Testdisk progress - I didn't start it

Using TestDisk to repair the filesystem
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
Deneb
Posts: 1
Joined: 24 Jul 2018, 15:14

Testdisk progress - I didn't start it

#1 Post by Deneb »

Hello,

I've searched several forums and haven't seen similar problems. I'm a beginner in debian, but always eager to learn.
- I using a Debian 9 Stretch x64, Xfce, installed from iso debian 9.0.1,
- Testdisk 7.0-3 (stable). All my reps are stable.

Process "testdisk" ran for more than 36 hours now, I didn't start it, but I don't want any problems.
My problems and answers I seek:

1. Don't know how to check it's progress
how long should I let it running? 3 days? a week ? It's a 250GB HDD,

2. Don't know where can I see its current log/results

3. Don't know if it's worth running (does it just scan or scan + repair /recover). how can check this?




All this time my notebook is running with 62-66 centigrade since testdisk is scanning my HDD.
Usually it's 44-48 deg with normal usage. I've never exceeded 62 deg before.
It's Core2Duo 2.1 GHz, T8100. I have 4GB RAM.

Testdisk is using 48-52% of my CPU resources, one core out of two is always busy
Setting "very low priority" in task manager doesn't lower the CPU usage.

- I guess this process can't be saved or stopped, system shut down and then resumed exactly from same area?
Could it?



My HDD is 250 GB, 5400 rpm, GUID Partition table, mostly ext4 partitions.
- how long do you expect it could run?

Yesterday, few times my system got suspended (automatically after 15 minutes),
- can I assume this didn't make this testdisk scan got broken or anything?

- While testdisk is scanning, Is it safe to use Firefox with disabled disk cache ?
Are you absolutely discouraging to use this system now ?




Testdisk log file know to me should be in:
/home/user1/testdisk.log
This file wasn't modified since 2018-01-24. That's not current version.
I'm looking for info from a running testdisk, is it stored only in RAM ?
- How could I read it?



Testdisk was starting on it's own many times during last 30 days, I didn't have time, didn't let it finish, I was shutting down system or killing the process.

Half a year ago in my user folder I've notices that "Documents", "Pictures", "Downloads" and similar folders were just gone. Still I can't see them, can't "locate" them. All folders starting with a captal letter. I see only folders starting with a dot, and the Desktop folder. I was planing to recover it and to look into it, I was planning to undelete them using testdisk. Clamav didn't find anything wrong.
I've copied content of user directory and /var/logs from that time (January 2018), but didn't have time to look into it.
I'd like to recover them, sure, do you think it' still possible. My system was writing it's files in that partition every day, though nothing really big, I still have 4 GB of empty space on this partition.

I don't know if that was related to the current testdisk problem.
I'd appreciate any answer or advice for my problems.






testdisk PID = 14431

cat /proc/14431/cmdline
testdisk


cat /proc/14431/stat
14431 (testdisk) R 1719 1630 1630 0 -1 4194304 259 0 9 0 8726613 719272 0 0 20 0 1 0 12548678 26759168 769 18446744073709551615 94207767216128 94207767604036 140727813676928 0 0 0 0 0 134758403 0 0 0 17 1 0 0 17 0 0 94207769704104 94207769715120 94207775514624 140727813684134 140727813684143 140727813684143 140727813685222 0

cat /proc/uptime
285411.77 103430.10


ps -o lstart= -p 14431
Sun Jul 22 19:12:18 2018
- There's nothing in messages around that time.
- It's possible that was the start of this process , then system was suspended for the first night.
However, it's running nonstop for the last last 30h.




