "api_rabbitmq"
restart: unless-stopped
image: "api_rabbitmq"
build:
context: ./docker/rabbitmq
dockerfile: Dockerfile
environment:
RABBITMQ_DEFAULT_USER: *****
RABBITMQ_DEFAULT_PASS: ****
volumes:
- ./docker/rabbitmq/data:/var/lib/rabbitmq/
ports:
- 15001:15672
networks:
- api_network
networks:
api_network:
external: true
I suspect the issue might be due to:
- Malware or a cryptominer (kdevtmpfsi seems suspicious).
- Some misconfiguration in the api_php container leading to abnormal resource usage.
- Here are the steps I’ve taken so far:
Stopped the container to confirm it’s the source of the issue.
Checked system logs for clues but found nothing definitive.
Scanned for any malicious files or processes in the host system and containers.
Questions:
- What could be causing the kdevtmpfsi process to consume so much CPU – when the api_php container is running?
- How can I identify if this is related to malware or a misconfiguration?
- What steps can I take to resolve this issue while ensuring my system and containers remain secure?
Any insights or advice would be greatly appreciated!
I tried the following steps to resolve the issue:
- Rebuild the container: I removed the existing api_php container, rebuilt it, and restarted the setup, hoping it would resolve the high CPU usage caused by the kdevtmpfsi process.
- Scan for malware: I attempted to scan the containers and the host system for any potential malware, particularly targeting the kdevtmpfsi process. I suspected the process could be related to a cryptominer or malicious activity.
- Remove malware: After scanning, I removed any identified malicious files or processes, but the issue keeps coming back, with kdevtmpfsi returning to 100% CPU usage.