The only file in /var/log where I fing testdisk is /var/log/auth.log.1

Jul 22 20:02:33 kanopus sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/0 ruser=user1 rhost= user=user1
Jul 22 20:02:36 kanopus sudo: pam_unix(sudo:auth): conversation failed
Jul 22 20:02:36 kanopus sudo: pam_unix(sudo:auth): auth could not identify password for [user1]
Jul 22 20:02:36 kanopus sudo: user1 : user NOT in sudoers ; TTY=pts/0 ; PWD=/home/user1 ; USER=root ; COMMAND=/usr/bin/testdisk







testdisk /version
Version: 7.0
Compiler: GCC 6.2
ext2fs lib: 1.43.4, ntfs lib: libntfs-3g, reiserfs lib: none, ewf lib: none, curses lib: ncurses 6.0
OS: Linux, kernel 4.9.0-7-amd64 (#1 SMP Debian 4.9.110-1 (2018-07-05)) x86_64

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.5 (stretch)
Release: 9.5
Codename: stretch

uname -a
Linux kanopus 4.9.0-7-amd64 #1 SMP Debian 4.9.110-1 (2018-07-05) x86_64 GNU/Linux

xfce4-panel --version
xfce4-panel 4.12.1 (Xfce 4.12)





ls -ltra /proc/14431/
total 0
dr-xr-xr-x 196 root root 0 Jul 21 08:20 ..
dr-x------ 2 user1 user1 0 Jul 22 19:12 fd
dr-xr-xr-x 9 user1 user1 0 Jul 22 19:12 .
-r--r--r-- 1 user1 user1 0 Jul 22 19:12 stat
-r--r--r-- 1 user1 user1 0 Jul 22 19:12 cmdline
lrwxrwxrwx 1 user1 user1 0 Jul 23 08:51 exe -> /usr/bin/testdisk
-r--r--r-- 1 user1 user1 0 Jul 23 18:18 status
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 wchan
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 uid_map
-rw-rw-rw- 1 user1 user1 0 Jul 24 15:51 timerslack_ns
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 timers
dr-xr-xr-x 3 user1 user1 0 Jul 24 15:51 task
-r-------- 1 user1 user1 0 Jul 24 15:51 syscall
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 statm
-r-------- 1 user1 user1 0 Jul 24 15:51 stack
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 smaps
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 setgroups
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 sessionid
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 schedstat
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 sched
lrwxrwxrwx 1 user1 user1 0 Jul 24 15:51 root -> /
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 projid_map
-r-------- 1 user1 user1 0 Jul 24 15:51 personality
-r-------- 1 user1 user1 0 Jul 24 15:51 pagemap
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 oom_score_adj
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 oom_score
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 oom_adj
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 numa_maps
dr-x--x--x 2 user1 user1 0 Jul 24 15:51 ns
dr-xr-xr-x 5 user1 user1 0 Jul 24 15:51 net
-r-------- 1 user1 user1 0 Jul 24 15:51 mountstats
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 mounts
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 mountinfo
-rw------- 1 user1 user1 0 Jul 24 15:51 mem
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 maps
dr-x------ 2 user1 user1 0 Jul 24 15:51 map_files
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 loginuid
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 limits
-r-------- 1 user1 user1 0 Jul 24 15:51 io
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 gid_map
dr-x------ 2 user1 user1 0 Jul 24 15:51 fdinfo
-r-------- 1 user1 user1 0 Jul 24 15:51 environ
lrwxrwxrwx 1 user1 user1 0 Jul 24 15:51 cwd -> /home/user1
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 cpuset
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 coredump_filter
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 comm
--w------- 1 user1 user1 0 Jul 24 15:51 clear_refs
-r--r--r-- 1 user1 user1 0 Jul 24 15:51 cgroup
-r-------- 1 user1 user1 0 Jul 24 15:51 auxv
-rw-r--r-- 1 user1 user1 0 Jul 24 15:51 autogroup
dr-xr-xr-x 2 user1 user1 0 Jul 24 15:51 attr



Where should I start looking ?

User avatar
cgrenier
Site Admin
Posts: 5432
Joined: 18 Feb 2012, 15:08
Location: Le Perreux Sur Marne, France
Contact:

Re: Testdisk progress - I didn't start it

#2 Post by cgrenier »

By using lsof, you can know if a log file has been created.
If testdisk is looking for partitions, you should see the cylinder count increase.

Locked